| |||||||||||||
Remote desktop vs. remote displayRemote desktop vs. remote displayPosted Feb 14, 2013 12:16 UTC (Thu) by dskoll (subscriber, #1630)In reply to: Remote desktop vs. remote display by khim Parent article: LCA: The ways of Wayland
How exactly does it work? What commands should I type? (to attach to an existing X session.) On Debian, apt-get install x11vnc and then read the man page. It does exactly what you want.
(Log in to post comments)
Remote desktop vs. remote display Posted Feb 14, 2013 14:06 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]
It doesn't. At least, it doesn't allow to do it without leaving the local workstation insecure.
Remote desktop vs. remote display Posted Feb 14, 2013 14:54 UTC (Thu) by dskoll (subscriber, #1630) [Link] That is true. You need to physically secure your workstation if you use this trick.
Remote desktop vs. remote display Posted Feb 14, 2013 17:07 UTC (Thu) by Serge (guest, #84957) [Link]
> It doesn't. At least, it doesn't allow to do it without leaving the local workstation insecure.
Why not? You can lock the screen while you're away. Nobody can do anything there while you're connected because you'll see that. And you can lock the screen again before disconnecting.
Remote desktop vs. remote display Posted Feb 14, 2013 17:10 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]
I might need to see or enter sensitive data that I don't want everyone else to see (credit card details is an obvious example). If I lose a connection (happens on 4G quite often) then the workstation would be wide open for any period of time.
Khim is right - Windows does this use-case just right. It's streamlined and easy.
On X11 with its vaunted "network transparency" it's simply not possible without bending over backwards.
Remote desktop vs. remote display Posted Feb 14, 2013 17:54 UTC (Thu) by Serge (guest, #84957) [Link]
> I might need to see or enter sensitive data that I don't want everyone else to see
Well, you can't protect from that even being near your desktop, since somebody might be looking above your shoulder. Or somebody could hide a small camera in a pen near you.
But in case of X.Org you have a killing feature: you can remotely turn your monitor off! :)
> Windows does this use-case just right. It's streamlined and easy.
Yeah. You need to enable remote desktop, configure access to it, and set up your firewall. Or you may google and install some third party software and configure it instead. It's so much harder with X.Org where you only need ssh and 2 commands to reach your remote desktop. ;)
Remote desktop vs. remote display Posted Feb 14, 2013 17:58 UTC (Thu) by hummassa (subscriber, #307) [Link]
> Yeah. You need to enable remote desktop, configure access to it, and set up your firewall. Or you may google and install some third party software and configure it instead. It's so much harder with X.Org where you only need ssh and 2 commands to reach your remote desktop. ;)
FUD, plain and simply. You enable the Remote Desktop and it's ready to be used from other Win machine. What it DOES is lock out any local user while you are using your machine remotely, and that is why it is posited in this thread -- rightfully so -- as more secure.
Remote desktop vs. remote display Posted Feb 14, 2013 22:18 UTC (Thu) by Serge (guest, #84957) [Link] > FUD, plain and simply. You enable the Remote Desktop and it's ready to be used from other Win machine. What it DOES is lock out any local user while you are using your machine remotely, and that is why it is posited in this thread -- rightfully so -- as more secure. Uhm. Are we still talking about?: >>> I've locked my workstation and went home without logging out, I need to access my programs somehow. And the second most common is to share your desktop with tech support guy, obviously. I guess you assume that user works under local administrator in office, and does not use any third-party firewalls like outpost/comodo or some firewall built into installed antivirus.
