JMpol

Mac OS X LISP Environment

        Welcome Network SYMBOLICS APPLE Mac OS X LINUX NOKIA PC Literature Workgroup

Mac OS X

The steps regarding the installation and configuration of the software components

building the LISP development environment under Mac OS X are detailed below.

The installation of some components presumes Macports on a Mac being already

installed. Should this not be the case, proceed first with the installation of Macports,

provided in the MacPorts Project Official Homepage, as described in the Macports

Guide.

CLISP - Common LISP implementation for darwin Mac OS X platforms

In order to ensure compatibility and future upgrades, CLISP onto a Mac should be

installed via MacPorts. To install CLISP, start the Terminal App located in the Mac

Utilities folder and execute the following MacPorts command:

$  sudo  port  install  clisp

You will be required to provide the administrator's password and installation will be

made in the folder /opt/local/bin. Following the installation, CLISP can be started in

the Terminal App by invoking the command:

$  clisp

On startup, CLISP initialisation is controlled by the commands made available by

the user in the file /Users/homedir/.clisprc.lisp. As shown in the thumbnail CLISP,

the file .clisprc.lisp on this Mac Pro, includes just one instruction that loads the file

asdf.lisp into CLISPASDF stays for "Another System Definition Facility" and is

available for free. Click asdf.lisp to download the latest release source code from

the ASDF homepage.

Emacs - A GNU implementation for darwin Mac OS X platforms

The installation of GNU Emacs onto a Mac should also be performed via MacPorts

using the command:

$  sudo  port  install  emacs

As shown by the thumbnails Emacs and Aquamacs *scratch*, this way it is possible

to run Emacs both either in a Terminal App by invoking the command:

$  emacs

or as an App for Mac OS X in a more comfortable graphic oriented Emacs shell,

provided by Aquamacs. MacPorts installs Emacs in the folder /opt/local/bin and

Aquamacs is installed in the Mac Utilities folder. Aquamacs can be downloaded for

free from its homepage.

SLIME - An Emacs mode for unifying Common LISP development

Aquamacs is an Aqua-native build of the powerful Emacs text editor. Combined with

SLIME, the Superior Lisp Interaction Mode for Emacs, both Emacs and Aquamacs

provide under Mac OS X an excellent platform for unifying LISP development. Visit

the SLIME homepage to download the current cvs snapshot in tar-file format. Then

unpack the tar-file and move its contents into a folder of your preference, e.g under

/opt/local/share/emacs/site-lisp/slime

Alternatively the latest version of SLIME for CLISP can be installed on Mac darwin

platforms directly via MacPorts by the command:

$  sudo  port  install  slime  +clisp

Note however, that If installed this way, the path to the SLIME directory in the Emacs

init-file provided below must be adapted, as appropriate. Finally, a manual in HTML

format or in pdf explains what SLIME can do and how it shall be used.

With a LISP implementation that can be started from the command-line, e.g CLISP,

SLIME installation just requires the next two lines to be included in the Emacs init-

file.

(setq inferior-lisp-program "/opt/local/bin/clisp")

; path to the LISP system

(add-to-list 'load-path "/opt/local/share/emacs/site-lisp/slime/")  ; SLIME directory

If included, the next two lines tell Emacs that the rest of SLIME should be loaded

automatically, i.e when one of the commands M-x slime or M-x slime-connect is

executed the first time.

(require 'slime-autoloads)

(slime-setup '(slime-fancy))

The thumbnails SLIME REPL - Emacs  and SLIME REPL - Aquamacs, show two

distinct SLIME interaction modes with CLISP under Mac OS X that were started

using as Meta key the ESC key and the left ALT key in a Terminal App running

Emacs and in Aquamacs, respectively.

iMaxima - A computer algebra system deriving from MIT Macsyma

The installation of iMaxima comprises several packages. Except for Emacs which

has already been installed via MacPorts, BasicTex, Ghostscript, Maxima and

Gnuplot should be installed by following detailed Download and Install instructions

provided in the webpage "Easy Install on Mac OS X". This way it will be possible to

run Maxima either in a Terminal App under Emacs or under Aquamacs, and even

as wxMaxima as well as a standalone App combined with Gnuplot. All it has to be

done after installation is to provide the appropriate entries in the Emacs/Aquamacs

init-file for BasicTex, Ghostscript, Gnuplot, Maxima and iMaxima, respectively. For

convenience here is a .emacs init-file to place it in the folder /Users/homedir/. For

details and documentation regarding Maxima itself see the associated homepage

Maxima, a Computer Algebra System.

