As part of our grand "Get-Some-Exercise-Every-Sunday" masterplan, Brenda and I did two more geocaches this afternoon: Hof Espelo and De grenzen van Enschede - 7. The first one was easy, the second one was a rather long walk, we spent a good 4 hours walking in the end, but it was fun and good exercise.

As is common when geocaching, we took a trash bag and collected garbage while we were walking. We found quite some stuff in the woods, but that effort was dwarfed compared to the few km we walked past a state road. Once you start picking up other people's garbage, only then you realize how many completely antisocial assholes must be out there, the toss just about everything right out the side of their car.

In total, I think we collected 6 or 7 full grocery bags of garbage (emptying them whenever we found a garbage container), with a fair selection of all kinds of things: Candy wrappers, plastic bottles, empty cans (almost all of them some brand of energy drink), three gloves, an empty pack of sugar, car and bicycle parts, empty bags, cigarette packs (almost all of them Marlboro...). We even found a ready-to-go sex kit: An empty box of condoms, some empty condom wrappers, some unused condoms out of their wrapper, an unused condom still in its wrapper, and a comfortable (but slightly dirty) sleeping bag! Really...

This morning, I was trying to enable X forwarding, to run applications on my server (where I have GHC available) to my local workstation (where I have an X server running). The standard way to do this, is to use SSH with the -X option. However, this didn't work for me:

mkooijma@ewi1246:~> ssh -X kat
Last login: Wed May 20 13:48:13 2009 from ewi1246.ewi.utwente.nl
matthijs@katherina:~$ xclock
X11 connection rejected because of wrong authentication.

Running ssh with -vvv showed me another hint:

debug2: X11 connection uses different authentication protocol.

It turned out this problem was caused by some weird entries in my .Xauthority file, which contains tokens to authenticate to X servers. The entries in the file can be queried with the xauth command:

matthijs@katherina:~$ xauth list
#ffff##:  MIT-MAGIC-COOKIE-1  00000000000000000000000000000000
#ffff##:  XDM-AUTHORIZATION-1  00000000000000000000000000000000
localhost/unix:10  MIT-MAGIC-COOKIE-1  00000000000000000000000000000000

(I replaced the actual authentication keys with zeroes here). The last entry is the useful one. It is the proxy key added by ssh when I logged in. That is the one it should send over the ssh forwarded X connection (where ssh will replace it with the actual key, this is called authentication spoofing). However, I found that for some reason X clients were sending the XDM-AUTHORIZATION-1 key instead (hence the "different authentication protocol" message), causing the connection to fail.

I've solved the issue by removing the #ffff## entries from the .Xauthority file (but since I couldn't just run xauth remove #ffff#, I turned it around by readding only the one I wanted:

matthijs@katherina:~$ rm ~/.Xauthority
matthijs@katherina:~$ xauth add localhost/unix:10  MIT-MAGIC-COOKIE-1  00000000000000000000000000000000

I'm still not sure what these #ffff## entries do or mean (I suspect xdm has added them, since I am running xdm on this machine), but I've made inquiries on the xorg list.

As a last note: If you want to use X forwarding and enable the GLX protocol extensions for OpenGL rendering, you need to disable security checks in the X forwarding, by running ssh -Y instead of ssh -X.