Slashdot Mirror
Extension To Chrome Brings Remote Desktop Abilities
CNET reports that as of yesterday, a new Chrome extension will "let a person on one computer remotely control another across the network." The new remote-desktop capability is in BETA (Google's all-caps version, for emphasis), but is said to work to control any OS from any other OS, so long as both sides are equipped with Chrome and the new extension. Related: Wired is running a profile of
Rajen Sheth — "father of Gmail," and now in charge of Google's Chromebook project as well.
Sounds exactly like something I want my web browser to be able to do. What could possibly go wrong?
This isn't going to be very useful if it requires a user to be already logged in to work.
If it lets the user login over the remote desktop connection, Chrome is going to need to be running as an Administrator.
I dream of a nation where a man is not judged by his skin color but by an number assigned by a credit rating agency.
A new security vulnerability has been introduced that will be marketed as a useful feature that rarely gets used for its intended purpose.
Yeah, giving your browser the ability to completely control your machine. Brilliant idea. No possible exploits there!
Microsoft already does this. https://devices.live.com/
-1 overrated isn't the same thing as "I disagree".
My first thoughts were equally redundant.
This can only be a useful alternative to existing tools like TeamViewer if and only if the Chrome browser itself becomes a truly ubiquitous browser, found on EVERY machine. Otherwise, what's the difference if one still has to install software on both systems to make it feasible? In this instance, it's actually two installations, given the need to install the extension as well as the browser itself.
I think you might be confused about what a firewall actually does. Without reviewing the product at all I'm just gonna go ahead and say "no." Not unless you punch a hole in the firewall at least. Making it so that hole can be on port 80 is something VNC can do as well that does *not* actually make it more secure.
its probably a system similar to team viewer et al but probably peer to peer in which case would probably work over https.
Something else that I just don't get with "technology" like this is how it's mistakenly seen as "innovative" because it somehow involves a web browser, although it's something we have been able to do for decades using other software.
This is basically the same as telnet, or rsh, or ssh, or VNC, or the many other technologies that do the same thing. Fuck, this is something we could even do in the browser years ago! I remember using a Java applet that let me connect in to computers at work using ssh or VNC. That was at least 10 years ago.
Which part of a computer cannot go wrong?
If the number one consideration was always "what could possibly go wrong?" we'd still be shitting in the bushes and wiping our butts with leaves.
If god didn't want us to take chances, he wouldn't have given us fingers to cross.
You are welcome on my lawn.
Does not sound like bloat one bit.
Because 20 years of getting raped over the internet is just not enough.
Seven puppies were harmed during the making of this post.
But can emacs do this? I mean "yet", of course.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Splitting hairs here a bit... but an outbound hole in the firewall is still a hole in the firewall.
Holes punched == vulnerabilities. Doesn't matter how you punch them. Certainly you're not suggesting this is more secure because it relies on letting a 3rd party entity control the traffic between your operator and your server?
Because the people (read: clueless lusers) we were trying to help years ago had no SSH or VNC server installed, nor NATed ports on their routers to make it work.
Now all (s)he needs is to have the browser installed, which (s)he might very well have already. It's very, very different, albeit not in a technical way.
Dilbert RSS feed
This makes Google's browser hostile code. It should not be allowed through corporate firewalls. On the browser front, progress has been made by giving parts of the browser that run external code less privilege. Sandboxing Flash and Acrobat Reader is progress. Mozilla's dividing of add-ons into a non privileged content script and a somewhat more privileged add-on code is progress. Putting an equivalent of Back Orifice into a browser is not.
The announcement says: the technology right now is limited so that permission must be granted each time remote administration is activated. How long will that last? Could be changed silently by a forced update? What if law enforcement wants to use it? Does the remote session run through a Google server? (The protocol is apparently based on Google Talk, which does.) How else do they get two clients behind DHCP routers talking to each other? Is the connection encrypted? Is it encrypted end to end, or is the server in a position to mount a man in the middle attack? Does Google commit contractually to not accessing your machine, or is there an EULA that says they can do that whenever they want to?
If you want remote desktop access in the corporate environment, there are management tools for that. They're usually locked down tightly, since they're inherently a security risk.
+1. The C.S.-101 catchphrase would be 'what is old is new again'. In a related vein, the computer developer in me was hit by Steve Jobs death, regardless of the fact that much of his modern fame involved not the main innovations, but rather polishing and driving them to market with a coherent vision (and the power that a deep bank account provides didn't hurt his odds either). I.e. the ipod was a brand of mp3 player, not a music playing device invention. Likewise this latest google gadget is a brand of console over network sharing solution, not the real enabling innovation itself. Though with google's drive, polish, and deep pockets, it may be the brand people remember for this solution space 20 years from now. Until some new innovator sees that they can glue bash+ssh+vnc together into whatever other thing to provide the same functionality, and if on a new enough platform, convince people that it is more innovation, than just 'what is old is new again'.
I think you might be confused about what a firewall actually does. Without reviewing the product at all I'm just gonna go ahead and say "no.
Actually, most decent remote support products these days (that is, all of them) get around that by doing outbound connections to a central "mediator" service, usually on port 80.
Firewalls are almost never an issue for remote connection software of this sort, unless they are doing DPI and specifically trying to block traffic of this sort.
Is this a fully JS extension,
If it is, its 19MB of javascript.
It actually sounds brilliant. Normally I have to direct victims to an attack site, persuade them to download the payload, and run it to allow me in (actually, I prefer to covertly install such agent). Think drive by download, social engineering attack.
If this works as advertised, it could make things a whole lot easier. Combined with the fact that Chrome can be deployed as an MSI, and extensions can be pushed and locked with GPOs, this could make identity theft much easier.
While I can see the appeal for tech support, any security hole in the browser could be creatively exploited, possibly even activating this capability as a brand new attack vector. It seems like a good idea, but remember that a malware writer might say something different......
To offset political mods, replace Flamebait with Insightful.
It seems obvious that horrible things probably will happen because of this, its only a matter of when.
To offset political mods, replace Flamebait with Insightful.
News at eleven.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Not since I met my wife.
You are welcome on my lawn.
http://www.technospot.net/blogs/block-chrome-extensions-using-google-chrome-group-policy-settings/
Ever have a customer that purchased your $30k services, you spend 2 weeks discussing how everything works and everything you'll need with them, you sign all the contracts/etc, then when you're ready to go you contact their tech admin to get Remote Desktop to set things up, and they strait out refuse to give you access.
Now, the customer also says that the only reason they are willing to get our services is because we told them we can have it running in under 1 week. From a legal standpoint, we would be fine, but from the customer's standpoint, we couldn't get the job done. No matter how much your try to tell them it's their admin's fault, the customer will still point fingers at you. Word of mouth is HUGE for us getting new customers.
Remote desktop via web browser.. I hate it, but sometimes it's the only way. This is quite common at my job.
Wiping your butt with leaves? What could possibly go wrong?
Evil is the money of root.
As an Archos Jukebrick fan myself, the innovative part that the iPod brought was bringing the technology to a functional level of convenience. The iPod was the first one that fit in your pocket.
I'm not going to be able to explain to my mother how to get an ssh server up and running on her machine. But getting Chrome installed with an extension? That I could believe.
The key is *enabling.* Twenty years ago, setting up an FTP based home file synchronization service was technically possible. But it was a huge PITA. DropBox automated everything with a simple single login. Similarly, simplifying VNC into something that everyone already has. That means that people who wouldn't have exposure to remote control, now do.
The ______ Agenda
Yeah, thinking like that is what gave us Melissa.
When you design software, you can either design with security as part of the architecture or not. Secure software designs still have problems, but it's the difference between a pinhole and a barn door.
Unix systems were much more secure than Windows systems for years (whether they are now is up to debate). The reason is that Microsoft had to take drastic measures over more than a decade to secure their system was because their architecture was never designed with security in mind. Unix didn't have the problem - as a multiuser system, security was part of the design, so replacing insecure pieces with secure components (think rsh -> ssh, crypt() to md5(), shadow, etc.) was much easier.
In order to have a remote desktop application be part of a web browser, you need to break the security of the browser and reach the base system. I don't know how the extension framework for Chrome works (I only use it for webcomics), but I would definitely think twice before installing something like this onto a piece of software that regularly communicates with untrusted data (which is primarily what a web browser does).
Those who can't do, teach. Those who can't teach either, do tech support.
With this google app, why pay for support when you may get it for free. My only concern is to question what it is that they capture between the two partners in a controlled session
Leslie Satenstein Montreal Quebec Canada
Me then: Hey grandma, go to this URL and download and install VNC.
Me now: Hey grandma, go to this URL and download and install Chrome.
Not seeing how the authentication works yet, I'm guessing VNC might actually be simpler.
In case you're wondering out it works around NAT on both ends.
FTA: "Bottom layer is p2p connection established by libjingle [a Google collection of peer-to-peer software tools], this can be UDP, TCP, or relay through Google."
In other words, at least one "client" needs to have a port forwarded from the NAT firewall. Otherwise, it will still work, relaying through Google.
How many more years will slashdot have an off-by-one error on your Score in your profile?
The source for the extension is available so this might be a good chance to create an open-source alternative to TeamViewer and LogMeIn.
http://src.chromium.org/viewvc/chrome/trunk/src/remoting/base/
Who describes that as a hole in the firewall? Apart from you, no one. Because it isn't a useful way to describe it.
Using the commonly-accepted terminology, remote desktop apps that don't use a central server for viewer and server to connect out to require a hole in the firewall on the server-side of the network.
"You can get all your work done on a Chromebook (small-print: if you VNC to a computer with a hard drive.)"
September 2011: Looking for Cocoa/iOS work in Boston area Cocoa Programmer Quincy, MA
VNC will need you to walk grandma through a reboot, through configuring VNC, through configuring a port on her router, and then through turning VNC server off afterward to close the security hole.
