Announcement

Collapse
No announcement yet.

Open-Source HTML5 Terminal Emulator To Support X11

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by sarmad View Post
    Very interesting. So a supported browser is treating asm.js as assembly and compiling it in a way similar to assembly code? I thought the 'asm' part of the name is more metaphorical than actually referring to assembly.
    Something like that yes. I don't know exactly how it's implemented but I think
    it's the step "above" that IE. everything is in binary but don't have the actual
    architecture instructions which means the browser have to do one compilation
    before it can run it.

    Google recently released a benchmark suite called Octane 2.0 which includes
    one Asm.JS test (the zlib one). On my computer the results on that test are:
    Firefox (which have Asm.JS support): 35788
    Chrome (Without Asm.JS support): 12147

    So pretty good optimisations are made. Overall however Chrome beats Firefox.

    Comment


    • #32
      Originally posted by riskable View Post
      It is a combination of a Python daemon--which acts as a web server translating your keystrokes/terminal output--and JavaScript which runs in the browser. The server keeps track of your terminal state so that if you get disconnected everything will resume precisely where it left off.

      It works in IE10+, Chrome/Chromium, Firefox, Safari (if you don't use a self-signed certificate), and Opera. Probably others too. The only major requirement is that the browser support WebSockets and Web Workers (never seen a browser that supported one but not the other).
      I'm not sure I get that. So the terminal in my browser window sends my keystrokes (including my remote ssh password) over the 'plain' wire to the web server (python daemon) which processes this and then an ssh connection emanates from the web server to the ssh server that I want to connect to?

      Comment


      • #33
        Originally posted by grigi View Post
        :-D

        This is awesome! We always have to use SSH jump hosts to get around the network at work. (It spans most of Africa, so is a very segmented and inconsistently implemented network) Gate One could make this jumping around a lot less tedious :-)

        I just very recently started playing with Tornado (a few days ago), and I have to say this is the single most awesome example of a Tornado app I have seen :-)
        Thanks! I do love Tornado. I use it every day and yet I feel like I'm barely scratching the surface of what it's capable of.

        Comment


        • #34
          Originally posted by ArneBab View Post
          Wow - this is pretty cool!

          It might just have answered the question how I can easily collaborate with people on shared projects - at least if I manage to get emacsclient running there.

          And AGPL is the perfect license for this - @riskable: Really cool work!

          It looks like the Demoserver is a bit overloaded right now, though…
          Thanks. You're right about the demo server, wow. Someone or something was causing the nethack clients to go *crazy* gobbling up CPU. Even after killing them they just kept respawning (people really wanted to play I guess!). It's all taken care of now though if you want to play with the demo.

          Comment


          • #35
            Originally posted by ArneBab View Post
            But installing it locally only took about 15 minutes - yay!

            One question which isn’t clear at once: How do I open a terminal? (likely the docs will tell me that in a minute, but this could be more seamless).
            You're probably running into a bug with Firefox that I *just* fixed. If you pull the latest code terminals should open up right away.

            Comment


            • #36
              Originally posted by krach View Post
              I'm not sure I get that. So the terminal in my browser window sends my keystrokes (including my remote ssh password) over the 'plain' wire to the web server (python daemon) which processes this and then an ssh connection emanates from the web server to the ssh server that I want to connect to?
              It's not that complicated, really:

              onkeydown -> send key to server -> send key to terminal program (e.g. ssh client)
              terminal program outputs something -> server converts it to HTML and sends to client -> client draws the HTML

              The complicated bits are the "polish". As in, very few web-based terminal clients let you copy & paste, work with foreign language input mechanisms, display images in terminals, etc etc. All that stuff "just works" in Gate One.

              Comment


              • #37
                Originally posted by MartinK View Post
                Yep - and not only Android!
                * Python work on the old Nokia Maemo mobile devices (N7XX, N8XX, N900, N9/50) and there are lots of apps using it there, many are in the Ovi store
                * the Nemo mobile open mobile distro also has Python
                * the upcoming Sailfish running on the soon to be released Jolla device has Python & graphical applications using it
                * the BlackBerry 10 mobile OS has Python 3.2 built-in and applications using it are in the Black Berry World appstore
                * the OpenPandora mobile gaming device has Python & Python apps
                * even the late Neo FreeRunner had/has Python


                On the other hand, "normal" Java - not counting the Android incompatible flavor - isn't really used anywhere on current mobile platforms. There are is just a community port for the N900 used by a few apps. Don't know of it being used anywhere else.
                Not to mention that, if you want a familiar GUI toolkit, PySide already has instructions for building it against the Android technology preview and efforts are being made to bring Qt itself to iOS in addition to the existing port for BlackBerry 10.

                Comment


                • #38
                  Originally posted by riskable View Post
                  onkeydown -> send key to server -> send key to terminal program (e.g. ssh client)
                  terminal program outputs something -> server converts it to HTML and sends to client -> client draws the HTML
                  Thanks for clarifying! So indeed:
                  1.) the ssh password is traveling unencrypted from my computer to the gate one server.
                  2.) the gate one server needs to process my password.
                  Maybe you should put a warning somewhere. I guess the only proper setup would be a trusted server (my own) to which I connect over a trusted network (my lan, certainly not the internet). This limits the applicability quite a bit

                  It does look very impressive though! But I don't really see the use case for me yet.