Thumbnails

The following thumbnails show screenshots made during a session of CLISP, and

of Emacs and Aquamacs, respectively. For convenience, among these thumbnals

also an Emacs Reference Card in pdf  format.

CLISP

started in a Terminal App by the command $ clisp

Emacs

started in a Terminal App by the command $ emacs

Aquamacs *scratch*

first Emacs Buffer available upon Aquamacs start

SLIME REPL-Emacs

CLISP interaction mode in Emacs started by M-x slime

SLIME REPL-Aquamacs

CLISP interaction mode in Aquamacs via M-x slime

Maxima

Maxima session in Emacs started by M-x maxima

AquaTerm 1

Gnuplot produced in the previous Maxima session

iMaxima

iMaxima session in Aquamacs started by M-x imaxima

AquaTerm 2

Gnuplot produced in the previous iMaxima session

Unified Emacs Dev. Env.

Unified Lisp development environment under Emacs

Unif. Aquamacs Dev.Env.

Unified Lisp development environment under Aquamacs

Aquamacs *inferior-lisp*

This is the Inferior LISP message buffer under Aquamacs

Aquamacs foo.lisp

LISP Editor Buffer under Aquamacs defining 3 functions

primefactors.cpp

Example of C++ program development under Aquamacs

Compile C++-Emacs

C++ Buffer and Program Compilation under Emacs

Compile C++-Aquamacs

C++ Buffer and Program Compilation under Aquamacs

OpenSSL - OpenSSL SSL/TLS cryptography library for darwin Mac OS X

OpenSSL is a full-featured and Open Source cryptography toolkit implementing the

Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network

protocols as well as a full-strength general purpose cryptography library. OpenSSL

can be installed onto a Mac for free using the MacPorts command:

$  sudo  port  install  openssl

Among a lot more OpenSSL is used for the creation and management of private

keys, public keys, time stamps and parameters allowing cryptographic operations

using the aforementioned protocols. For details see the OpenSSL homepage.

PuTTY - Telnet and SSH implementation along with xterm emulator

PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms,

along with an xterm terminal emulator. PuTTY can be installed onto a Mac for free

using the MacPorts command:

$  sudo  port  install  putty

With PuTTY, connections to remote server hosts on the intranet may be established

the same way as via SSH or Telnet  provided by Mac OS X.  In particular,  PuTTY

allows client management and configuration under OS X in a comfortable way.

The thumbnail SSH on N900 shows a SSH client running, after a secure login, first

the Maemo kernel 2.6.28.10-power47 in an OS X Terminal App, and then executing

the C-program "helloworld" under Debian Linux in a SSH server on a Nokia N900

tablet.

xterm and X11 Settings

In order to enable an X11 server or a client  running on a remote intranet host to

connect to an xterm App running on a Mac, both the xterm and X11 Apps on the

Mac require configuration settings, as provided below.

Choose Terminal, Preferences, and then click Settings. Select Shell, under Startup

check up Run command and specify in the adjacent field the path to the fonts X11

you wish to use. To avoid adding single hosts separately to the access control list

every time you start X11, e.g via telnet, also include in the command line "xhost +"

and check up the box Run inside shell. I.e in order to connect to Genera running on

a Symbolics machine via X11 insert the following:

xhost  +;  xset  fp+  /usr/X11/share/fonts/genera

This will disable the access control list, allowing clients to connect to xterm on the

Mac from any remote host, and the X11 application to use the fonts provided in the

specified folder, usually PCF fonts, here available for download. Alternatively, you

could allow connections only from particular hosts by specifying their hostnames,

e.g "xhost +venus +mars" and so on.

Next choose X11, Preferences, and click on Input.  Now verify that Enable key

equivalents under X11 is checked up. Then select Security and assure that Allow

connections from network clients and Authenticate connections are both checked

up.

Finally, in order to make use of the right keyboard mapping when running Genera

but with a Mac keyboard, go to System Preferences, choose Keyboard and verify

that the box Use all F1, F2, etc. keys as standard function keys is also checked up.

Genera on OS X !!!

Start the xterm App from within the Mac Utilities folder. Now, because of the xterm

settings made above, also X11 will automatically be launched and in the upcoming

Terminal you will see the following:

$  xhost  +;  xset  fp+  /usr/X11/share/fonts/genera

access control disabled, clients can connect from any host

You can now start a Telnet  session, e.g  to access the Symbolics hosts Venus or

Mars, using the command:

$  telnet  venus

or

$  telnet  mars

In the Terminal App you will see the output shown in the thumbnails Telnet Venus

and Telnet Mars, respectively. In order to connect to Genera, run the "start x screen"

command shown in these thumbnails and enjoy Genera on Venus and Genera on

Mars, respectively.