Remote desktop vs. remote display Posted Feb 14, 2013 22:42 UTC (Thu) by khim (subscriber, #9252) [Link] I guess you assume that user works under local administrator in office, and does not use any third-party firewalls like outpost/comodo or some firewall built into installed antivirus. I'm yet to see an office which allows installation of third-party firewalls. Except for small business, but in this case user usually is, indeed, an admin and can do whatever s/he wants. If it's something larger then mom-and-pop shop then there will be firewall, antivirus and may be even Parity, but of course the firewalls installed by winops will support WRA. And you don't need to be an admin to use this feature. I think you are confused. Two usecases cited above are, indeed, the most common usecases - but while they both use RDP as core protocol they have totally different activation sequences and totally different UI. The only thing they share is the ability to start using them without any preparation in this particular session (you need to change OS settings to enable these, of course, but these can be pushed using via Active Directory - and it's true for any remote access protocol; they all need some kind of initial setup).
RDP Posted Feb 15, 2013 11:15 UTC (Fri) by tialaramex (subscriber, #21167) [Link]
So, since I work for a huge dinosaur corporation right now, let me burst this particular bubble straight off.
Here's the _reality_, some of this is paraphrased because I wasn't aware that it would be hilarious enough to be worth recording until some way through the process, and my responses (mostly "OK") are elided. It happened to me _yesterday_ but it could be anybody, and any day, of any week in corporations everywhere.
"Hi, I need you to log into your computer, then go to some3rdpartywebsite.com and enter this eight digit code: 12345678"
"Yes, just click through all the security prompts and choose Run"
"OK, I have control of the computer now. You can probably see things moving. Hello."
"I wasn't able to get access to do the task I was assigned. I will talk to my supervisor"
"Sorry, I am not able to complete the task, I am refused permission to download the software. I will have the ticket re-assigned"
That's a _massive_ global corporation, with both ends using Microsoft Windows, trying to install a program, which ought to be centrally provisioned but of course that doesn't work. Notice that they invoke a third party solution, they end up violating a lot of security principles and still they can't get it to work. In the process they aren't able to take control without leaving the desktop unlocked, and they have no clue what they're doing when they're in.
THAT is the reality on the ground, what you're talking about is every bit as much the theory that doesn't translate into practice as what was discussed above about remoting X applications. RDP could work, it's possible to see how on paper it has potential advantages, but it's erroneous to suggest that it's actually out there solving the problem in these big corporate systems.
I do use RDP, in another aspect of my job I have to connect to a remote facility where (we were told) access to the servers is via SSH. What we weren't told was that they're inside a corporate firewall that our contact hasn't got permission to change. So to "SSH" into these machines I connect to an RDP system where I only have permission to run Putty. This clumsy, error-prone solution makes every occasion when we must access those systems a trial.
Remote desktop vs. remote display Posted Feb 14, 2013 18:00 UTC (Thu) by hummassa (subscriber, #307) [Link]
> But in case of X.Org you have a killing feature: you can remotely turn your monitor off! :)
Can you be sure it stayed off?
Remote desktop vs. remote display Posted Feb 14, 2013 19:55 UTC (Thu) by Serge (guest, #84957) [Link]
> Can you be sure it stayed off?
Yes, why not?
Remote desktop vs. remote display Posted Feb 14, 2013 20:59 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]
How? And how are you going to turn it back on once you return next day?
Remote desktop vs. remote display Posted Feb 14, 2013 21:22 UTC (Thu) by Serge (guest, #84957) [Link]
> How?
There may be other options, but I was thinking about: xrandr --output XXX --off
> And how are you going to turn it back on once you return next day?
Same: xrandr --output XXX --auto
I can do that remotely before leaving my ssh session.
Remote desktop vs. remote display Posted Feb 14, 2013 21:25 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]
> There may be other options, but I was thinking about: xrandr --output XXX --off
So start x11vnc and try to do it. Doesn't work.
> I can do that remotely before leaving my ssh session.
Remote desktop vs. remote display Posted Feb 14, 2013 22:17 UTC (Thu) by Serge (guest, #84957) [Link]
> So start x11vnc and try to do it. Doesn't work.
Tried. It does. What does not work for you?
> In other words "you can't".
