| |||||||||||||
Remote desktop vs. remote displayRemote desktop vs. remote displayPosted Feb 14, 2013 17:10 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)In reply to: Remote desktop vs. remote display by Serge Parent article: LCA: The ways of Wayland
I might need to see or enter sensitive data that I don't want everyone else to see (credit card details is an obvious example). If I lose a connection (happens on 4G quite often) then the workstation would be wide open for any period of time.
Khim is right - Windows does this use-case just right. It's streamlined and easy.
On X11 with its vaunted "network transparency" it's simply not possible without bending over backwards.
(Log in to post comments)
Remote desktop vs. remote display Posted Feb 14, 2013 17:54 UTC (Thu) by Serge (guest, #84957) [Link]
> I might need to see or enter sensitive data that I don't want everyone else to see
Well, you can't protect from that even being near your desktop, since somebody might be looking above your shoulder. Or somebody could hide a small camera in a pen near you.
But in case of X.Org you have a killing feature: you can remotely turn your monitor off! :)
> Windows does this use-case just right. It's streamlined and easy.
Yeah. You need to enable remote desktop, configure access to it, and set up your firewall. Or you may google and install some third party software and configure it instead. It's so much harder with X.Org where you only need ssh and 2 commands to reach your remote desktop. ;)
Remote desktop vs. remote display Posted Feb 14, 2013 17:58 UTC (Thu) by hummassa (subscriber, #307) [Link]
> Yeah. You need to enable remote desktop, configure access to it, and set up your firewall. Or you may google and install some third party software and configure it instead. It's so much harder with X.Org where you only need ssh and 2 commands to reach your remote desktop. ;)
FUD, plain and simply. You enable the Remote Desktop and it's ready to be used from other Win machine. What it DOES is lock out any local user while you are using your machine remotely, and that is why it is posited in this thread -- rightfully so -- as more secure.
Remote desktop vs. remote display Posted Feb 14, 2013 22:18 UTC (Thu) by Serge (guest, #84957) [Link] > FUD, plain and simply. You enable the Remote Desktop and it's ready to be used from other Win machine. What it DOES is lock out any local user while you are using your machine remotely, and that is why it is posited in this thread -- rightfully so -- as more secure. Uhm. Are we still talking about?: >>> I've locked my workstation and went home without logging out, I need to access my programs somehow. And the second most common is to share your desktop with tech support guy, obviously. I guess you assume that user works under local administrator in office, and does not use any third-party firewalls like outpost/comodo or some firewall built into installed antivirus.
Remote desktop vs. remote display Posted Feb 14, 2013 22:42 UTC (Thu) by khim (subscriber, #9252) [Link] I guess you assume that user works under local administrator in office, and does not use any third-party firewalls like outpost/comodo or some firewall built into installed antivirus. I'm yet to see an office which allows installation of third-party firewalls. Except for small business, but in this case user usually is, indeed, an admin and can do whatever s/he wants. If it's something larger then mom-and-pop shop then there will be firewall, antivirus and may be even Parity, but of course the firewalls installed by winops will support WRA. And you don't need to be an admin to use this feature. I think you are confused. Two usecases cited above are, indeed, the most common usecases - but while they both use RDP as core protocol they have totally different activation sequences and totally different UI. The only thing they share is the ability to start using them without any preparation in this particular session (you need to change OS settings to enable these, of course, but these can be pushed using via Active Directory - and it's true for any remote access protocol; they all need some kind of initial setup).
RDP Posted Feb 15, 2013 11:15 UTC (Fri) by tialaramex (subscriber, #21167) [Link]
So, since I work for a huge dinosaur corporation right now, let me burst this particular bubble straight off.
Here's the _reality_, some of this is paraphrased because I wasn't aware that it would be hilarious enough to be worth recording until some way through the process, and my responses (mostly "OK") are elided. It happened to me _yesterday_ but it could be anybody, and any day, of any week in corporations everywhere.
"Hi, I need you to log into your computer, then go to some3rdpartywebsite.com and enter this eight digit code: 12345678"
"Yes, just click through all the security prompts and choose Run"
"OK, I have control of the computer now. You can probably see things moving. Hello."
"I wasn't able to get access to do the task I was assigned. I will talk to my supervisor"
"Sorry, I am not able to complete the task, I am refused permission to download the software. I will have the ticket re-assigned"
That's a _massive_ global corporation, with both ends using Microsoft Windows, trying to install a program, which ought to be centrally provisioned but of course that doesn't work. Notice that they invoke a third party solution, they end up violating a lot of security principles and still they can't get it to work. In the process they aren't able to take control without leaving the desktop unlocked, and they have no clue what they're doing when they're in.
THAT is the reality on the ground, what you're talking about is every bit as much the theory that doesn't translate into practice as what was discussed above about remoting X applications. RDP could work, it's possible to see how on paper it has potential advantages, but it's erroneous to suggest that it's actually out there solving the problem in these big corporate systems.
I do use RDP, in another aspect of my job I have to connect to a remote facility where (we were told) access to the servers is via SSH. What we weren't told was that they're inside a corporate firewall that our contact hasn't got permission to change. So to "SSH" into these machines I connect to an RDP system where I only have permission to run Putty. This clumsy, error-prone solution makes every occasion when we must access those systems a trial.
Remote desktop vs. remote display Posted Feb 14, 2013 18:00 UTC (Thu) by hummassa (subscriber, #307) [Link]
> But in case of X.Org you have a killing feature: you can remotely turn your monitor off! :)
Can you be sure it stayed off?
Remote desktop vs. remote display Posted Feb 14, 2013 19:55 UTC (Thu) by Serge (guest, #84957) [Link]
> Can you be sure it stayed off?
Yes, why not?
Remote desktop vs. remote display Posted Feb 14, 2013 20:59 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]
How? And how are you going to turn it back on once you return next day?
Remote desktop vs. remote display Posted Feb 14, 2013 21:22 UTC (Thu) by Serge (guest, #84957) [Link]
> How?
There may be other options, but I was thinking about: xrandr --output XXX --off
> And how are you going to turn it back on once you return next day?
Same: xrandr --output XXX --auto
I can do that remotely before leaving my ssh session.
Remote desktop vs. remote display Posted Feb 14, 2013 21:25 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]
> There may be other options, but I was thinking about: xrandr --output XXX --off
So start x11vnc and try to do it. Doesn't work.
> I can do that remotely before leaving my ssh session.
Remote desktop vs. remote display Posted Feb 14, 2013 22:17 UTC (Thu) by Serge (guest, #84957) [Link]
> So start x11vnc and try to do it. Doesn't work.
Tried. It does. What does not work for you?
> In other words "you can't".
I just did. :)
Remote desktop vs. remote display Posted Feb 15, 2013 13:25 UTC (Fri) by drag (subscriber, #31333) [Link]
TigerVNC supports xrandr. Others don't.
Different VNC implementations support different features and there can be a vast difference in performance.
Remote desktop vs. remote display Posted Feb 15, 2013 20:19 UTC (Fri) by Serge (guest, #84957) [Link]
> TigerVNC supports xrandr. Others don't.
It does not matter. Shell supports xrandr. If I initially used ssh to get VNC, I can run xrandr over the same ssh session. Or I can open xterm after I connected to VNC and run xrandr there.
|
|||||||||||||