NFS - Enabling the NFS daemon on a Mac OS X Server platform

When connecting to remote Apps under OS X in a Terminal App it is helpful and

often necessary to use NFS for file management and data exchange between the

OS of the remote host, e.g Genera, and Mac OS X. Since OS X is built on UNIX,

provided OS X Server  is installed and running on your Mac, it is possible to export

data to other hosts on the intranet via NFS an easy way. See Mac OS X Server:

Advanced Administration for details.

All it has to be done is to make available an "exports"  file in the OS X folder /etc,

and to configure it as appropriate, to make any user's directory in the filesystem

remotely accessible. I.e, by the following entry in /etc/exports.

/Users  -alldirs  -network  192.168.0.0  -mask  255.255.0.0  -mapall=user_id

Alternatively, if for example only jm's directory shall by exported, e.g to the hosts

mars, venus and N900, the entry

/Users/jm  -alldirs  mars  venus  n900  -mapall=jm

is more secure and will do the work, provided the aforementioned hostnames can

be resolved, i.e, they are all included together with their IP address in the file /etc/

hosts.

Once configured, either reboot you Mac or just start the NFS daemon and check that

NFS works. I.e, in a Terminal App execute the following:

$  sudo  nfsd  start

Starting the nfsd service

$  sudo  nfsd  status

nfsd service is enabled

nfsd is running (pid 102, 20 threads)

Subsequently, assuming Mac's hostname is macpro, e.g from within a UNIX client,

verify that mount points on macpro are accessible by the following command:

$  sudo  showmount  -e  macpro

Export list for macpro:

/Users/jm  mars, venus, n900

In order to mount  /Users/jm  on a UNIX or LINUX client, e.g a N900 Maemo tablet at

the mount point /mnt, execute the following:

$  sudo  mount  -t  nfs  -o  nolock  macpro:/Users/jm   /mnt

To mount a filesystem exported by another host, e.g a Windows PC running Allegro

NFS, at a mount point /mnt under OS X, do the following:

$  sudo  mount  -t  nfs  hostname:/exported_filesystem   /mnt

When you are done, unmount the filesystem and should NFS be not more required,

stop the NFS daemon by executing the following commands:

$  sudo  umount  /mnt

$  sudo  nfsd  stop

Stopping the nfsd service  (use disable to make permanent)

Should NFS be required again, just execute the command provided below:

$  sudo  nfsd  restart

The nfsd service does not appear to be running.

Starting the nfsd service.

C, C++ - Compiler with integrated source-level debugger for Mac OS X

Beyond Maxima and SLIME, in Mac OS X you can benefit from the integrated

Compiler to compile C and C++ programs both under Emacs and Aquamacs. Use

either the "Emacs/Aquamacs Tools > Compile", which results in a make -k call, or

the "Emacs/Aquamacs Tools > Shell Command", which allows you to launch the

appropriate Compiler C or C++, respectively.

As an example, see buffers primefactors.cpp and *compilation*  in thumnail C++

Compilation - Emacs and C++ Compilation - Aquamacs, respectively  Alternatively,

in OS X you may compile and run C and C++ programs also from within Xcode and

XTerm, using the Clang C, C++, and Objective-C compiler.

Furthermore, using the FFI integrated with CLISP, you can perform in Emacs also

Foreign Function Calls from within CLISP to C or C++. This, however, yields well

beyond the scope of this introductory description.

SSH - Access securely a remote OS X Lisp Development Environment

You can access securely a remote unified OS X Lisp Development Environment

under Emacs, or under Aquamacs if a GUI is required, from another host on the

intranet and even via the Internet, using either only SSH or the built-in capability of

OS X for Virtual Network Computing (VNC), which enables Screen Sharing or, if for

security or GUI availability reasons is required, both VNC combined with SSH, as

described below.

From a host on your own LAN you can access a Mac mini called server via SSH,

invoking the following command from within the OS X Terminal emulator xterm.

$  ssh   -X  User_Id@server

You can then invoke Emacs and use your OS X Lisp Development Environment, as

shown in thumbnail Unified Emacs Development Environment.

