free multi-user remote desktop utility

[Robert Redelmeier]

I guess I've been a bit spoiled by Unix and Linux, just
assumed that this was basic functionality in Windows too.

Perhaps, but your expectations should consider from whence
Unix and MS-Windows came.

Linux/Unix came from a multi-user, multi-tasking system from
day one. Networking was added early, and graphics later and
only on remote VDTs.

MS-Windows came from MS-DOS for PCs. That should be enough,
but I will belabor the point: graphics was added fairly early
and closely tied to the console, multitasking was added without
multi-user, networking added late and multi-user only relatively
recently (MS-Win2k?)

These origins continue to be reflected in the OS strengths:
Linux/Unix is very secure owing to its multi-user &
multi-tasking base. With well settled networking but
relatively weak graphics and interactivity.


-- Robert

 

[krw]

Perhaps, but your expectations should consider from whence
Unix and MS-Windows came.

Linux/Unix came from a multi-user, multi-tasking system from
day one. Networking was added early, and graphics later and
only on remote VDTs.

MS-Windows came from MS-DOS for PCs. That should be enough,
but I will belabor the point: graphics was added fairly early
and closely tied to the console, multitasking was added without
multi-user, networking added late and multi-user only relatively
recently (MS-Win2k?)

Actually, at least in theory, the core of modern Windows (I.e. NT and
progeny) came more from VMS than DOS. Whether the cruft on top works
as desired is another matter.

These origins continue to be reflected in the OS strengths:
Linux/Unix is very secure owing to its multi-user &
multi-tasking base. With well settled networking but
relatively weak graphics and interactivity.

Except that hardware is making *IX graphics better (a problem that
hardware can solve). Nothing will make Windows secure.

 

[Robert Redelmeier]

Actually, at least in theory, the core of modern Windows
(I.e. NT and progeny) came more from VMS than DOS. Whether

Yes, Digitial VMS architect Dave Cutler was in charge of MS-WinNT
design. But I'd expect he was sufficiently professional to keep
his prior employers secrets and only incorporate well known OS
features that were required by MS' specifications or objectives.
Including the features like HPFS MS "inheirited" from their
participation in the OS/2 project prior to the split.

the cruft on top works as desired is another matter.

It is. The question becomes "as desired" by whom?

Except that hardware is making *IX graphics better (a problem
that hardware can solve). Nothing will make Windows secure.

Most definitely wrt hardware covering for the loopback and other
layers. MS-Windows can be made significantly less insecure by
the NIST patches and responsible usage. Including avoiding
MS-InternetExplorer and MS-Outlook at least on administrator
accounts since these are proven irredeemably insecure. Their
insecurities can prove troublesome even on user accounts since MS
does not secure priviliged ports (<1000) against user daemons.

-- Robert

 

[krw]

Yes, Digitial VMS architect Dave Cutler was in charge of MS-WinNT
design. But I'd expect he was sufficiently professional to keep
his prior employers secrets and only incorporate well known OS
features that were required by MS' specifications or objectives.
Including the features like HPFS MS "inheirited" from their
participation in the OS/2 project prior to the split.

More specifically, Cutler was hired to make NT "VMSlike". Just to
clarify, HPFS was M$'s intellectual property. The purpose of NTFS
was to make it "different". HPFS was in many ways superior.

It is. The question becomes "as desired" by whom?

Exactly. ;-)

Most definitely wrt hardware covering for the loopback and other
layers. MS-Windows can be made significantly less insecure by
the NIST patches and responsible usage.

That "responsible usage" includes giving up much functionality.
Unlike *IX, there are many things that cannot be done under a user
account. Even "run as" doesn't cut it.

Including avoiding
MS-InternetExplorer and MS-Outlook at least on administrator
accounts since these are proven irredeemably insecure. Their
insecurities can prove troublesome even on user accounts since MS
does not secure priviliged ports (<1000) against user daemons.

I've tried to convince my wife to give up InternetExploder, but gave
up long ago. She has her own laptop (w/Vista[*]) now, so...

[*] What a disaster. Enough so that I bought my new one with XP,
after (and in spite of hearing her bitching.

 

[nobody]

I've tried to convince my wife to give up InternetExploder, but gave
up long ago.