                  Comment


                  • #39
                    Oh, also the demo server is not reachable via https, only http.

                    Comment


                    • #40
                      Originally posted by riskable View Post
                      You're probably running into a bug with Firefox that I *just* fixed. If you pull the latest code terminals should open up right away.
                      YAY, it works!

                      Now I just need to manage to teach emacs not to open in terminal mode but in X11-mode ☺

                      Comment


                      • #41
                        Originally posted by sarmad View Post
                        Am I the only one who feels HTML has become an operating system? A slow and memory intensive operating system that is?
                        Not really (http://nodeos.github.io/)

                        Comment


                        • #42
                          Originally posted by riskable View Post
                          Hey there... I'm the author of Gate One. If you guys have any specific questions about it or the new X11 support just ask away.
                          Hi there ; how does your X11 implementation work then ? Are you sending compressed video or real X11 transport over ssh, then display with a js based X11 implementation ?

                          Comment


                          • #43
                            Originally posted by krach View Post
                            Thanks for clarifying! So indeed:
                            1.) the ssh password is traveling unencrypted from my computer to the gate one server.
                            2.) the gate one server needs to process my password.
                            Maybe you should put a warning somewhere. I guess the only proper setup would be a trusted server (my own) to which I connect over a trusted network (my lan, certainly not the internet). This limits the applicability quite a bit

                            It does look very impressive though! But I don't really see the use case for me yet.
                            Given that Safari was listed as working "if you don't use a self-signed certificate", I'm assuming that a normal (non-demo) install uses SSL/TLS to encrypt step #1.

                            That'd mean you don't need a trusted network. You only need to be sure that:
                            • The machine you're sitting at has no keylogger (unavoidable requirement unless you're booting something like Tinfoil Hat Linux off a LiveCD and entering your password by selecting letters from a randomly-organized grid)
                            • The machine running Gate One is trusted (normally, this would be the same kind of compromise as keylogging the machine you're sitting at since they could just grab things like your SSH private key while installing the keylogger.)

                            Comment


                            • #44
                              Originally posted by krach View Post
                              Thanks for clarifying! So indeed:
                              1.) the ssh password is traveling unencrypted from my computer to the gate one server.
                              2.) the gate one server needs to process my password.

                              Maybe you should put a warning somewhere.
                              This is an entirely preposterous assumption. It might be acceptable if the statements you make were formed as questions, but even that would just mark you as too lazy to open a new browser tab.

                              This is a public forum linked to from an article discussing new alpha features soon-to-be-implemented in an otherwise arguably stable terminal server application. What makes your statements so ridiculous is you immediately question this application's core security functions - functions pretty much fundamental to any similar application - apparently without even bothering to check the documentation available online or the github source which, in addition to this forum thread, are both linked to in the article!

                              To spare the application's author the time required to answer your inane questions (with hopes he will sooner provide X11 support), by default the software installs a Tornado web-server configured for access via encrypted HTTPS Websocket. MANY session authentication mechanisms exist, including nic and subnet bind filters, which are configurable locally in json dicts on the server. In my experience the simplest of those offered was simply to authenticate with my Google account - which should be as secure as my Google Wallet account.

                              As for warnings, the author includes those in the online docs, installed manages, command-line --help options, and previously mentioned json config files noting in all of them that disabling HTTPS is (something to the effect of) "generally a bad idea."

                              And seriously, who would code an SSH remote access client which transmits in plain passwords in plain text?

                              -Mike

                              Comment


                              • #45
                                Originally posted by krach View Post
                                Thanks for clarifying! So indeed:
                                1.) the ssh password is traveling unencrypted from my computer to the gate one server.
                                2.) the gate one server needs to process my password.
                                Maybe you should put a warning somewhere. I guess the only proper setup would be a trusted server (my own) to which I connect over a trusted network (my lan, certainly not the internet). This limits the applicability quite a bit

                                It does look very impressive though! But I don't really see the use case for me yet.
                                Well, you're wrong about #1: Gate One uses HTTPS (SSL/TLS) encryption. When you run it the first time it will generate a 4096-bit, self-signed RSA certificate/key but you can use whatever certificate you want. All your keystrokes and terminal output are encrypted.

                                You're also wrong about #2 to an extent: Gate One doesn't "process" your keystrokes at all, really. It just forwards them on to the underlying terminal program. You can audit that code for yourself:

                                https://github.com/liftoff/GateOne/b...minal.py#L1825

                                The "key" line (haha, I kill me) is:

                                Code:
                                multiplex.write(chars)
                                So that function takes 'chars' as an argument (directly from the WebSocket) and it writes it directly to the running terminal program. There's no "processing" of your keystrokes.

                                Having said that, if you set the log level to "debug" it will log all your keystrokes but when you turn on debug logging it displays warnings all over the place. Users get a HUGE pop-up with a big message warning them that debug logging is enabled and that means their keystrokes will be recorded.

                                You still have to trust whoever is running the server but that's no different from anything else really. Do you trust that sshd hasn't been modified to record your keystrokes? It's a trivial thing for any admin to do.

                                Comment

                                Working...
                                X