I just did. :)
Remote desktop vs. remote display Posted Feb 15, 2013 13:25 UTC (Fri) by drag (subscriber, #31333) [Link]
TigerVNC supports xrandr. Others don't.
Different VNC implementations support different features and there can be a vast difference in performance.
Remote desktop vs. remote display Posted Feb 15, 2013 20:19 UTC (Fri) by Serge (guest, #84957) [Link]
> TigerVNC supports xrandr. Others don't.
It does not matter. Shell supports xrandr. If I initially used ssh to get VNC, I can run xrandr over the same ssh session. Or I can open xterm after I connected to VNC and run xrandr there.
Remote desktop vs. remote display Posted Feb 14, 2013 22:04 UTC (Thu) by khim (subscriber, #9252) [Link] On Debian,
No, it does not. I can't even understand how can you ever suggest such nonsense as an answer to the message which includes the following: Both work perfectly in Windows, both are horrible in Linux - and the solutions offered usually don't use the much vaunted "X network transparency" at all. I know some Linux distributions offer VNC as a solution, but it's not perfect: when I access programs in such a way my desktop in office is actually becoming unlocked and anyone can do anything with it! Yes, I know about x11vnc - and that's exactly my point. We have this nice super-duped-network-transparent GUI system which obviously should be good for remoting, but when it's faced with real-world task (the most popular real world task by far!) it FAILS. Utterly and completely. The only solution offered is a kludge used by such systems as MacOS or Android (which shun the remote access in principle as "not important") or "every program should implement it explicitly" solution. Nothing even remotely close to what that "awful" Windows offers.
Remote desktop vs. remote display Posted Feb 15, 2013 20:17 UTC (Fri) by Serge (guest, #84957) [Link]
> Yes, I know about x11vnc - and that's exactly my point.
What's the problem with x11vnc? You mentioned two use-cases: share desktop with someone else and connect from home to office. So x11vnc exactly solves first case and can be easily used in another one.
And no, having an unlocked screen is not a problem, since nobody can do anything there anyway because you'll see that (you can turn your monitor off if you're afraid of someone to see something). Even more, it's an advantage, since while talking to someone in your office you can say "Let me show you, come to my desktop... Look, I open this program, do this, click here and check this..."
> We have this nice super-duped-network-transparent GUI system which obviously should be good for remoting, but when it's faced with real-world task (the most popular real world task by far!) it FAILS.
It's not. This "nice super-duped-network-transparent GUI system" is what allows you to do that, and do it instantly, without any preparations, without patching X.Org or rebuilding weston from experimental git branch.
For me the most common case of remote desktop is: I'm home, I have not started VNC server since I did not planned to connect to office, but now I need it. So I SSH into my office machine, start x11vnc, do the job, lock screen and leave. Simple, no preparations, no firewall configurations, I don't even need admin rights to do that.
Remote desktop vs. remote display Posted Feb 16, 2013 3:42 UTC (Sat) by Cyberax (✭ supporter ✭, #52523) [Link]
x11vnc has NOTHING to do with X11's network transparency. In fact, VNC works just fine on almost any display system (including Android).
And even then, x11vnc _STILL_ doesn't solve all problems.
Remote desktop vs. remote display Posted Feb 16, 2013 11:35 UTC (Sat) by Serge (guest, #84957) [Link]
> x11vnc has NOTHING to do with X11's network transparency.
But even if it's not, so what? The statement was like "X does not allow that", and that statement is wrong, X allows that, x11vnc is an example.
When you need to run a single program remotely and see its window you can use x11vnc too (it can forward separate windows), but there're better solutions to that, like ssh -X (ssh -Y) or xpra/winswitch.org.
I don't understand all the fuzz about "network transparency". You either can do something or you can't. It does not matter what words you use to call that.
> And even then, x11vnc _STILL_ doesn't solve all problems.
Of course it does not solve ALL the problems. But it solves those two, the most common ones. :)
|
|||||||||||||