Also accessing a Mac OS X screen from another host on the LAN is rather simple. It

only requires to enable Screen Sharing from within OS X System Preferences, as

shown in thumbnail OS X Screen Sharing, specifying a password and appropriate

access privileges. However, if this shall be possible also via the Internet, additional

security measures for data traffic encryption must be taken into consideration.

Assume a situation where you wish to access your OS X Mac mini server at home

from a MacPro or PC workstation in the office, bypassing your company's firewall.

You can do this using a Virtual Network Computing (VNC) client, combined with a

secure tunnel, thus encrypting any data sent over the internet including User Id and

Password, via SSH Local Port Forwarding, as shown for the configuration below.

macpro or PC  <------ Encrypted SSH Tunnel ------>  Mac mini server

To allow access your Mac mini server from another host via SSH, first you should

configure the file /etc/sshd_config on the server, as described in section SSH -

Configure Secure Shell Identification using ssh-keygen in the webpage Genera.

Now, if at office you are using a PC, you may consider to download TightVNC and

the associated driver DFMirage for free and use it as your VNC Viewer on the PC.

Alternatively, you could use RealVNC.

If, however, at office you use a Mac, all you would need to do, besides configuring a

Screen Sharing on server, is to download the TightVNC Java Viewer and use it as

VNC Viewer on the Mac.

Using a Mac

SSH, as part of the BSD General Commands, is included in OS X. Thus when using

a Mac, e.g macpro, you can create an SSH encrypted connection to your Mac mini

server, using your User Id and DNS hostname of your server in the command below

from within the OS X Terminal emulator xterm.

macpro:~ jm$  ssh  -v  -L  5910:localhost:5900  jm@server.jmpol.com

Using the SSH option -v will enable you to control the steps performed to establish

this encrypted connection. The option -L is used to initialise Local Port Forwarding.

Depending on whether your SSH server on server has been configured to require a

passphrase for RSA authentication, you will be requested to enter this passphrase,

as shown in thumbnail SSH Id_RSA Key Request. Now, as shown in the thumbnail

Connection Server to MacPro via SSH Local Port Forwarding, following successful

authentication, a secure connection is established, starting from port localhost:5910

on macpro to the remote listening port localhost:5900, i.e the VNC port on server. In

details, the path of the VNC traffic looks like this:

VNC Client <=> loopback network interface on macpro <=> SSH client on macpro

<=> encrypted SSH tunnel <=> SSHD on server <=> loopback network interface

on Mac mini server <=> VNC Server

Encryption and Decryption of the data traffic is done by the SSH client and SSHD on

server. The bold parts of the path show the encrypted traffic.

Now, once a secure connection has been established via a plain SSH Local Port

Forwarding, instead of pointing your VNC client, i.e the TightVNC Java Viewer on

macpro, to the remote Mac mini server, point it to localhost:5910 or alternatively to

port 127.0.0.1:5910, as shown in thumbnail TightVNC Java Viewer - Connection

Request, and press Connect.

By the TightVNC server you will now be requested to enter the password for VNC

authentication you specified on server in order to enable Screen Sharing, as shown

in TightVNC Authentication Request. This will allow you to Login and start using the

server remotely via encrypted VNC, as shown in the thumbnail TightVNC Server

Screen on MacPro via SSH Local Port Forwarding.

You can now invoke Aquamacs and use your unified Mac OS X Lisp Development

Environment, as shown in thumbnail Unified Aquamacs Development Environment.

Using a PC

A similar way you can establish a secure connection to your remote Mac mini server

starting from a PC outside of your LAN, using PuTTY and the TightVNC Viewer, as

described below.

If not already done, download and install PuTTY and PuTTY gen onto your PC from

within the PuTTY Download Page. In order to generate an RSA authentication key,

launch the program puttygen.exe, and proceed  as follows.

In PuTTY Key Generator > Number of bits in a generated key, enter a number up to

maximum 4096, e.g 2048, as shown in thumbnail PuTTY Key Generator - Number

of bits in a generated key, and press the Generate key.

You will be asked to move the mouse pointer randomly over the blank area of the

PuTTY Key Generator pane, and a key will be generated, as shown in thumbnail

PuTTY Key Generator - Key.

In the fields Key comment, Key passphrase and Confirm passphrase enter values

as appropriate, thus replacing any comment generated by the program, as shown in

thumbnail PuTTY Key Generator - Key comment and passphrase.

Now, press the button Save public key and save the generated RSA key in PuTTY's

home folder as public_key. Then, press Save private key and save it as private_key.

