Warning! Don’t do this if you can’t support eventual breakage and/or your system is critical!

If you wish to keep up with the latest updates to the packages, even if they are not released to the public at large, go to System -> Administration -> Software Source and on the Updates page check Pre-released updates. This allowed me to get Firefox 3 (instead of b5) for example. However be ready to drop down to the terminal and do some apt-get update / apt-get upgrade / dpkg-reconfigure.

For example, here you can find a very exhaustive documentation on installing Qemu and Kqemu (the Kqemu part is the really interesting one).

One interesting part it doesn’t explain is the "-localtime" switch (although it is correctly used in the examples). This switch tells Qemu to set the clock of the virtual machine to the local time rather than the UTC (also known as GMT) time. This is important because Windows and Linux have two different philosophies regarding the meaning of the BIOS (battery powered) clock: Linux thinks that it represents the UTC/GMT time and uses the specified time-zone to calculate the local time from it whenever needed, while Windows (and DOS) thinks that it should represent the local time and uses the time-zone to calculate the GMT time whenever needed (this is why dual-booting is problematic unless both OS’s use a network service to synchronize their time and/or you tweak Linux to set the BIOS clock to the local time). In conclusion: if you are running a Windows/DOS guest with Qemu from Linux, don’t forget to specify the "-localtime" switch.

And the last tip: Qemu recently moved from CVS to SVN. The new checkout command to obtain the source code is:

svn checkout http://svn.savannah.gnu.org/svn/qemu/

or if you are interested just in the trunk (not the branches and tags:

svn checkout http://svn.savannah.gnu.org/svn/qemu/trunk/

In case you don’t have Subversion installed (which is the case by default on Ubuntu) and you are running a Debian based system, it can be resolved with:

sudo apt-get install subversion

Update: changed sv to savannah to be correct (sv seems to deliver a 301 which svn doesn’t seem to handle)

• X (the short term commonly used for X Windows System or X11) – this knowns how to draw some primitive elements (like boxes, text, etc) and to get input (from keyboard, mouse, etc) and also has the primitive notion of windows (rectangular, possibly overlapping areas of the screen), but doesn’t know much more than that (it doesn’t know for example about title bars, how to move windows around, etc)
• The window manager (like Gnome, KDE or XFCE just to name a few) which uses these primitives to draw more advanced widgets (like icon lists for example), provide additional functionality (moving around the windows, minimizing / maximizing them, etc) and other graphical elements (panel elements – aka gadgets – for example)

The communication between these two components is done through sockets with a well defined protocol. Isn’t this inefficient? – one could ask. The answer is – not really, because most of the time (more specifically, when X is running on the same machine as the the window manager, a special kind of socket is used called Unix domain socket. These look like normal sockets in the sense that data I/O is represented by a stream of bytes and it has similar guarantees to TCP (guaranteed, in-order delivery), but is optimized so that the data doesn’t have to flow through the TCP/IP stack twice (once at the sending and once at the receiving end) as it would if you would to use a TCP/IP connection to localhost. Windows has a similar architecture where the GDI functions (which are at a similar abstraction level to X – they only know about lines, rectangles, etc) use an IPC (Intre-Process Communication) mechanism to communicate with the Windows subsystem which in turn calls the display drivers.

The only difference between *nix and Windows is that in Windows this modularization was never made explicit and/or documented. This system means that we can execute the drawing instructions on a remote computer (simply by using a TCP/IP socket instead of a Unix domain socket) and we get a very responsive remote deskop for free. It is responsive because instead of transmitting the bitmap that has to be drawn pixel by pixel, it only transmits the primitive instruction needed to draw it (of course there are corner cases, for example if you’re doing image editing with GIMP).

The simplest to use X for Windows is Xming. To set it up you first need to have SSH access to the computer which will be the target (the one actually running the applications). Again, you can observe the modularity present in *nix systems – reuse existing components, which means faster development (because you don’t have to write it from scratch), better quality (because you don’t have to write something which isn’t your core competency) and easier use (because the user can reuse her/his knowledge of the components when configuring different parts of the system). Also, in the case of a vulnerability a central patch can secure multiple systems (there is reverse of this coin of course: sometimes the user isn’t aware of all the dependencies of such systems, which means that s/he can follow the relevant forums for all of them to stay informed about the needed updates).

There is a nice tutorial over at terminal23.net about setting up the SSH daemon under Ubuntu, complete with advice on how to block brute-force attempts and how to restrict access to a certain subset of IP addresses. I would like to add a couple more things:

• You can (and should – defense in depth is a good thing) restrict the access to your SSH daemon from the firewall too. While the temptation is big to leave it wide open because one never knows when I need to access it from an other network, my experience has been that the number of places where one needs access from is very limited. Give /24 (or /16) subnets access if you’re worried that your IP may change (for example cable providers usually have static IP, but they don’t make this explicit, which means that they can change the IP whenever they wish, but it is very unlikely that they will change it outside of the current /24 range). If you don’t want to play around with iptables, you can use Firestarter to do it graphically (sudo apt-get install firestarter).
• If you have multiple interfaces on your computer (which is not as rare as it was some time ago – for example you could have a wired and a wireless interface. Also you can have VPN pseudo-interfaces) make sure to instruct the SSH daemon to listen only on the interfaces where it’s truly needed. You can do this by editing the /etc/ssh/sshd_config file and specifying the correct ListenAddress directives. You could instruct it to listen on a different port (as an additional security measure). If you do so, do not forget to alter your firewall configuration. Also take into consideration what ports will likely be blocked / allowed in the environments you need access from.
• Do not forget to check if there exists a Protocol 2 directive in your /etc/ssh/sshd_config file and no Protocol 1 or Protocol 1,2. The SSH protocol has two versions: version 1 and version 2. Version 1 was found to have some serious security issues and should not be used unless absolutely necessary (legacy equipment for example). Version 2 of the protocol is well supported by all the mainstream platforms and utilities.

When you finish changing the configuration file of the SSH daemon, don’t forget to issue a sudo /etc/init.d/ssh restart from the command line so that it loads the new configuration file.

Now that SSH is in place, go to the client machine and install Xming. The different install files have the following meaning:

• Current vs Superseeded releases – the model of Xming is to make the latest versions available only to donors. The superseeded releases are a couple of minor versions behind (for example the current version is 6.9.0.40 and the superseeded is 6.9.0.28 as of the moment of writing this) but are accessible to everyone. You can check the releases page to see the difference between the versions, but in practice the superseeded version always worked for me.
• Xming vs. Xming-mesa – Xming uses OpenGL acceleration while Xming-mesa uses a software-only method for drawing. Use Xming unless you have specific problems with it.
• Xming-fonts – when instructions are sent to draw text, it includes just the font names, not the actual font definitions. They are contained in this package. An alternative mentioned on the Xming page is to make the originating computer serve up the fonts through a font-server, however I have no experience doing this.

Now that you have everything installed, use XLaunch to create a new session. If your SSH daemon is listening on a different port, as suggested before, you should specify -P [port number] in the additional parameters for PuTTY or SSH field (these parameters are passed to plink, so you can use any parameter understood by it). If you specify a program to run on startup, I would recommend gnome-terminal if the given system is running Gnome. Once it started, you can launch other programs from it. If you launch GUI programs and are not concerned with their output, append a & after the command (for example firefox-bin &) or launch them in a different tab (you can open multiple tabs in gnome-terminal by pressing Ctrl+Alt+T)

Update: On the netnerds I found the following two alternatives to Xming: X-Win32 (download it for here from here) and Cygwin/X. I haven’t played with them though…

When you issue a command like this:

sudo truecrypt [truecrypt volume] [where to mount it]

You will be greated with the following prompts:

Password: [your password to elevate privileges]
Enter password for '[truecrypt-volume]': [the password to the truecrypt volume]

Now in hindsight it’s clear which password goes where, but I got quite a scare when I thought that I forgot the password to my Truecrypt volume

PS. Some people still claim that the the hardware support from Linux is weak. I can only say to this: I’ve installed on a laptop Windows XP and Ubuntu 7.04. For Windows I’ve had to download drivers on a different computer and install the separately (thank God it knew at least about the USB hub, so that I didn’t had to burn CD’s) while with Ubuntu it recognized everything, including screen at native resolution, network card, special media buttons on the keyboard, etc. Also, when I plugged a cable mode in Ubuntu through USB it recognized it without asking anything!

1. Install the network-manager-pptp package (either by doing sudo apt-get install network-manager-pptp, by using Synaptic or any other way you like)
2. Click on the networking icon and set up your VPN
3. Issue the following commands (the package installation seems to issue at least some of these commands, however I couldn’t get my VPN to connect until I re-issued them):
   

   sudo /etc/dbus-1/event.d/25NetworkManager restart
   sudo /etc/dbus-1/event.d/26NetworkManagerDispatcher restart
   

4. Profit err – I mean happy VPN-ing

While this makes for a much more pleasurable experience for the developer, it makes the software harder to install, because you have to have all its dependencies (the libraries/programs it relies on) and their dependencies and so on. A package management system makes it seamless if you are connected to the internet.

However if you have no access to the internet, under Ubuntu you can export the download instructions to a file, which you can take to a computer connected to the internet and execute it. If the given computer runs Windows, you can still use this file to download the packages, just get WGET for Windows, rename the file such that its name ends with .bat (for example download.bat) and remove the first line (the one which begins with #!)

An alternative to this is hyperget, a new project which aims to make this process even more simple.

1. Download the correct package from Truecrypt (either 32 or 64 bit – you can find out which you need by typing uname -a – if it says i686 you need 32, if it says x86_64 you need 32 bit)
2. In the directory where you downloaded: tar xvf truecrypt-7.0a-linux-x86.tar.gz
3. sudo ./truecrypt-7.0a-setup-x86
4. Click “Install Truecrypt”
5. Launch it from Application -> Accessories or by typing truecrypt
6. If you later want to uninstall truecrypt: sudo /usr/bin/truecrypt-uninstall.sh/code>