Slashdot Mirror

← Back to Stories (view on slashdot.org)

NX Compression Technology To Go Closed Source

Posted by timothy on from the thanks-anyhoow dept.

An anonymous reader writes "NoMachine has sneakily revealed it is closing its source of the NX compression technology with NX 4.0: 'This release marks an important milestone in the history of the company. Version 4.0 of the software, in fact, will be only available under a closed source license.'"

9 of 286 comments (clear)

  1. Sneakily revealed? by RAMMS+EIN · · Score: 5, Funny

    "NoMachine has sneakily revealed..."

    That's quite remarkable.

    --
    Please correct me if I got my facts wrong.
  2. New? by RAMMS+EIN · · Score: 5, Informative

    Perhaps I don't remember it right, but in my recollection, NoMachine has always been a bit possessive with their (definitely impressive) technology. To the point that lesser alternatives have continued to be used and even developed.

    --
    Please correct me if I got my facts wrong.
    1. Re:New? by Trepidity · · Score: 5, Informative

      Well, they previously opened under an "open source it but make the open-source version a pain-in-the-ass to use" business model. You got a random code dump that wasn't even buildable. However, there was code there, and it was possible to fix it up, which is what the FreeNX and OpenNX projects did (along with adding a few things). With no GPL release of the core libraries, it's no longer possible to even use it as a base for a cleaned-up open-source release--- either projects will have to independently develop a fork of the previous version, or come up with something else.

      --
      10 PRINT CHR$(205.5+RND(1)); : GOTO 10
  3. Missing explanatory link in summary by Anonymous Coward · · Score: 5, Informative

    Here is an explanation of what NX compression technology is.

  4. Re:Buried in tl;dr by Monkeedude1212 · · Score: 5, Funny

    The problem with trying to hide something in a tl;dr changelog is that Someone - somewhere - WILL read the change log, and likely make mention of anything out of the ordinary on their blog.

    In fact - I went to renew my Xbox live Gold membership a month ago or so... And they said that the terms and conditions of the service had changed since I last was on Gold. So I decided I would read through them. However - to continue this anecdote and help explain why it might be remotely funny - is that I had previously set my regional settings of my Xbox to Spain, and language to Spanish - so that when I got achievements in Halo 3 they came up as a different language. It's true, you can go and change it to like, Korean, then get some achievements, and no matter what language you go from there on out - they will come up in whatever language you achieved them in. I did this for a while, finding it to be of great amusement when someone new came over to my house and just happened to look at which achievements I had.

    Anyways, so this ended up backfiring on me because the EULA and TOC of Live was now in Spanish, but I thought perhaps there was English at the bottom. However, there is no fast scroll when looking at the TOC - its very slow and you have to hold the analog stick down. To my dismay, there wasn't English. Afraid that going next would Mean I accepted to terms I didn't actually agree too - I quickly pulled up my computer and typed it in verbatim the entire thing into Google Translator.

    If you've ever tried reading legalese in a language you do not understand - I highly recommend you NEVER EVER try it. Even after going through an internet translator you still will have no idea what the heck they are saying.

    In hindsight I probably just should have not accepted the terms, gone and changed my language settings, and then gone through it - but I guess that seems obvious now, it didn't back then.

  5. Er... by Michael+Hunt · · Score: 5, Informative

    The reason that the "core" bits of NX were always Free is because dxpc (and, thus, mlview-dxpc, from which NX sprang) is only available under the GPL.

    If i was involved in dxpc (or mlview-dxpc, really, although I'd imagine most of those changes are owned by the NX folks) development I'd be lawyering up at this point, if only to get some kind of proof that I wasn't being ripped off.

    --
    You're doing it wrong.
  6. Re:Buried in tl;dr by TheLink · · Score: 5, Funny

    Anyways, so this ended up backfiring on me because the EULA and TOC of Live was now in Spanish,

    Nobody expects the Spanish interpretation!

    --
  7. Re:The more reason to use something else. by sl3xd · · Score: 5, Interesting

    I've never seen NX perform as well as VNC - espescially Turbo/Tiger VNC with VirtualGL.

