[NTLUG:Discuss] X sanity check

Wayne Walker wwalker at bybent.com
Sun Jun 25 18:37:03 CDT 2006 

Well, first remember that X was mature in 1989 (maybe before that,
that's when I started using it and it was mature robust and full
featured).

At that time, I might have a PC, or a low end workstation ($4K to $15K)
on my desk, but the real compute power was on the server in the computer
room.  If I wanted to run a gerber rasterisation, I ran it on the Sun
server, and displayed that x client running in the computer room onto my
desktop, while others were doing the same.  I was also doing a microwave
2 and 1/2 D transmission line analysis using HP's Microwave Design
Station on the Only machine in the building with the $100K license for
the software.  again running elsewhere as an X client to my local X
server.

So, obviously needed then, ssh today is very slow and adds lots of
latency to X traffic and lots of CPU oerhead for the encryption.  Wasn'
an option back then, couldn't afford the compute costs of ssh, so had to
go direct, unencrypted.  It was a known security risk but necessary.

"Productivity is inversely proportional to Security"

Skip to today.  For 95% of all X apps, if you need to run them on a
remote machine and display them onto your local X server via ssh, great
solution and no security problems (assuming you use ssh properly).
For 5% though there is still enough performance degradation in the ssh
latency that you want instead to use direct X protocol over tcp, no ssh
in between.

This is rarely an issue of "my machine isn't fast enough, so I run it on
a remote server"  It's more often an issue of "Mentor Graphics wants
$85K per seat for that license, so we only bought 3 licenses.  Walk over
to the other building, or use remote X...

My $0.02 worth.

Wayne


On Sun, Jun 25, 2006 at 06:14:12PM -0500, Leroy Tennison wrote:
> I've been reading the various X man pages noting the issues with 
> "traditional" X security and then the question came to mind "Why would 
> you want a remote client to be able to connect to your X server?"
> 
> I understand that you, sitting in front of the X server, might want to 
> be a remote client by executing a program on a remote host and that, for 
> that purpose, ssh is a good solution.  But is there any good reason why 
> a user remote to the X server would be interested in sending the output 
> to the X server?
> 
> Where I'm going with this is the question "Is all this concern about X 
> security really a non-issue because there is no real need to use the 'at 
> risk' configurations?"
> 
> Just trying to sanity check my thinking, any responses are appreciated.
> 
> _______________________________________________
> http://ntlug.pmichaud.com/mailman/listinfo/discuss

-- 

Wayne Walker

www.unwiredbuyer.com - when you just can't be by the computer

wwalker at bybent.com                    Do you use Linux?!
http://www.bybent.com                 Get Counted!  http://counter.li.org/
Perl - http://www.perl.org/           Perl User Groups - http://www.pm.org/
Jabber:  wwalker at jabber.gnumber.com   AIM:     lwwalkerbybent
IRC:     wwalker on freenode.net

More information about the Discuss mailing list