Slashdot Mirror

I use a number of different 'thin client' type protocols on the networks I administer - X is a good protocol, but not very 'thin'. It doesn't work very well over long distances. On our Lan we have a number of X-terms that connect to DGUX servers, all of which can open a windows NT session on a box running Windows NT Terminal Server with Citrix Metaframe(sure, it's Windows, but get over it - users want Windows/Office). Additionally, we have PCs, Macs, and NCD ThinStar WinCE terminals. All can run the same applications, in many cases much faster than they could on their own machine. Plus, it really saves you money in the long run, because most users don't really use all the power a regular PC can offer, except in brief bursts. Maybe 10K for a huge server, and then any piece of crap can connect to it - instead of spending 1K for every person in the office.

Although WTS is a bitch to configure, once it's there, it works really nicely. Citrix ICA is an excellent protocol - it has clients for windows, mac, linux, solaris, java, etc, and can even be used over a modem, with encryption, with acceptable speed. People with the terminals as clients are easy to take care of. They won't screw up their machines, and if something goes wrong with it, we just pop in a new one and they're back online. Of course, Windows Terminal Server is pretty obscure at the moment, Windows 2000 will support terminal serving capabilities as well.

If you want multiplatform thin client capability, the names you need to know are NCD, Citrix, and Microsoft. VNC is an open-source alternative that works fairly well(although it is far slower than citrix), and supports almost every known platform. Although it has no built-in encryption, it can be tunneled through ssh relatively simply. It has fewer requirements than X, and shows good promise for the future. By the way, they needs more good developers - go to the site.


-lx

I use a number of different 'thin client' type protocols on the networks I administer - X is a good protocol, but not very 'thin'. It doesn't work very well over long distances. On our Lan we have a number of X-terms that connect to DGUX servers, all of which can open a windows NT session on a box running Windows NT Terminal Server with Citrix Metaframe(sure, it's Windows, but get over it - users want Windows/Office). Additionally, we have PCs, Macs, and NCD ThinStar WinCE terminals. All can run the same applications, in many cases much faster than they could on their own machine. Plus, it really saves you money in the long run, because most users don't really use all the power a regular PC can offer, except in brief bursts. Maybe 10K for a huge server, and then any piece of crap can connect to it - instead of spending 1K for every person in the office.

Although WTS is a bitch to configure, once it's there, it works really nicely. Citrix ICA is an excellent protocol - it has clients for windows, mac, linux, solaris, java, etc, and can even be used over a modem, with encryption, with acceptable speed. People with the terminals as clients are easy to take care of. They won't screw up their machines, and if something goes wrong with it, we just pop in a new one and they're back online. Of course, Windows Terminal Server is pretty obscure at the moment, Windows 2000 will support terminal serving capabilities as well.

If you want multiplatform thin client capability, the names you need to know are NCD, Citrix, and Microsoft. VNC is an open-source alternative that works fairly well(although it is far slower than citrix), and supports almost every known platform. Although it has no built-in encryption, it can be tunneled through ssh relatively simply. It has fewer requirements than X, and shows good promise for the future. By the way, they needs more good developers - go to the site.


-lx

Or try VNC, free way to remotely use windows from unix, or vice versa. http://www.uk.research.att.com/vnc/

Microsoft does have a product that allows remote admin of a windows machine. It can hide itself so that there is no visible sign of it running from the console. I believe that is it called SMS. The cDc used this as a rebuttal to anti virus vendors putting bo2k in their databases. I would get you an URL but www.cultdeadcow.com seems to be suffering from the /. effect right now.

You could also consider VNC or Norton's PC Anywhere to be hacking tools because they allow remote access to a computer. Since VNC is GPLed anyone can remove the icon that appears on the system tray to make it effetivley invisible to the user.

You may want to take a look at VNC. Let me see if I've got the link handy... AH. here we are. Kind of like a PC-Anywhere/Screen thing for X. Take a look, I was VERY pleased, even though it's slower than penguin-poo over a slow connection.

Enjoy!