Well guys you better didn't start me on this one. Here I respectfully
disagree with you. As bad as IE is, alternatives are even worse, at
least from my point of view as a developer. The "open source
community" keeps squabbling about whether certain things are their
bugs or "features differing them from competing platform (read - evil
Bill G. with his IE)". The fact that these things are de-facto
programming standards (not just IE but also Opera and Safari) means
nothing for them - as long as it's not spelled out in W3 standards
they feel free to do it any way they wish and strive to make it as
un-Microsoft as possible. Add to that that MS Visual Studio is head
and shoulders above Venkman debugger and whatever 3rd party text
editor you pick - and you got the picture. No surprise then that many
sites have limited functionality, or don't even display correctly in
Firefox. It's so much easier to develop internal corporate sites for
IE only. When it comes to external sites - Firefox with less than 10%
user base takes disproportionate development efforts, and still some
features have to be dropped (or, to say politely, 'left out for future
development'). In other words, if Firefox disappeared overnight, very
few developers would shed a tear. And yes, it _may_ be safer - simply
because most hackers wouldn't go after roughly 10% market share,
opting instead for over 80% IE share. I bet if somebody was truly
interested in cracking Firefox defences, it would be even easier than
with IE simply because its inner workings are open to everyone to mess
with.

NNN

 

[Gordon]

Firefox with less than 10% user base

Hmmm. Outdated stats.
This one:
http://www.w3schools.com/browsers/browsers_stats.asp
says Firefox 36% - that's a bit more than 10% isn't it....

 

[nobody]

Hmmm. Outdated stats.
This one:
http://www.w3schools.com/browsers/browsers_stats.asp
says Firefox 36% - that's a bit more than 10% isn't it....

Depends on the nature of the site. Tech sites, especially open source
oriented ones tend to have more FF traffic - and even there IE rules
(50+%). Corp sites are much more IE-heavy. Have not done eComm sites
in last few years though - that stats would be much more
representative. Also never done pr0n sites, so have no idea about the
stats on that big part of Net traffic. ;-) The average Joe 6pack
hardly ever visits w3schools - too bad for him, it's a great site, I
have it bookmarked in both IE and FF and use it for ref every now and
then. BTW, I mostly open it in FF as to not mess with my work that is
mostly in IE.

NNN

 

[krw]

Well guys you better didn't start me on this one. Here I respectfully
disagree with you. As bad as IE is, alternatives are even worse, at
least from my point of view as a developer. The "open source
community" keeps squabbling about whether certain things are their
bugs or "features differing them from competing platform (read - evil
Bill G. with his IE)". The fact that these things are de-facto
programming standards (not just IE but also Opera and Safari) means
nothing for them - as long as it's not spelled out in W3 standards
they feel free to do it any way they wish and strive to make it as
un-Microsoft as possible. Add to that that MS Visual Studio is head
and shoulders above Venkman debugger and whatever 3rd party text
editor you pick - and you got the picture. No surprise then that many
sites have limited functionality, or don't even display correctly in
Firefox. It's so much easier to develop internal corporate sites for
IE only. When it comes to external sites - Firefox with less than 10%
user base takes disproportionate development efforts, and still some
features have to be dropped (or, to say politely, 'left out for future
development'). In other words, if Firefox disappeared overnight, very
few developers would shed a tear. And yes, it _may_ be safer - simply
because most hackers wouldn't go after roughly 10% market share,
opting instead for over 80% IE share. I bet if somebody was truly
interested in cracking Firefox defences, it would be even easier than
with IE simply because its inner workings are open to everyone to mess
with.

The issue here isn't functionality, rather security. IE is the pits
(for both, actually). If any merchant builds IE-only content they
don't need me for a customer. It really is that simple.

 

[nobody]

Hmmm. Outdated stats.
This one:
http://www.w3schools.com/browsers/browsers_stats.asp
says Firefox 36% - that's a bit more than 10% isn't it....

From the same page:

<quote>
W3Schools is a website for people with an interest for web
technologies. These people are more interested in using alternative
browsers than the average user. The average user tends to use Internet
Explorer, since it comes preinstalled with Windows. Most do not seek
out other browsers.

These facts indicate that the browser figures above are not 100%
realistic. Other web sites have statistics showing that Internet
Explorer is used by at least 80% of the users.
</quote>

NNN

 

[The little lost angel]

Well guys you better didn't start me on this one. Here I respectfully
disagree with you. As bad as IE is, alternatives are even worse, at
least from my point of view as a developer. The "open source
community" keeps squabbling about whether certain things are their
bugs or "features differing them from competing platform (read - evil
Bill G. with his IE)". The fact that these things are de-facto
programming standards (not just IE but also Opera and Safari) means
nothing for them - as long as it's not spelled out in W3 standards
they feel free to do it any way they wish and strive to make it as
un-Microsoft as possible.

Well, I'm just a lousy 2-bit programmer who hesitate to even claim the
title developer. Here I respectfully disagree with you. The fact is
developing for just one single platform is inherently easier than
trying to do so for 3 platforms. Naturally if you just picked IE and
specialized in it, it's obviously "easier" than Firefox for you. Just
like my attempts usually work on Firefox, then find that I have to
waste time making it work too on IE if the client wants it.

I doubt any of us pro-OSS programmer/developer set out deliberately to
do something just to break compatibility with Microsoft's browsers.
Sorry to disappoint you but we, or maybe just me, set up to achieve
certain objectives set by the client in the easiest and cleanest way
possible for the targeted browser. It's just too bad that if the end
result doesn't work with full functionality on IE, at least we will
provide a degraded alternative. Can't say so for many of the IE-only
sites around that just plain won't work on alternatives.

Add to that that MS Visual Studio is head
and shoulders above Venkman debugger and whatever 3rd party text
editor you pick - and you got the picture.

It's entirely a matter of personal choice and preferences I believe.

No surprise then that many
sites have limited functionality, or don't even display correctly in
Firefox. It's so much easier to develop internal corporate sites for
IE only.

Ditto for the reverse. I usually only develop for internal sites. So I
get the added benefit of telling my client they can at least not worry
about IE exploits, and that they can save money on their new machines
by not paying the Microsoft Tax since FF will run on Linux. Somehow
the thought of saving some $700+ (OS + Office) on multiple machines
and not worry about the myriad worms/trojan/viruses that infect
WIndows systems, makes for a rather convincing sales pitch =P

Nor do they need to bang their heads on the table like one of my
clients did when they got Vista and found that one of their critical
apps does not work. Ironically, it was specifically IE7 that didn't
work with it

When it comes to external sites - Firefox with less than 10%
user base takes disproportionate development efforts, and still some
features have to be dropped (or, to say politely, 'left out for future
development').

As mentioned, your stats are outdated.

In other words, if Firefox disappeared overnight, very
few developers would shed a tear.

I would, it means I would have to learn to develop for TWO browsers
IE6 and IE7, instead of one, FF. Plus, I can't tell clients I'll have
to charge extra to make the site work with IE =P

And yes, it _may_ be safer - simply
because most hackers wouldn't go after roughly 10% market share,
opting instead for over 80% IE share. I bet if somebody was truly
interested in cracking Firefox defences, it would be even easier than
with IE simply because its inner workings are open to everyone to mess
with.

And any such exploit would be plugged within days, rather than the
weeks it usually takes for Microsoft.

 

[chrisv]

I bet if somebody was truly
interested in cracking Firefox defences, it would be even easier than
with IE simply because its inner workings are open to everyone to mess

You are claiming that being open-source makes it less secure?
Nonsense.

 

[Robert Redelmeier]

Add to that that MS Visual Studio is head and shoulders above
Venkman debugger and whatever 3rd party text editor you pick -
and you got the picture. No surprise then that many sites have
limited functionality, or don't even display correctly in Firefox.

Sure, just the modern version of "[MS]DOS isn't done
'til Lotus won't run".

It's so much easier to develop internal corporate sites for
IE only. When it comes to external sites - Firefox with less
than 10% user base takes disproportionate development efforts,
and still some features have to be dropped (or, to say politely,
'left out for future development')

Why? This is very much a question of cost-benefit: Are
the additional features worth losing Safari, Firefox, etal
customers? Are they that compelling and will be over dial-up?

Yes, I understand it is difficult to tell an artist to tone
their work down for commercial reasons. They hate the intrusion.
Yet such is the nature of commerce, and what they joined.

Testing should always ve some independence from development.
Otherwise you over-focus. If you used MS-VisStudio for
development, then most testing should be done with Firefox &
Safari with only a back-check for MS-IE. If you develop with
Pagemaker then you could test more with MS-IE.

Frankly, my household surfs exclusively with Firefox. (Well,
OK, often I use `links`). It is rare that we find a commercial
site broken on Firefox that isn't also broken on MS-IE.
I'm not surprised. Merchants don't want to lose sales.

-- Robert

 

[nobody]

Well, I'm just a lousy 2-bit programmer who hesitate to even claim the
title developer. Here I respectfully disagree with you. The fact is
developing for just one single platform is inherently easier than
trying to do so for 3 platforms. Naturally if you just picked IE and
specialized in it, it's obviously "easier" than Firefox for you. Just
like my attempts usually work on Firefox, then find that I have to
waste time making it work too on IE if the client wants it.

