While most users in the community will be purely focused on improving the software, some will be examining the code for ways to exploit and hack into any vulnerabilities.Įspecially with remote access software, a well-placed hack can be devastating, and expose whole networks to the hacker without them needing to be anywhere near your computers in person. This can work out great when bugs arise – lots of passionate eyes on the code means potential issues could be spotted quicker, and therefore patched quicker – but it can also pose a very real security risk for those using the program. Open source at its core means that all the code behind the program is visible for anyone on the internet. It does the job you need it for, doesn’t break your budget, and it has glowing reviews from people who greatly appreciate its most attractive feature: not costing any money – what could go wrong? We’ve put together a list of a few good reasons why open source VNC-based software can be a wolf in sheep’s clothing. While the “stranger in the van of candy” scenario presents fairly obvious risks, using an open source program with no price tag can seem on paper much less dangerous. Here's the full blog article: The Dangers of Open Source VNC-based SoftwareĮverybody loves a freebie, from a sample of chocolate at the mall to a promotional stress ball, but is it always a good idea? When it comes to sweets and sundries, we’re not going to stop you unless you’re taking them from a stranger in a van, but for software, there might be more risks than you think. The blog article used to be at, was since taken down, but a version from September 3rd, 2020 can still be accessed via this Wayback Machine entry. In combination with TigerVNC's incompatibilities with other VNC implementations, it seems to be an attempt at vendor-lock in, making me steer clear of TigerVNC. The article claims that proprietary software is superior to open source software in terms of security, support, regulatory compliance, and user-friendliness. On their company blog, RealVNC published an article on May 28th, 2019 titled "The Dangers of Open Source VNC-based Software". You'll be prompted for your Raspberry Pi's login credentials: The package of RealVNC viewer is currently in AUR, you can install it via aura: sudo aura -A realvnc-vnc-viewerĪssuming your Raspberry Pi's host name is the default, connect to it with vncviewer raspberrypi ![]() Make sure to uninstall TigerVNC or any other VNC implementations before proceeding. ![]() Default is to attempt every supportedĭoes RealVNC use some encryption scheme that is not supported by TigerVNC?Īs user rodrunner suggested in the comments, one way to get the VNC connection going is by using RealVNC's vncviewer. Of None, VncAuth, Plain, TLSNone, TLSVnc, TLSPlain, X509None, Specify which security schemes to attempt to use when authenti‐Ĭating with the server. ![]() I'm getting the following error when I try to connect to the server: $ vncviewerĬopyright (C) 1999-2016 TigerVNC Team and many others (see README.txt)ĭecodeManager: Creating 4 decoder thread(s)ĬConn: conectado a puerto 192.168.1.200 de origen 5900ĬConnection: Server supports RFB protocol version 5.0ĬConnection: Using RFB protocol version 3.8Īs far as I understood by reading the man pages, vncviewer attempts by default every supported scheme: -SecurityTypes sec-types The VNC viewer on the Chromebook is TigerVNC The VNC server running on the Pi is RealVNC. ![]() I'm trying to remote control the desktop of a Raspberry Pi (Raspbian Jessie) from a Samsung Chromebook (ARM Arch Linux).
0 Comments
Leave a Reply. |