Justin,

Justin,

I've been looking at Meerkat pretty closely, and I have a bunch of feedback. First I have to say that I like Meerkat and am impressed by it. That said, I have a lot of comments, and I hope at least some of them will be useful to you. This is long enough I actually wrote it as Markdown. ;)

Regards,

Chris Pepper

Questions

  1. What is the minimum compatible Mac OS X version? Is it really 10.4.0?
  2. After a Screen Sharing attempt through a Meerkat Bonjour tunnel to a Linux host, Meerkat brings the tunnel down (whether or not the SS session starts successfully). If Meerkat automatically closes tunnels, that should be called out somewhere obvious.

Bugs

  1. When I define a new tunnel, it's not available to the meerkat helper until I quit Meerkat.app.
  2. I defined 'vnc@inspector', but 'Save Tunnel' failed, claiming the name was already in use. I hit Cancel, and Meerkat closed & reopened the tunnel window -- this time 'Save Tunnel' worked. Bizarre!
  3. With Meerkat.app not running, meerkat pop up returned true immediately, then launched Meerkat.app and brought the tunnel up -- don't return true until and unless the tunnel successfully comes up.
  4. Meerkat lost a tunnel. The UI showed none running, but I was unable to use VNC because this tunnel was stealing the port (I quit Meerkat but the tunnel stayed up; kill stopped the tunnel):
pepper@prowler:~/www/public_html/writing/macworld/meerkat$ ps -ef|grep 86599
  501 86599  1125   0   0:00.01 ??         0:00.03 /usr/bin/ssh -p 22 -l pepper 
-N -o ConnectTimeout=5 -o TCPKeepAlive=yes -o NumberOfPasswordPrompts=1 -o Prefe
rredAuthentications=publickey -i /Users/pepper/.ssh/id_rsa.pepper.20080516 -L 59
01:localhost:5900 -g inspector
  501 86738   540   0   0:00.00 ttys002    0:00.00 grep 86599
pepper@prowler:~/www/public_html/writing/macworld/meerkat$ lsof|grep 5901
ssh       86599 pepper    4u    IPv6  0x6eb7ff4         0t0                  TCP *:5901 (LISTEN)
ssh       86599 pepper    5u    IPv4 0x12b90270         0t0                  TCP *:5901 (LISTEN)

Documentation / Phrasing

  1. "Use external SSH agent" implies there should be an "Use internal SSH agent" alternative. Lacking such an option, how about removing 'external' from the label?
  2. The Tunnel Setup Assistant says "setting up an SSH tunnel for a variety of purposes." -- either "tunnels" or "any of a variety of purposes."
  3. The example for "Remote service available locally" is "Accessing a remote database server locally.", which doesn't really help. How about "Accessing a remote database server from this network."?
  4. I don't believe 'statuses' is a real word; 'status' works for the state of multiple tunnels.
  5. I'm assuming Meerkat works well with dynamic DNS (so long as you don't invisibly convert hostnames to IPs). This seems like something you might want to mention on http://codesorcery.net/meerkat, since it's a natural match but not immediately obvious to everyone.
  6. I find 'entry point' in "Make entry point available to other computers" a bit inscrutable. Why not just 'tunnel' here?

Suggestions & Niggles

  1. The Tunnel Setup Assistant needs a list of ports! Meerkat should help people who want to stream iTunes but don't know it's 'daap', or 3689, or that `/etc/services is the place to look. You have a list for Bonjour; SP:Sharing has a longer list, and Leopard Server's Server Admin:Firewall has a very long one.
  2. In the Tunnel Setup Assistant's Enter Service Details window, Continue works even if I leave all 3 fields blank. In the next screen, Create fails, but it should complain earlier. Similarly, if I leave Hostname blank in a tunnel configuration sheet, Save says "An error occurred when trying to save", but it would be better to specify the problem field.
  3. In the Tunnel Setup Assistant, Return should advance, not just Space.
  4. Have you considered making the "Account Nickname" field optional, and auto-filling it with Username@Server?
  5. Meerkat won't let me select a symlink as my key -- it forces me to choose a real key. It would be nice if Meerkat would accept a symlink, so I could later change the underlying key without having to update accounts in Meerkat. Alternatively, just resolve the symlink (I don't recall which of my keys ~/.ssh/id_rsa points to offhand). Ironically, when I didn't click Choose, it accepted the ~/.ssh/id_rsa default, so symlinks are okay, just blocked from manual selection in the Choose dialog.
  6. The "Choose" button doesn't say 'private key', but returns an error if I specify a public key. Ideally, if the user selects a public key, Meerkat would remove .pub from the end to find the private key (ssh-agent assumes this relationship), but if not the button or dialog title should say 'private key' as a hint, and the error should appear when the user hits Open to return from the dialog, rather than waiting until Save Account is clicked.
  7. Based on the Finder and Time Machine, I expect the gear menu to offer actions (start tunnel, stop tunnel, etc.), not just settings.
  8. Have you considered pre-filling 'localhost' in the New Tunnel window's Hostname field (I see it's suggested in the Assistant window's copy, but not in the field itself or in the non-assistant window's copy)? Even better would be to fill it in light grey like Search in a search field, and allow a blank field to default to localhost
  9. In the Tunnel window, clicking the app icon should allow selection of a (different) app.
  10. "Available at (entry point:)" is disabled for me, and the Help doesn't have any hints why. I figured out that it's available when "Tunneled through (host):" is "This Mac", but that's not obvious. Perhaps use a visual element in the dialog box to connect the two pop-ups?
  11. Why is Accounts on the right, with Tunnels on the left? Since you must set up the Account first, I was surprised it didn't appear on the left.
  12. The Help link to http://docs.info.apple.com/article.html?path=Safari/3.0/en/9299.html should probably mention that's also the instructions for S4.

RFEs

  1. I like auto-start on application launch -- do you plan to do it the other way too, so Meerkat could launch an app, AppleScript, shell script (yes, I could launch the tunnel from the shell script, but would then have to wait for it to come up), or URL (I could replace this alias: alias vnci='(sleep 4; open vnc://127.0.0.1:5901) & ssh -C -4 -L 5901:127.0.0.1:5901 inspector') after the tunnel is up?
  2. Have you considered adding MarcoPolo integration? It's what I use to automatically remount home media shares when switching networks, and seems like a good match.
  3. Have you considered a CLI option to Stop All Tunnels (without quitting Meerkat)? Or to start multiple tunnels (I've used as many as 3 -L options to a single ssh command in the past, but not recently).
  4. It would be helpful if the meerkat command grew a --list argument, to list all available tunnels, with up/down status.
  5. How about --launch (equivalent to open Meerkat, but most users don't know the open command) and --quit arguments to launch & quit the app, including auto tunnels? Alternatively, meerkat ALL down could stop all tunnels, but there should be some way to do this remotely (rather than stopping tunnels one at a time, assuming you know all the names).
  6. I'd like an option to advertise a tunnel over Bonjour, but not make it available to other computers, so I could use iTunes/VNC/etc. with autodiscovery but not promiscuously.

up