Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
Why not? You can lock the screen while you're away. Nobody can do anything there while you're connected because you'll see that. And you can lock the screen again before disconnecting.
Remote desktop vs. remote display
Posted Feb 14, 2013 17:10 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)
Khim is right - Windows does this use-case just right. It's streamlined and easy.
On X11 with its vaunted "network transparency" it's simply not possible without bending over backwards.
Posted Feb 14, 2013 17:54 UTC (Thu) by Serge (guest, #84957)
Well, you can't protect from that even being near your desktop, since somebody might be looking above your shoulder. Or somebody could hide a small camera in a pen near you.
But in case of X.Org you have a killing feature: you can remotely turn your monitor off! :)
> Windows does this use-case just right. It's streamlined and easy.
Yeah. You need to enable remote desktop, configure access to it, and set up your firewall. Or you may google and install some third party software and configure it instead. It's so much harder with X.Org where you only need ssh and 2 commands to reach your remote desktop. ;)
Posted Feb 14, 2013 17:58 UTC (Thu) by hummassa (subscriber, #307)
FUD, plain and simply. You enable the Remote Desktop and it's ready to be used from other Win machine. What it DOES is lock out any local user while you are using your machine remotely, and that is why it is posited in this thread -- rightfully so -- as more secure.
Posted Feb 14, 2013 22:18 UTC (Thu) by Serge (guest, #84957)
> FUD, plain and simply. You enable the Remote Desktop and it's ready to be used from other Win machine. What it DOES is lock out any local user while you are using your machine remotely, and that is why it is posited in this thread -- rightfully so -- as more secure.
Uhm. Are we still talking about?:
>>> I've locked my workstation and went home without logging out, I need to access my programs somehow. And the second most common is to share your desktop with tech support guy, obviously.
I guess you assume that user works under local administrator in office, and does not use any third-party firewalls like outpost/comodo or some firewall built into installed antivirus.
Posted Feb 14, 2013 22:42 UTC (Thu) by khim (subscriber, #9252)
I'm yet to see an office which allows installation of third-party firewalls. Except for small business, but in this case user usually is, indeed, an admin and can do whatever s/he wants.
If it's something larger then mom-and-pop shop then there will be firewall, antivirus and may be even Parity, but of course the firewalls installed by winops will support WRA. And you don't need to be an admin to use this feature.
I think you are confused. Two usecases cited above are, indeed, the most common usecases - but while they both use RDP as core protocol they have totally different activation sequences and totally different UI. The only thing they share is the ability to start using them without any preparation in this particular session (you need to change OS settings to enable these, of course, but these can be pushed using via Active Directory - and it's true for any remote access protocol; they all need some kind of initial setup).
Posted Feb 15, 2013 11:15 UTC (Fri) by tialaramex (subscriber, #21167)
Here's the _reality_, some of this is paraphrased because I wasn't aware that it would be hilarious enough to be worth recording until some way through the process, and my responses (mostly "OK") are elided. It happened to me _yesterday_ but it could be anybody, and any day, of any week in corporations everywhere.
"Hi, I need you to log into your computer, then go to some3rdpartywebsite.com and enter this eight digit code: 12345678"
"Yes, just click through all the security prompts and choose Run"
"OK, I have control of the computer now. You can probably see things moving. Hello."
"I wasn't able to get access to do the task I was assigned. I will talk to my supervisor"
"Sorry, I am not able to complete the task, I am refused permission to download the software. I will have the ticket re-assigned"
That's a _massive_ global corporation, with both ends using Microsoft Windows, trying to install a program, which ought to be centrally provisioned but of course that doesn't work. Notice that they invoke a third party solution, they end up violating a lot of security principles and still they can't get it to work. In the process they aren't able to take control without leaving the desktop unlocked, and they have no clue what they're doing when they're in.
THAT is the reality on the ground, what you're talking about is every bit as much the theory that doesn't translate into practice as what was discussed above about remoting X applications. RDP could work, it's possible to see how on paper it has potential advantages, but it's erroneous to suggest that it's actually out there solving the problem in these big corporate systems.
I do use RDP, in another aspect of my job I have to connect to a remote facility where (we were told) access to the servers is via SSH. What we weren't told was that they're inside a corporate firewall that our contact hasn't got permission to change. So to "SSH" into these machines I connect to an RDP system where I only have permission to run Putty. This clumsy, error-prone solution makes every occasion when we must access those systems a trial.
Posted Feb 14, 2013 18:00 UTC (Thu) by hummassa (subscriber, #307)
Can you be sure it stayed off?
Posted Feb 14, 2013 19:55 UTC (Thu) by Serge (guest, #84957)
Yes, why not?
Posted Feb 14, 2013 20:59 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)
Posted Feb 14, 2013 21:22 UTC (Thu) by Serge (guest, #84957)
There may be other options, but I was thinking about: xrandr --output XXX --off
> And how are you going to turn it back on once you return next day?
Same: xrandr --output XXX --auto
I can do that remotely before leaving my ssh session.
Posted Feb 14, 2013 21:25 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)
> I can do that remotely before leaving my ssh session.
In other words "you can't".
Posted Feb 14, 2013 22:17 UTC (Thu) by Serge (guest, #84957)
Tried. It does. What does not work for you?
> In other words "you can't".
I just did. :)
Posted Feb 15, 2013 13:25 UTC (Fri) by drag (subscriber, #31333)
Different VNC implementations support different features and there can be a vast difference in performance.
Posted Feb 15, 2013 20:19 UTC (Fri) by Serge (guest, #84957)
It does not matter. Shell supports xrandr. If I initially used ssh to get VNC, I can run xrandr over the same ssh session. Or I can open xterm after I connected to VNC and run xrandr there.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds