Windows SSH server

Since Windows 10 1809, OpenSSH client and server are built into Windows. The setup procedure is easier than using Cygwin. RDP (Remote Desktop) over SSH can be significantly more secure than RDP alone, assuming SSH is well configured.

  1. Enable OpenSSH Server: Go to Windows Settings → Apps → Apps & features → Optional features → Add a feature → OpenSSH Server. This also sets Windows Firewall to allow inbound SSH TCP connections. 2 . Edit c:/ProgramData/ssh/sshd_config on the OpenSSH server PC. At least set PasswordAuthentication no to require SSH public key for better security.

  2. A minimal SSH keypair can be created for the SSH client by:

    ssh-keygen -t ed25519 -f ~/.ssh/my_server
    
  3. Copy the contents of client laptop file ~/.ssh/my_server.pub to the Windows SSH server computer, creating or adding a line to file ~/.ssh/authorized_keys. The location of this file is defined in sshd_config as AuthorizedKeysFile. Use a unique key for each connecting client–do not reuse SSH keypairs between servers or clients.

  4. if the user is a Windows Administrator on the OpenSSH server computer, add the SSH public key to c:/ProgramData/ssh/administrators_authorized_keys

  5. Start the SSH server (for this session only) from PowerShell:

    Start-Service sshd
    

    If this gives an error and/or you wish to always start OpenSSH, type services.msc and in Properties of OpenSSH server → General set “Startup Type: Automatic”

  6. As on Linux, the “authorized_keys” file must have the correct file permissions ACL. Run this PowerShell script from Concurrency.com:

  7. now the SSH client should be able to connect to the SSH server. If this doesn’t work, try using SSH locally on the OpenSSH server computer to troubleshoot.

  8. To use RDP (remote desktop) over SSH do this one-step setup

Tips

  • Edit text files from Windows console over SSH in the Terminal by using WSL:

    wsl
    

    then enter commands like nano foo.txt just like in Linux as it’s the WSL shell.

  • Change the default SSH shell. Assuming you have PowerShell 7 on the SSH server, the commands would be like (from pwsh PowerShell):

    New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Program Files\PowerShell\7\pwsh.exe" -PropertyType String -Force
    

Often we have too much data that is still not enough

This example uses the aurora, which is produced around most planetary bodies due to energetic particle kinetics as the particles penetrate the ionosphere. Optical instruments such as cameras give a line integrated measurement for each pixel (angle) of the imagers. This data can be useful for tomographic techniques, when the location and orientation of the camera is well known, and multiple cameras with overlapping field of view exist.

However, this rich data can be greatly supplemented and even superseded by other instruments, especially incoherent scatter radar, where 3-D + time data are available due to volume integrated target returns. Many analyses rely on those thin (~ 0.5 degree FWHM) radar beams to complete an analysis. We rarely know the needed orientation of the radar beams beforehand, and many ISR cannot change the location of their pre-programmed beams. Although as AESA they can steer almost instantaneously within the radar backend processor limits.

This is just a geospace example of like Twitter having too much data, but not enough to gauge individual analyses without additional processing techniques.

Visual Studio 16.7 C11 standard

Visual Studio has gradually added many C99 standard features. The Visual Studio 16.7 public release quietly added the /std:c11 flag. This enables Generic selection for Visual Studio among other C11 standard features.

Fortran logical boolean byte size

Fortran compilers typically use 4 bytes for logical while C compilers usually use 1 byte for bool. For C interoperability, Fortran can use:

use, intrinsic :: iso_c_binding

logical(kind=C_BOOL) :: L
integer :: Q

c_sizeof(L) == 1
c_sizeof(Q) == 4
! typically

while C uses:

#include <stdbool.h>

bool L;

sizeof(L) == 1
# typically

So as usual, use iso_c_binding when using C or C++ with Fortran modules to produce cross-platform compatible projects.

Examples

See standard/logical_kind Fortran and C examples.

Matlab version selection with CMake

Many of our Matlab codes require a modern version of Matlab. There may also be beta Matlab versions we want to avoid with known bugs. It’s possible to select from an arbitrary range of Matlab versions with CMake FindMatlab as follows.

This list selects from Matlab R2020a (9.8) down to R2019a (9.6). You can put Matlab versions in any order you like.

If you want to run the test only for the first Matlab version found in the list, insert break() right after add_test.

foreach(v 9.8 9.7 9.6)
  find_package(Matlab ${v} EXACT COMPONENTS MAIN_PROGRAM)
  if(Matlab_FOUND)
    add_test(NAME matlab-${v} COMMAND ${Matlab_MAIN_PROGRAM} -batch "...")
  endif()
endforeach()

MINGWROOT environment variable

By convention, the environment variable MINGWROOT tells the path to the compiler binaries like gcc.exe.