I guess you could write everything in Java and use the CORBA support Sun's added.
You could also look into free (and GPLed) ORBS like ORL's (now AT&T Labs) omniOrb.

On NT I always use D/COM+ simply cause it's reliable (laugh all you want - it's true) and ubiquitous.
That all being said. I still primarily use sockets for cross machine communication and only use COM for IPC and inprocess componentisation.

not really.

We have to assume that the person isn't using encryption, because wiretapping an encrypted line is rather pointless.

So we are talking about unsophisticated users (and whether or not the would-be targets are sophisticated is another story altogether, which if anyone bothered to listen to me, we'd discuss first). Unsophisticated users will typically have one connection to the internet, and not do any fancy tunneling to a crowd.

So there is one very obvious place to place a tap -- the isp. IMHO, any nation that wants to wiretap its digital populace should just require ISPs to provide law-enforcement the ability to selectively tap users. This would be a much more localised solution than working the requirements into an RFC.

The company I work for develops and sells a patient records and practice management software package. Our security requirements are downright freaky. FULL DISCLOSURE: Yes, it runs on NT, but, when done right, you can secure an NT network.

1) No outside connections unless they come through our firewall. Period. We do not have a dial-in system, and our ISDN links to doctor offices are password protected three times (router, VPN authentication, user password). Yes, we have Internet access, but only certain people have access to it, and it is logged as well.

2) If you are not using our machines with our software, no network link for you. We have two doctors who have a home link. They come in, using NT systems configured separately from their home machine, owned by us, through a VPN tunneling link using 128-bit encryption. Slow as hell, but its secure.

3) Every action is logged, right down to checking a patient in or out. Our logging database takes up its own 12G hard drive, and is backed up to tape every night, along with the rest of the system.

4) Database security: Every user has specific access rights which cannot be changed by anyone but our administrators (duh). They are finely grained, down to controlling which functions in what applications can be performed.

5) No FDD access at all, nor data dumps, from user applications. It is not possible to get a raw data dump from our system without us knowing it (and doing it). This is analogous to the credit reporting agencies' systems. You may can get one or two patients before someone notices you're not supposed to be at another person's machine, but you won't get them all. Oh, and this also prevents installing any software but ours (no CD-ROMs, either, and network-based installs are only accessible to administrators).

6) Network based anti-virus protections: You will run our anti-virus software (as well as remote control software using AT&T's open source VNC program) with virus definitions updated nightly.

See? Life's not so bad, as long as its done right.

Bandwidth isn't great, at 9600 or 14.4k depending on your carrier, but it's more than functional.

Once you're online, you can use ssh or vnc to work on a box. I've had only minor difficulty ssh'ing into a unix box and reading my mail with mutt. I still haven't really seen the usefulness of vnc in a 160x160 window, but it exists and it works.

Useful links:
Wireless Connections for Nokia 51x0/61x0
Top Gun ssh for PalmOS
VNC
And of course, ssh, because only morons use telnetd

My nominations are:
Brian Paul for the excellent crossplatform OpenGL compatible graphics library MESA. It provides a real alternative to commercial OpenGL and gives Linux a competitive 3D language.

The Olivetti Research Laboratory (now at AT&T UK) for a program I use every day - VNC. This program is used for remote control much like PC Anywhere or even X-Windows and it runs on Unix and Windows. Clients for Unix, Win, Mac and Java.

If you want to see animated GIFs of a real neural net that recognizes handwritten digits, go to this page at AT&T Labs. This NN is built into check reading machines used in several bank in the US.

Many people have built NN chips (the first ones were built by AT&T around 1986), but none were commercial success.

NN chips went from purely analog with special fabrication technologies (1986), to purely analog using standard CMOS technology (1988), to mixed analog/digital (1991), to purely digital (1996), to oblivion. The impact of all this research can be found in such things as the MMX instruction set, and parallel DSP chips.

Neural Net hardware used to be a big thing at neural net conferences back in the 80s. Now it has all but disappeared.

While they are at it, they could extend an existing browser to storing the user specific data on the card as well. This way, you could just walk up to any terminal that supports this feature (and remember, they give the card reader away for free), insert your card and off you go surfing with all your bookmarsk, cookies etc. AT&T Labs who developed VNC used a technology like that to make your home session appear on any terminal you walk by in their office. Cool.

Forget messing with the hardware and try a remote control app such as VNC(Virtual Network Computing) or PCAnywhere. I have used VNC to keep tabs on/control a machine on the other side of the building with an old 25MHz 486 and it worked out great.

Indeed old boxen == good xterminals.
The "dummy server" you talk about exists in the form of VNC. However, the client requires MS-Windows or another X server (perhaps Xappeal??)

It depends upon what you want to do. The basic problem you face here is that NT assumes single-user. If you don't want to use Terminal Server then you *will* need 5 copies of NT going. But here are some options.

If you really want to be able to throw the desktop remotely, look at VNC.

If the application that you are interested in can run on Linux (or has a Linux-friendly replacement), you can cheerfully install the application on one Linux box, run multiple copies of VNC server, and get the capabilities of NT Terminal Server with Citrix MetaFrame with the only software cost being the cost of the application. And your uptime will be better, bandwidth usage will be lower, and the result can be used from your choice of OS.

You don't even need VNC if you are willing to use it from a client that runs X-Windows. Any window can be thrown elsewhere. In a Linux environment *every* machine is the equivalent of NT Terminal Server. But unless you install software locally, Windows will not act as a client.

VMWare in Linux is mainly useful for dealing with a mixed Windows/Linux environment. With VNC you can throw a window elsewhere. However it will show up as a window containing Linux desktop within which you have a window whose contents are the NT machine. Can you say "blech"? For that set-up I would suggest using straight VNC on NT (unforunately you will then pay hardware rather than software).

Of course, as I mentioned before, in an all-Linux environment you would have had this functionality without needing additional software or multiple machines.

Regards,
Ben

Okay so actually I do run X, but only over VNC. If the connection fails (modem hangs up, isdn brainfart, cable modem block sync failure, whatever) I can just reconnect and all my programs will still be running. That for me makes all the difference between a usable system and an unusable one. I mean, it takes long enough for my desktop to load over a slow link (even with LBX), having to restart all my programs too is just too much. VNC fixes that fine and as a nice bonus it can also share Windows desktops. Clients are available for Unices, Windows, Mac and Java, so given half a web browser there's really no place you can't use it from. And it's just a snap to set up, compared to X' security, and probably more secure at that, at least authentication is encrypted. It's relatively speedy too, using compression by default, and to top it off the source is available.

If you don't know it, here's the link to VNC> . I am completely in love this program. What does this have to do with X? Well, even though X may be a whole different beast from a design point of view (VNC just transfers images from the frame buffer, no remote graphics calls), VNC through its pervasiveness and ease of use is much better at showing just how useful networking computing really can be. It also highlights some of the biggest problems with X (or at least some of mine).

The reason I'm awake right now is because a flaky NT server stopped responding, and I got paged at 5:20 AM. Rrrr.

Have you considered that maybe, just maybe, NT *does* suck?

P.S. Thanks to VNC, I didn't have to drive downtown, and sit at the console to recover. Why didn't Microsoft think of that?

--
Interested in XFMail? New XFMail home page

Lucent used to be Bell Labs (sort of). Bell Labs used to be part of AT&T (sort of).

Lucent used to be part of AT&T, and so did Bell-Labs. When Lucent split from AT&T, it took Bell-Labs with it, as its research division. AT&T's research division is now called AT&T labs.

bell-labs
AT&T labs

--ac

VNC is not secure. They even say themselves "Once you are connected . . . traffic between the viewer and the server is unencrypted, and could be snooped by someone with access to the intervening network. We therefore recommend that if security is important to you, you 'tunnel' the VNC protocol through some more secure channel such as SSH.

VNC - http://www.uk.research.att.com/vnc/

Yes you can. You can start a WinVNC server! :-)

Although not an X server, VNC is a GPL'ed remote control software which should have enough functionality for most tasks. It's availibility on different platforms makes it a very useful tool.

Although not an X server, VNC is a GPL'ed remote control software which should have enough functionality for most tasks. It's availibility on different platforms makes it a very useful tool.

I use a Libretto 100CT with RedHat 6.0 and KDE, which has a little widget which interfaces with the apmd to do suspend to disk. This means restarting the machine takes about four seconds. To make this work you have to create a 70Mb partition at the end of your hard disk and leave it alone, but that's not a hassle.

Getting Linux onto the machine was not entirely straightforward. There are a couple of good howto pages on the Web:

• Linux on the Libretto 100CT
• RedHat Linux 6 on a Toshiba Libretto 100CT
• Linux for Toshiba PCs

Go download it.

Have you checked out VNC? It was actually designed for remote access, and I know there is a windows server and I am almost positive there is a Be client [maybe BeDepot, it isn't up on the vnc download site](though it will work in a java-enabled browser, anyways). It might be a better solution with all the coding taken care of for you.

Well, at my lab most of us use our PCs, Linux boxes, Macs etc chiefly as VNC terminals to our real work running somewhere on the network....

But we may be biased in that direction!

• In the Security HOWTO;
• RPMs at replay.com;
• Matt Blaze's developer-oriented announcement message;
• And something called TCFS that claims to be an ``improved'' version of CFS.

There is something notable missing from all of these pages: simple, easy-to-follow instructions on how to install and effectively (and securely!) use a file system like this.

From the dearth of documentation, I get the feeling that this has only ever been attempted by file-system gurus, which means that I wouldn't even want to consider attempting it, because reformatting my disk and reinstalling the system is not something I look forward to.

Here is what I would like to end up with:

• I power on my machine;
• Early in the boot process, it prompts me for a pass-phrase;
• If I don't type the correct one, the machine is useless, and all non-trivial data on the disk is encrypted;
• If I do type the pass-phrase, the machine boots up normally;
• When I put the machine into suspend mode, it again prompts me for a pass-phrase when I try and un-suspend. If I don't type it, the machine remains effectively halted until I get it right.

Is this dream even remotely realizable?

Basically, the situation I want to protect against is simply that of the laptop being stolen while I'm away from the keyboard -- whether it is powered on at the time, or powered off.

The problem here is that the usual crypto-heads are the types who use ssh and pgp and are already used to having to perform nontrivial system-administration tasks to get things up and running, and who don't mind wading through a command-line alphabet soup to do simple tasks, all day long. What we need is someone who is both a crypto-head, and who understands that their agenda is best served by taking the time to make this software be drool-proof.

It doesn't matter how good the math is if no real users are actually using it. Crypto is only effective if widely deployed. If not, those few who use crypto stand out for targetting.

...what is going to drive comapnies to release software for linux if someone just goes out and copies what they are doing?

Who cares?

If you want to play with proprietary software, and you don't mind paying the money, buy a proprietary Unix--the majority of any open-source Linux-based software will run on just about any other Unix/Unix-like0 system (there's even a movement to make the other Unixes use Linux binaries), and possibly with more stability1. What's your reason for using Linux-based GNU, anyway?


Footnotes:
0. Try U/WIN, too, along with one of the MS-Windows-based X servers.
1. While I've experienced less than 3 Linuxy system-crashes in the past year+, Linus says that Linux isn't as stable as some of the proprietary Unixes.

This is what VNC was based on. When ORL (Now owned by AT+T) made it, it was for a very simple portable computer. The system was called Teleport

So how is the situation _better_ than this? First, these advances only apply to public-key encryption, not secret-key encryption schemes like DES. Second, quantum mechanics also opens up new possibilites for key exchange that were not available before. In particular, quantum mechanics can be used to distribute random key material for a one-time pad over a public medium. There's a good overview of the process in the Oct. 1992 Scientific American, but the main idea is this: Quantum entities (photon, electrons, fundemental particles) change when observed. Therefore, someone can send out the random key material in the form of a stream of photons, and the reciever can tell if they were observed in transit.

This is a Good Thing, cryptographically speaking, because one-time pads are proven to be _unbreakable_. Furthermore, this type of key exchange has already been one, over distances as long as 30km (I believe).

So quantum computing would change things, certainly, but it's not the end of the world.

(For those interested, Schneier's _Applied Cryptography_ and the _Handbook of Applied Cryptography_ by Menzes, van Oorschot and Vanstone are good general references. As mentioned above, the quantum key distribution method can be found in Scientific American, Oct. 1992. Peter Shor's home page is here. There's lots of information on quantum computing on the web, but a good place to start is here.)

MacOS X does support remote-hosted programs, but the remote host has to be running MacOS X, too. (actually, OpenStep and NeXTSTEP would probably work, too.)

There will be X servers for MacOS X. NeXTSTEP certainly had one.

As far as remote-hosted Windows, there's always VNC, which will let you view and interact with your Windows 95/98/NT (or Linux) box on another machine, be it Windows or Linux. It even has a client written as a Java applet. It doesn't support multiple logins or anything for Windows -- just interacting as if you were at the console. It is GPLed.

[disclaimer: i'm biased]

DjVu really is 4 compression formats in one.
- IW44: state-of-the-art wavelet-based continuous-tone image compression method. It's
similar to what JPEG2K will be, but it's available now, with source code, and without patent restrictions if it is used in OSS projects.
- JB2 lossless: a compression technique for "bitonal" images (i.e. black&white, no grayscale).
Very efficient for scanned pages of text
- JB2 lossy: lossy version of the above (smaller file sizes).
- DjVu: a "layered" image format where the text and drawings are coded with JB2, and the backgrounds and pictures are coded with IW44.

IW44 is the thing that should be compared with JPEG2K. It's progressive, and cheap to decode (no multiplications required, unlike many other wavelet methods, and unlike JPEG).

As of now it doesn't support anything else than
RGB (really YCrCb internally, like JPEG).
Files are about a factor of 2 smaller than JPEG for relatively high compression rates, but they are only marginally smaller than JPEG for high-quality settings.

- One of the creators of DjVu

Can anyone here give us a meaningful comparison between JPEG 2000 and AT&T's DjVu compression, which is also supposed to be wavelet-based? Are these two similar, or are we talking apples and oranges?

Also, it was unclear in the JPEG2K article whether the new image format maintained the current distinction between compression and file format. Currently most "JPEG" files use a format called JFIF, but the file format and compression are separate -- so the file format can be used to store information other than the image, or could be used to store images compressed with other compression algorithms. Conversely, you can have JPEG-compressed images stored in other file formats. Some digital cameras like the Kodak DC-260 do this -- use JPEG compression but not the JFIF file format.

Anyway, that seemed like a good design, but it seems clear that the new JPEG2K requires both new compression (wavelet) and a new file format (for multiple channels). I hope they manage to keep the two separated as in the original JPEG.

--JT

When AT&T (my employer until last week) bought the UK-based Olivetti Research Labs (www.orl.co.uk), they became the proud owners of several pieces of GPL software. Most notably VNC -- Virtual Network Computer software -- which is software that provides multiplatform x-like remote control of a system.

Development continues under the GPL at these new AT&T aquisitions, so the GPL already has its foot in the door in the form of very new, very modern software. This fits very nicely with AT&T's historical code-sharing, and imho their release of new software from other parts of the company under even a semi-GPL-like license bodes well for the future of AT&T's participation in GPL efforts.

(Check out VNC -- I find it quite ironic that the one essential piece of utility software that makes Windows NT somewhat acceptable to run in a datacenter is developed under the GPL.)

Jon

This is what I sent to AT&T using their Feedback page. If you agree, you could let them know, I suppose they'll consider these ideas more if more people tells them about them.

I have not read the AT&T Source Code License, but I just wanted you to know that, in my opinion, you should drop it and try to find an already existing license that suits your needs well. The hacking community does not see with good eyes the creation of new "open source" licenses other than the already existing, such as is the case with the Netscape's Public License or the Apple Public Source License.

