> -----Message d'origine-----
> De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> EnvoyC) : mercredi 19 fC)vrier 2003 11:48
> C : '[EMAIL PROTECTED]'
> Objet : Re[2]: Wish : chat between client and server
>
>
> See inline:
>
> Wednesday, February 19, 2003, 10:30:24, Teng-Fong wrote:
>
> STF> First, don't forget that VNC is multi-platform.
> Second, in case you
> STF> don't know technologies, let me explain a bit to you.
> Instant messenger
> STF> requires first a server to logon while VNC is point to
> point. If you say
> STF> it's possible to install an instant messenger server,
> the answer is "it's a
> STF> waste of time and ressource".
>
> Maybe you don't know enough point to point chat applications (as I
> said there are hundreds, maybe thousands applications which do not
> require a server).
True. But I didn't say the contrary. It's just that you talked
about netmeeting, so I elaborated the reasons why it's not situable in some
situations.
> Netmeeting _is_ point to point. And multiplatform (I mean, there are
> *nix clients). So is talk (and yes, there are quite a few talk clients
> for windows). And many, many, many other applications.
Nope, you missed the word "first" in the sentence "... requires
first a server ...". Actually, "point to point" is a term I invented :-) I
wanted to mean an application involving only two computers at both ends of
communication channel. Netmeeting (and instant messengers, called IM for
simplification, in general) isn't. Because an IM needs a server for
authentification at the beginning (and of course username and password is
stored in it). And during usage, IM still needs to hook to server to update
its own status and request other IM (users) status. So, no server, no IM.
OT : I'm wondering if a IM is working in Kerberos-like protocol in
authentification and talking to other IM's.
> STF> As to company policy, if you understand why
> there're companies
> STF> allowing PCAnywhere but forbidding Internet surfing or
> instant messenger,
> STF> you could also understand why they would forbid
> netmeeting but allows vnc.
>
> So let me get this straight: company policy forbids program X
> (ytalk for
> example, or any other simple chat program), but if you
> include the same
> code into VNC the same company policy will allow it, because it's
> called VNC. Pretty shallow company policy.
Not really true. I wouldn't judge the company policy if it is
shallow or not, but it's a matter of compromise.
Actually, it's not only chatting that I was referring to. I was
also talking about security and hacking.
> STF> OTOH, it is not unusual that company computers are behind
> STF> firewall(s) which blocks both incoming and outcoming
> traffics except a few
> STF> ports, usually 80. So, in some case, if 80 is the only
> port, either you let
> STF> VNC work for tele-maintainance or workers brwoser the
> web. I think the
> STF> choice is clear.
>
> I assume the "clear" choice for you is to use port 80 for VNC, isn't
> it ?
Yup.
> Even if the company policy is "NO VNC". If it were "only
> VNC" they would open other ports, not port 80, isn't it ?
I don't quite get the relationship between these two sentences. But
the answer is "Maybe".
> STF> Moreover, it's well known that ICQ has a lot of
> security flaws :
> STF> hackers can execute (or make a user execute) worms or
> other dirty stuffs.
> STF> For netmeeting, it's not sure it's 100% sure. But for
> VNC, everything must
> STF> to be done _on_the_screen_. If a hacker wants to run a
> virus, he has to run
> STF> it in a Dos window or double click. If there's a user
> before the server
> STF> screen (which is almost always the case), he could know
> what he's doing.
>
> I fail to see the logic. You say that if you have a VNC (or
> VNC + chat) with a
> security flaw then if the flaw is exploited you could see this on the
> screen. Why is that ?
Nope, that's not what I mean. I was on the assumption that the
protocol used by VNC is only used to supply input streams simulating
keyboard and mouse. So, I don't see how a hacker could hack VNC remote
machines as they hack ASP servers by sending requests and make them be
executed. See what I mean ?
Or maybe I have too much confidence on VNC ?
> STF> There're more reasons than I can easily imagine,
> but I think these
> STF> are enough for now.
>
> I see none. Maybe you should care to support your affirmations, or to
> find other reasons.
You lack imaginations :)
> STF> As to bloat, I don't think a chat client could
> be a bloat. First,
> STF> it just needs two panels, one keyboard input stream
> listener, one network
> STF> input stream listener and some codes to display
> characters. It couldn't be
> STF> bigger than notepad. (FYI, WinVNC is about 330 kB.
> Notepad is about 50KB).
> STF> Second, it can be a separate programme (executable),
> sort of plugin.
>
> Remember, VNC is free. You cannot have the whole list of features
> because you don't pay anybody to do it. Remember, the wish list is
> huge:chat, encryption, file transfer, remote registry
> edit, other windows related stuff (start/stop services, etc), remote
> shell, streaming the audio, etc. But all of these are not real
> problems; you can get around (sometimes in more than one way).
The other poster had talked about UltraVNC and explained well
enough. I don't think I could add anymore additional stuff.
> I have
> no idea where are "the vnc people" going, but I assume the focus is on
> problems like "vnc crashes with windows X service pack Y", or "vnc is
> too slow even with a lot of bandwidth", because we cannot really solve
> this problems using a chat client, or ssh, or ftp server, or whatever
> other tool freely available.
Bug is bug, enhancement is enhancement. It's not because we've got
lots of bugs and enhancements should be frozen. If this is the way to go, a
lot of software companies had already gone bankrupcy because they couldn't
progress and thus get replaced by others.
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
http://www.realvnc.com/mailman/listinfo/vnc-list