Chro-mote will just need her to download and run a program, and then visit a particular URL, and maybe read a number to you over the phone. The lack of router config I think, is the biggest win here ; people are used to links, but not arcane looking network settings. She might not even know which IP address her router is on, or how to access it's management interface.
I run a website for a small theater company. The audience is anything but technical. Yet 40% runs Chrome.
Dilbert RSS feed
"As an Archos Jukebrick fan myself, the innovative part that the iPod brought was bringing the technology to a functional level of convenience. The iPod was the first one that fit in your pocket."
I owned a rio800 in 2001. Not much longer or thicker than its power source, a AA or AAA battery (I think the former, but thats still smaller than a deck of playing cards, and probably half the weight). I still would prefer to be able to carry bog standard extra power cells like a AAA to power my player, though my current sansa clip+ running rockbox is pretty awesome. And from where I stand, apples innovation had absolutely nothing to do with the utility I get from my sansa clip+. Tell me, exactly which of their key innovations bridged the jump from the rio800 to the sansa clip+. I don't see any. I just see another brand, that yes, was quite usable. Good for them. But calling that "the first one that fit in your pocket". No. They were good, they put a lot of money and marketing into it, and the coherence of apple 'rounded edges' polished design. I actually don't even see any huge innovation by any one player. I would point to Archos amongst a select few if I really had to. Just because they clearly loved it, and wanted it so bad, they were willing to put some just-beyond-the-threshold-of-really-being-cool-and-usefull sized bricks out there. I owned one. But I couldn't jog with it. The rio800, I think I may still have the armband it came with. No, apple was just a brand and a lot of smart hardworking people. But there were lots of groups of those, and it wasn't about excellence of engineering innovation, it was about the fact that they could buy smaller competitors out without blinking twice.
I tried connecting to/from behind a squid proxy server at uni, and it doesn't work. However, TeamViewer works just fine. Guess this extension is using a non-standard port/protocol which is being blocked at my uni..
And then there was the iRabbit for wiping your butt with. Came in black or white. A major disruption to the butt wiping industry of the day.
The bikini - security through obscurity since 1943
Doesn't that mean that Chromebooks will be able to connect to real computers?
The Rio800 was a flash-based player. A solid one... I had a Rio PMP300 and 500 as well, and gazed longingly at the Rio 800's 128MB of space. But the original iPod had a micro HDD, up until then only used in photography, which started at 5GB of space. They definitely were the first to jump down from notebook hard drives to micro drives, in order to get a HDD based player into your pocket.
The signature scroll wheel is also easier to navigate large lists of songs with. And Apple was the first to integrate a real databasing system into song selection. This made it possible to choose songs by band, album, genre, year, etc, rather than just by folder. The Archos definitely needed that. And Apple got the music ecosystem behind them by having the first legal downloadable music store (that both encrypted and wasn't an afterthought by the company). While the programmers of iTunes deserve to be stabbed through the eye with forks, it really did help get the music industry behind portable music.
There were a lot of people out there in the MP3 who could buy out competitors without blinking twice. Microsoft comes to mind. Creative tried it. Sony, eventually. The iPod won because Apple took a niche technological gadget, and made a smooth, painless ecosystem around it. They made it accessible to a wide swath of people.
The ______ Agenda
I find these much more impressive:
http://www.thinvnc.com/index.html
http://www.ericom.com/html5_rdp_client.asp
Not the least because every Windows machine has an RDP server on it (that is very easy to enable in Control Panel even for a clueless casual user), and most Unixen are easy to configure with VNC.
I care chrome how to login remote OS and use what protocol to transmit date especial the passwd.
"The iPod won because Apple took a niche technological gadget,"
That is the key point of our disagreement I think. What you describe them doing to what you describe as a 'niche tech gadget', I would alternately call the blazing obvious happening to the blazing obvious mainstream device. There was nobody who in y2000 and much earlier, did not see that computer memory and processing devices were shrinking, and that as you could now have a music system in a PC size device, that eventually you would have one in a walkman size device and smaller. And that when that inevitably happened, all of the 'innovations' you ascribe to apple, would obviously happen. Its just predictable device shrinkage. Apple timed their entry into market extremely skillfully, leveraging their basic talented workforce, and basic large corporate economic and establishment resources. Then, in the machiavellian land of mega-multinationals, they somehow held their own against the likes of sony and microsoft. All well and grand achievements to be lauded. But if a terrorist had somehow assassinated every last apple employee in 1995, or 2000, I assert that the digital media player landscape today would look _pretty much exactly the same as it does now_. Because device shrinkage and market timing and big corporate politics, are not significant(eureka worthy)_innovation_.
The fallback is to use Google servers. Are there any guarantees Google can't track that data is some way? I don't know enough about how this works to have any idea what's technically feasible. If it is feasible, is this another one of those things where people will say, "Well, they're a private company. They can do anything they want"? Who's looked at this? What have they found?
That's a fairly minor wrinkle on the main one. Setting up browser control of OS may not be that big a deal on the tech supporter side. The tech supportee could be another story.