Besides, I suppose it probably doesn't suit your needs well, but if you had released your code under the terms of the GNU General Public License (GPL), developers could then incorporate any GPL'ed code distributed under to your software, greatly enhacing it (GPL'ed code includes Emacs, GCC, Guile, Linux (the kernel), WindowMaker, GNU Internet Utilities and much, *MUCH* more, particularly all GNU software).

For those who remember Bloom County, "Death Star" has a totally different meaning. I sugest you take a look at the AT&T logo.

I always think of AT&T when I hear of "Death Star" in refference to computing.

For those who remember Bloom County, "Death Star" has a totally different meaning. I sugest you take a look at the AT&T logo.

I always think of AT&T when I hear of "Death Star" in refference to computing.

According to the Jargon File, Death Star is a nickname for the logo of a certain telecommunications company..

Since you insist on making some stuff up; http://www.research.att.com/~bs/blast.ht ml.

Considering gtk+, do you really believe that C is better for this type of thing?

Throwing thousands of macros into your code to do typecasting is not only ugly and a waste of time, but also not nearly as safe as allowing the compiler to do type-checking.

Please back up your statement that C++ is somehow bloated. There is no theoretical reason (poor compilers notwithstanding), that applications would be somehow more bloated in C++ than in C.

In C, you would have something like this:

some_function_call_maybe_a_gtk_one( TYPECASTMACRO(some_struct_pointer), int parameter );

In C++, you would have, say:

some_class_pointer->some_function_call( int parameter );

These should compile to the exact same assembly (ie two parameters should be passed in both cases, the address of the struct/class, and the int.)

Dereferencing members of structs and of classes have the same overhead. The obvious exception to this would be virtual functions, which use a virtual method table. The vmt is constructed once, and function virtual function calls go through only one extra layer of indirection - almost negligible on today's computers, and by far worth the benefits it brings to the coder's ability to design code.

So only a bad compiler wouldn't generate efficient C++ code.

Sure if you start talking about exception handling your overhead increases quite a bit. But (a) nobody forces you to use it if you don't actually want that overhead, and (b) it isn't there at all in C, you gotta "do it yourself" there. You gotta weigh the pros and cons - if you're such an amazing C programmer that your programs will never need the extra layer of safety and/or ease-of-error-catching, then go with C. Most coders will admit, however, that no coder is perfect.

It is easy enough to produce inefficient code with C++ IF AND ONLY IF YOU HAVE A BAD DESIGN. Learning how to refine your OO designs properly can take years of practise (which can of course be counted against the language, or at least against OOP). And, of course, OOP in many ways forces you to do something that many C hackers aren't that interested in doing: PLANNING. I suspect this is one of the real reasons C advocates don't like OOP - you have to actually carefully think about your designs and plan them out BEFORE you start producing code. Shame.

Some things should also be kept out of "class wrapping", if for example repetition of calls amounts to too much overhead. (The use of QString in KDE's kmail program comes to mind - it is veeeery slow to show very long email attachments when it interprets the attachment as text, such as when getting the latest WINE update via email.) But once again this comes down to the design. The programmer should have thought "doing this will be too slow let's not use QString here". Note it is also easy enough to do a bad design here in C. Probably easier to fix it, though, in C.

I agree only with your first point, that C++ may be "overcomplicated". It has way too many little "fine points" and rules. It takes years to start truly nailing down and "mastering" C++, whereas C can be learnt in days, and "mastered" in a matter of months.

This is a weakness of C++, and in this way Java is a lot better. C++ becomes less accessible(sp?) to the masses because of this - fewer people know it well, and many people in a world where RAD is so popular don't have the time/energy to learn it all.

But I learnt C++ because I found it fun. And I really enjoy programming with it. I don't advocate it blindly - you should use whatevers best for each task. If you don't enjoy it, fine, don't use it. But please avoid spread of misinformation.

The kernel, I agree, should remain C.

AT&T also has an image format that compresses images smaller than jpegs. It produces images about 1/4 the size of jpegs. Its proprietary and looks like they're trying to make money off the tools to create them. Although they do have a plugin though for Navigator under Linux. The link is here
http://www.djvu.att.com