  • MSYS2: MINGWROOT=C:\msys64\mingw64\bin

This variable may be needed to modify the GNU Octave PATH on Windows when using “system()” calls with executables compiled by MinGW. A similar issues exists on Windows with Matlab and Parallel Computing Toolbox, that provides its own mpiexec.

Here’s a function we created to workaround these issues, saved as file modify_path.m

function prepend = modify_path()
% for Octave on Windows, it's necessary to prepend MinGW path
% when running MinGW-compiled executables
% Also, Matlab with Parallel Toolbox MPIEXEC conflicts with system MPIEXEC,
% so excise from Path
%
% a command is then run like
%
% system([prepend, ' ', 'foo.exe'])

prepend = '';

if ~ispc, return, end

if isoctave && ~isempty(getenv('MINGWROOT'))

  syspath = [getenv('MINGWROOT'), pathsep, getenv('PATH')];
  % setenv('PATH', syspath)  % does not help
  prepend = ['set PATH=', syspath, ' && '];

else

  addons = matlab.addons.installedAddons();
  if ~any(contains(addons.Name, 'Parallel Computing Toolbox'))
    return
  end

  path_orig = split(getenv('PATH'), ';');
  i = contains(path_orig, 'MATLAB');  % Matlab's MPIexec will fail
  path_new = join(path_orig(~i), ';');

  % setenv('PATH', path_new{1}) % does not help
  prepend = ['set PATH=', path_new{1}, ' && '];

end  % if

end % function

Eliminating non-https external links

With a website / blog having thousands of pages and many thousands of external links, it is impractical to check external outbound link quality with any regularity. Informal link checks revealed that non-https:// websites had a substantially higher chance of becoming a defunct site that gets snapped up by spammers and scammers. To help mitigate some of the risk of websites going to unintended destinations, we decided to eliminate almost all non-https external links.

An increasing number of undesired websites are enabling https both to improve SEO and trick visitors. However, this additional friction anecdotally for the external links we’ve seen go bad has so far been rarer for https:// URLs. We have seen https:// sites be replaced by undesired content, but what often happens is the spammer doesn’t bother to setup the certificates correctly, so either the website won’t load if HSTS was used, or there are prominent warnings that the user has to click through.

There’s nothing to stop spammers from correctly setting certificates, but we feel https-only external links currently afford a meaningful benefit.

Upgrade Anaconda for latest Python

Note: it may be necessary to reinstall Anaconda/Miniconda from scratch if packages break during a Python version upgrade. Consider this before attempting an in-place Python upgrade. There is often a couple month delay between a major Python release (e.g. Python 3.7 to Python 3.8) and Anaconda defaulting to this version. We strongly suggest waiting until the new Python version is the default before trying to upgrade, as many packages many be missing or broken until then. A good example of why to wait for default Anaconda Python is Tensorflow that took until May 2020 with Tensorflow 2.2.0 to support Python 3.8 and it wasn’t until late July 2020 that the default Anaconda Python was 3.8.

Given the caveats above, if appropriate it is possible to upgrade to Python 3.x by

conda create -n py3x python=3.x

switch to this environment by

conda activate py3x

GUI advice

For interactive data science GUI applications Jupyter is often used. Legacy hard-coded GUIs using external libraries have considerable overhead to maintain, and suffer bit rot far faster than the underlying code. At the very least, be sure your code is usable from the command line and/or as a plain importable module without requiring a graphics library. In stripped-down cloud / embedded applications, unused graphical imports cause stability problems and considerable startup lag.

WSL2 date time skew error

WSL2 (including with Windows 20H1 2004) is known to have issues with having the WSL clock get hours or days behind actual time after the computer is suspended. This issue was not seen in WSL1, but upon upgrading to WSL2 has been almost immediately apparent to multiple people that reported this issue. This causes errors with build systems (including GNU Make and Ninja) and SSL verification among others.

Workaround

A workaround for this, when it occurs (have to keep doing workaround) is to synchronize the software clock to the onboard hardware clock from WSL Terminal:

sudo hwclock -s

or if suitable from Windows Terminal:

wsl --shutdown

If that doesn’t work, try using NTP from WSL Terminal:

ntpdate time.windows.com

Reference

This issue has been noted at WSL GitHub Issues:

Other issues are linked from those