Ubuntu

Bug #183801
Comment #10

Comment 10 for bug 183801

Revision history for this message

Jeremy Wilkins (wjeremy) wrote on 2010-10-03:

#10

I am one of the supporters of the FreeNX project for Ubuntu and although I cannot speak for x2go, I do know both the benefits and disadvantages of FreeNX. I am a proponent for FreeNX, but there are several problems.

There are indeed inherent security flaws that exist partly due to the code base originally being forked from version 6.9 of the X server. Although many bug fix patches have been applied, there is still no guarantee that they are all applied, and because the base from which it was forked is no longer compatible with the now more modular design of X.Org it is harder to apply the patches that they have made to X to incorporate the NX conpression technology into the current X server. Also, if someone uses the default NX public key for communication (this is not recommended, but many do), you open your server to the possibility of hackers trying to hack current security flaws inherent in the nxserver script which are unknown to us. With the nxserver script being the shell of the NX user, anyone using the key gains access to this user and if an exploit is successful root access may be granted. With FreeNX being an open source project, it could become an easy target. This is avoidable, but it still needs to be addressed.

However, the benefits of the NX compression technology and communication protocols are very good and achieve near local responsiveness when connected to a desktop through it. The only other technology I have seen that is equivalent or better is Citrix for Windows servers.

Although I agree with you Jo-Erlend that FreeNX is a very good thing for the Ubuntu desktop in that it offers us a much better alternative to VNC or RDP which are both inherently more flawed and even less secure. Due to the age of the source files from which it was developed it is not ultimately a good thing for us to continue longer than we have to.

A better solution is for us to extract the fundamentals of the NX core technology and incorporate this technology as a modular and installable component of the existing X server. Fairly similar to how you would install your video drivers or custom mouse drivers. This is considerably more work than what can be achieved in a single release, so I do agree that in the mean time including the packages is a good intermediate step towards ultimately a better X remote communication technology, but should only exist as a stepping stone to our final destination.

I am one of the supporters of the FreeNX project for Ubuntu and although I cannot speak for x2go, I do know both the benefits and disadvantages of FreeNX.  I am a proponent for FreeNX, but there are several problems.

There are indeed inherent security flaws that exist partly due to the code base originally being forked from version 6.9 of the X server.  Although many bug fix patches have been applied, there is still no guarantee that they are all applied, and because the base from which it was forked is no longer compatible with the now more modular design of X.Org it is harder to apply the patches that they have made to X to incorporate the NX conpression technology into the current X server.  Also, if someone uses the default NX public key for communication (this is not recommended, but many do), you open your server to the possibility of hackers trying to hack current security flaws inherent in the nxserver script which are unknown to us.  With the nxserver script being the shell of the NX user, anyone using the key gains access to this user and if an exploit is successful root access may be granted.  With FreeNX being an open source project, it could become an easy target.  This is avoidable, but it still needs to be addressed.

However, the benefits of the NX compression technology and communication protocols are very good and achieve near local responsiveness when connected to a desktop through it.  The only other technology I have seen that is equivalent or better is Citrix for Windows servers.

A better solution is for us to extract the fundamentals of the NX core technology and incorporate this technology as a modular and installable component of the existing X server.  Fairly similar to how you would install your video drivers or custom mouse drivers.  This is considerably more work than what can be achieved in a single release, so I do agree that in the mean time including the packages is a good intermediate step towards ultimately a better X remote communication technology, but should only exist as a stepping stone to our final destination.