    If you're doing remote 3D/scientific visualization, Turbo/Tiger VNC and VirtualGL is far and away better than NX. I've gotten 20 fps for 1280x1024 3D graphics -- over a 2 Mbit connection. VirtualGL/TurboVNC can also handle clusters of GPU's (ie. many nodes, each rendering part of an extremely complex image). The final screen buffer is then tunneled over SSH. It's amazing, frankly, to have some-odd 16 or so GPU's rendering a hellaciously complex 3D scene, and then it gets sent over a tiny pipe using TurboVNC & VirtualGL, and is then displayed on a netbook with very usable frame rates.

    I didn't believe it was possible until I tried it myself. Recall you can stream a movie at close to DVD quality at 2 MBit; so I guess it's not that unbelieveable after all.

    NX, in comparison, couldn't even start glxgears.

    you don't need any special ports open, just SSH

    SSH is all you need for anything. It's port forwarding and tunneling capabilities can be used for anything that uses TCP/IP - NFS, VNC, Samba, HTTP, video games - anything.

    NX does the same thing - it uses SSH port forwarding & tunneling; it just handles it transparently for the user.

    This is hardly unique to NX, as many VNC implementations also uses SSH transparently for the user.

    And it's been pointed out - there isn't a major platform that VNC doesn't support.

    --
    -- Sometimes you have to turn the lights off in order to see.
  8. Re:The more reason to use something else. by phtpht · · Score: 5, Informative

    the NX login requires a password regardless, I assume for security measures

    Ouch. Getting your password transferred to & used at arbitrary locations is hardly more secure than the challenge/response PK schema in which your secrets never leave your computer.

    IMO the reasons behind this are merely laziness/incompetence on top of bad design.

    I personally am cool with that

    I am not. First of all it is un-secure to enter your password somewhere without really having control of where it goes.

    Second, it is a pain in the ass. Even if you use PK for all your ssh access you will have to maintain a password just for nx sake. Come on in the year 2010 (or 2011 for that matter) it is totally idiotic to use ssh with passwords for normal daily jobs.

    That's why NX made its way out of my door very shortly after trying it out.

    If you want to know the whole story then read on.

    What really happens with NX is that your client first opens a ssh session to nx@server - this session uses PK auth. Unfortunately the private key is well known, as it ships with a default one and almost noone bothers with replacing it (in fact it is not advised - lol). That means anyone in the world can open that connection to your server and get authenticated and proceed to step 2.

    Coming to step 2 after logging to your server as user nx the nx server program is launched. This program actually manages translating the X window protocol to the nx protocol - all the "compression" and stuff. It will set up a DISPLAY variable to point to itself and then launches ANOTHER ssh to you@localhost (localhost being the server). That's where your password comes in.

    After that X applications (usually the whole desktop) can be launched under your account, they are going to talk to the sshd spawned by ssh @localhost, where the X protocol is encrypted and compressed, shortly afterwards decompressed and decrypted by the nx server running the ssh command, then translated to nx protocol, encrypted and compressed again through the ssh session for user nx all the way to your client pc where finally decrypted, decompressed, translated to X and displayed on your screen.

    As you can see the weird part here is the user nx running the nx server. It is technically absolutely possible to avoid at all this step. The nx server could be easily launched on behalf of the user with the applications spawned from there. IIRC the introduction of the nx account is something as ill as licensing.

    Even with the nx account present it is totally irresponsible to leave it protected by well known PK, for the sake of making the installation & deployment 2 clicks easier. The impact is that anyone can launch a nx server on your server. They claim it is secure - hah. At the very least you can start brute forcing passwords for local users, at the other extreme you can find a neat hole to hijack the process and make your way in to the system. Combine with the knowledge of some kernel loophole and you can start scanning for nx enabled systems all over the internet with satisfaction guaranteed.

    And even with the ssh@localhost weirdness it is feasible to use PK auth, either by use of ssh agent or some sort of channel forwarding. But no, that's not supported, because...

    ... enter the customized ssh client shipped with nx which one of the steps involves. Being customized it is never kept up to date so say goodbye to features and say welcome another lot of security holes.

    And finally when I read the forums about the open source client wondering if all this mess was fixed at last, I found out that it wasn't/won't - for COMPATIBILITY reasons.

    Sad story.