I doubt any of us pro-OSS programmer/developer set out deliberately to
do something just to break compatibility with Microsoft's browsers.
Sorry to disappoint you but we, or maybe just me, set up to achieve
certain objectives set by the client in the easiest and cleanest way
possible for the targeted browser. It's just too bad that if the end
result doesn't work with full functionality on IE, at least we will
provide a degraded alternative. Can't say so for many of the IE-only
sites around that just plain won't work on alternatives.


It's entirely a matter of personal choice and preferences I believe. Have you ever tried VS.NET?


Ditto for the reverse. I usually only develop for internal sites. So I
get the added benefit of telling my client they can at least not worry
about IE exploits, and that they can save money on their new machines
by not paying the Microsoft Tax since FF will run on Linux. Somehow
the thought of saving some $700+ (OS + Office) on multiple machines
and not worry about the myriad worms/trojan/viruses that infect
WIndows systems, makes for a rather convincing sales pitch =P

Not sure how things are in your part of the world, but here in the US
Windows/IE is _the_ standard corporate setup, and some places wouldn't
even allow to dl Firefox without a written request from the supervisor
(or supervisor's supervisor!!!). Or maybe that's just the employers
that hire folks like me - a *nix shop has no need in MCAD
;-)

Nor do they need to bang their heads on the table like one of my
clients did when they got Vista and found that one of their critical
apps does not work. Ironically, it was specifically IE7 that didn't
work with it

I know that one - broke many ajax scripts when IE7 came out
<script language="javascript">
var isIE=false;//initially assume Moz/FF
var request;
if(window.XMLHttpRequest)
{
//will execute in IE7 but not IE6
///resulting in wrong branch later!!!!!
request = new XMLHttpRequest();

if(request.overrideMimeType)request.overrideMimeType('text/xml');
}
else if(window.ActiveXObject)
{
request = new ActiveXObject("MSXML2.XMLHTTP");
isIE=true;
//means: dealing with MS IE,
//but doesn't come here in IE7
}
//some code follows with separate branches for FF and IE

As mentioned, your stats are outdated.


I would, it means I would have to learn to develop for TWO browsers
IE6 and IE7, instead of one, FF. Plus, I can't tell clients I'll have
to charge extra to make the site work with IE =P


And any such exploit would be plugged within days, rather than the
weeks it usually takes for Microsoft.

Dear L.Angel,

You seem to know FF in-depth. Could you help me on this one?
I need to make a dropdown box
<select onkeydown="return someFunction();">
execute on keydown custom code and _not_ do default behavior (change
selected option). In IE it's one line solution: return false; ditto
in Opera. But in FF nothing seem to work, including preventDefault().
When I searched FF bug list, I came to the discussion about this one
starting in 2005 regarding this behavior being a bug or a feature -
hence my passage above (sorry can't remember the url, it should be
saved on my work box that I can't access now).

I spent a day trying to make FF work, and then was told by the boss to
basically screw it, leaving FF users without this convenient, but
admittedly non-core functionality. However I'd really like to find
out if the thing is doable at all. Also wouldn't be bad to surprise
the boss with the solution ;-)

Great thanks in advance,

NNN

 

[nobody]

You are claiming that being open-source makes it less secure?
Nonsense.

Why? It's much easier to figure out what's going on dealing with
source code rather than with compiled dll. If it's true for software
development, one can assume it's also true for hacking.

NNN

 

[The little lost angel]

Not sure how things are in your part of the world, but here in the US
Windows/IE is _the_ standard corporate setup,

Same here, until we get to them anyway =P

and some places wouldn't
even allow to dl Firefox without a written request from the supervisor
(or supervisor's supervisor!!!). Or maybe that's just the employers
that hire folks like me - a *nix shop has no need in MCAD
;-)

Like I say, I'm only a 2bit programmer, I deal with small businesses
with at most 100 staff members. Most of them don't have very strict
controls on their systems, which gives the boss headaches, so when we
come in and tell them about the benefits of limited user accounts,
limited selection of spyware, viruses and what not to choose from,
quite a few are more than happy to let us convert their browser to FF
and where possible, the OS to a Linux distribution if none of their
critical apps are dependent on it. Usually they are still left with a
number of Windows machines for accounting software and such. But over
time, as we port things over, the reliance and necessity to pay
Microsoft decreases.

You seem to know FF in-depth. Could you help me on this one?

I don't know FF in-depth, I make end user applications, not browsers.
And unlike men, I don't have an innate need to puff up my importance
=P I'm probably unlikely to help you.