Select the entire RSA key generated in area Public key for pasting into openSSH

authorized_keys file, and copy and paste it into a new text file in your home folder,

e.g in public_key.txt. That is, in notepad, it should appear as a single long line not

including returns, as shown in thumbnail Public RSA authentication key.

Now, in order to enable a Local Port Forwarding between PC and Mac mini server,

both PuTTY on the PC and the server must be configured, and use the generated

RSA authentication key, as appropriate.

To configure PuTTY, launch the program putty.exe, select Connection > SSH>Auth,

press the Browse button and select the file private_key.ppk you saved in PuTTY's

home folder, as shown in PuTTY - Options controlling SSH authentication. As next,

select Connection>SSH>Tunnels. In the field Source port enter the port number the

remote Mac mini server shall listen to. I.e, either 5900 or 5910 or something else, if

you have TightVNC server running on your local PC. In the Destination field enter

localhost:5900, as shown in thumbnail PuTTY - Connection SSH Tunnels, and then

press the button Add. This means you want to forward the traffic to localhost on the

SSH server computer. The result is shown in PuTTY - Tunnel for VNC Local Port

Forwarding. If you want to forward traffic to another computer on the same network

as the SSH server, then replace localhost:5900 by other_computer:5900 and the

traffic will go from your Windows PC running PuTTY, to the Mac mini server running

the SSH server SSHD, to the other computer on the same network as the Mac mini

server. In order to document this, here are two examples. The first one showing the

PuTTY - Tunnel Pluto to MacPro via Server SSH Local Port Forwarding, then the

associated PuTTY - Login terminal window of Server on the PC via the Internet, and

finally the resulting MacPro TightVNC Screen on the PC via Server SSH Local Port

Forwarding. The second one, showing the reverse Connection Pluto to MacPro via

Server SSH Local Port Forwarding, and the resulting Pluto TightVNC Screen on

MacPro via Server SSH Local Port Forwarding via the Internet.

Now select Session. In the field Host Name (or IP address) enter the name or IP

address of your Mac mini server, specify the session's name in the field Saved

sessions, as shown in PuTTY - Basic options to your session, and press Save.

PuTTY is now configured and ready to initiate a VNC session.

Proceed with the configuration of your SSH server on the Mac mini server, as

follows.

Forward the RSA authentication key public_key.txt, generated above, to the Mac

Mini server using a secure channel, then copy it into the user's home directory, and

execute the following commands.

server:~ jm$  cat  public_key.txt  >>  .ssh/authorized_keys

server:~ jm$  chmod  go-rwx  .ssh/authorized_keys

Enter also the following command,

server:~ jm$  ls -l  .ssh/authorized_keys

and verify that the file attributes of authorized_keys are as shown below.

-rw-------  1 jm  staff  1568 Nov 11 15:57 .ssh/authorized_keys

At this point, rsa authentication for the local PC is configured on the SSH server.

However, in order to use rsa authentication only, if not already done, you should

disable tunnelled clear text passwords in /etc/sshd_config, i.e, set the following

options to no.

PasswordAuthentication  no

ChallengeResponseAuthentication  no

Now, to initiate SSH Local Port Forwarding and enable a VNC session from the

local PC, open PuTTY, select and load the session server by pressing the Load

button, as shown in PuTTY - Basic options to your session and press the button

Open.

You will be asked to enter the User Id and the Passphrase associated with the rsa

authentication key, as shown in the thumbnail PuTTY - Login terminal window.

Now, once a secure connection has been established via a plain SSH Local Port

Forwarding, start the VNC Viewer, i.e the VNC client on the local PC, and instead of

pointing it to the remote Mac mini server, point it to localhost:5910 or alternatively to

port 127.0.0.1:5910, as shown in TightVNC Viewer - Connection Request and press

Connect. So, the VNC client connects to your local computer, and PuTTY forwards

the data traffic over the secure SSH tunnel to the remote machine.

By the TightVNC server you will now be requested to enter the password for VNC

authentication you specified on server in order to enable Screen Sharing, as shown

in TightVNC Server Authentication Request.

Once done, the Login screen of your Mac mini server will appear on the display of

the local PC, allowing you to log into the server and access OS X from the PC, as

shown in TightVNC Server Screen on the PC via SSH Local Port Forwarding.

At this point, start Aquamacs and enjoy using your unified remote Mac OS X Lisp

Development Environment from the local PC, as shown in the thumbnail Unified

Aquamacs Development Environment.