I need to make a dropdown box
<select onkeydown="return someFunction();">
execute on keydown custom code and _not_ do default behavior (change
selected option). In IE it's one line solution: return false; ditto
in Opera. But in FF nothing seem to work, including preventDefault().

I'm not sure what you are trying to achieve here, pardon me being the
village idiot in csiphc. Are you trying to do something like this:
user select the <select> box, tries to arrow key down, instead of
changing the selected item, do something else like pop up a box saying
"Sorry, you're not allowed to change the selection or select using the
first letter." ?

 

[Gordon]

Why? It's much easier to figure out what's going on dealing with
source code rather than with compiled dll. If it's true for software
development, one can assume it's also true for hacking.

Which presumably is why Linux machines almost never get hacked? Explain that
one then.

 

[Sebastian Kaliszewski]

Why? It's much easier to figure out what's going on dealing with
source code rather than with compiled dll. If it's true for software
development, one can assume it's also true for hacking.

Yeah... security by obscurity(tm). It doesn't work.

Simple: it's much easier to figure out where are the bugs and get rid of
them where there are hundreds of eyes reviewing the code insted of just a
few. Besides that, hackers have tools not known to general public and not
familiar event to vast majority of developers. Hence the difference for them
is much smaller that for general developer community. Loss of many reviewing
eyes is much more significant than gain from obscuring things (things are
nor much obscured for experienced hacker anyway).

rgds
\SK

 

[nobody]

I'm not sure what you are trying to achieve here, pardon me being in csiphc.

You need no pardon - you are not 'the village idiot', though have to
mention that there are quite a few persons around with better
qualifications for the Idiot position ;-)

Are you trying to do something like this:
user select the <select> box, tries to arrow key down, instead of
changing the selected item, do something else like pop up a box saying
"Sorry, you're not allowed to change the selection or select using the
first letter." ?

OK, it's a grid (think Excel). The <select> sits inside <td> and has
focus. Enter key toggles it between edit mode (has a red-hot frame
around) and navigation mode. In Edit mode the arrow keys cause
selection change (default behavior). In Navigation mode the arrow keys
must cause the <select> to disappear and another <select> (or <input
type="text"> - depends on too many conditions to list) pop up in
adjacent <td> and get focus. The same happens when clicking the <td>
other than the highlighted one. It's not my design - this is how the
existing desktop app works, and the boss wants to reproduce it in Web
app, feature for feature, and preferably pixel for pixel, without any
noticeable app responsiveness loss(uh-oh!!!)
The problem in Firefox: the selection on the <select> that is about
to disappear (that's easy - style.display='none') also changes,
resulting in onchange event triggering ajax script and changing data
on the server. IE works like a charm. The "solution" for now -
keyboard navigation disabled in FF, the mouse should suffice. However
I'd like to provide the same experience for all users, without
discrimination by browser.
If you have any idea, please let me know. As I mentioned, neither
return false nor preventDefault() works for me. Any help will be
greatly appreciated.

NNN

 

[The little lost angel]

OK, it's a grid (think Excel). The <select> sits inside <td> and has
focus. Enter key toggles it between edit mode (has a red-hot frame
around) and navigation mode. In Edit mode the arrow keys cause
selection change (default behavior). In Navigation mode the arrow keys
must cause the <select> to disappear and another <select> (or <input
type="text"> - depends on too many conditions to list) pop up in
adjacent <td> and get focus. The same happens when clicking the <td>
other than the highlighted one. It's not my design - this is how the
existing desktop app works, and the boss wants to reproduce it in Web
app, feature for feature, and preferably pixel for pixel, without any
noticeable app responsiveness loss(uh-oh!!!)
The problem in Firefox: the selection on the <select> that is about
to disappear (that's easy - style.display='none') also changes,
resulting in onchange event triggering ajax script and changing data
on the server. IE works like a charm. The "solution" for now -
keyboard navigation disabled in FF, the mouse should suffice. However
I'd like to provide the same experience for all users, without
discrimination by browser.
If you have any idea, please let me know. As I mentioned, neither
return false nor preventDefault() works for me. Any help will be
greatly appreciated.

Sounds like an interesting problem, I'll try to look at it if I
remember to and have the time to later this week. I do have paying
clients to look after first! =P

 

[Robert Myers]

ssh login works fine for cygwin under windoze; and the login is
independent of which user has control of the console. My experiences
with VNC have been all bad (haven't used it for a long time, though).
I haven't played around with doing windozey stuff from cygwin, but
I'll faint if it hasn't been done.

Like most windoze users, you want unix power with windoze lights and
color. ;-).

Robert.