When working collaboratively, it is handy to be able to see someone’s screen. For the GUI, there are plenty of options. There are a few ways to share a terminal screen (such as screen, tmux, and tmate). Now there’s a new terminal sharing program based on the Go language from developer [spolu] called Warp.
Unlike some other solutions, Warp is simple, focuses only on sharing a shell session, and does not require ssh or a central server (sort of). Despite not using ssh, the connection between machines is secure. However, if you are really worried about security, note that the session name (which is not published) is all anyone needs to connect. Probably should make it hard to guess.
On the other hand, by default, people can only view your screen session, so at least an attacker can’t just start entering malicious commands. You can, however, authorize someone to take control, but in that case, you would want to be very sure you knew who you were allowing to use your computer.
Go will run on the Raspberry Pi, so it should be easy enough to install there. You do need at least version 1.7 of Go. You also should have the GOROOT and GOPATH environment variables set. You’ll probably want to add your GOPATH to you system PATH, too, to make it easier to run warp (and other Go executables).
Although the README says there is no central server, it does look like it uses the warp.link server to manage connection requests. We aren’t Go experts, but we assume an examination of the code would see the warp.link server resolving names and handing off the connection. But if you are really security conscious, you should probably make sure.
If you don’t mind ssh, you can always use this fork of tmux. You can also use tmux or screen directly (see the video below). None of these methods are going to be as robust as Mosh, but then again that’s a different use case. Or you can just give someone the keys to your computer if you dare.
When you shut down the program, does it give you a message that it’s ejecting the warp core? ;-)
I audibly booed when I read “based on the Go language”. ;)
What’s wrong with Go? I know nothing about it apart from that it exists.
It’s not a ‘bad’ language per se, just rather mediocre. It doesn’t do anything new and in some areas is a significant step backwards from ‘modern’ languages such as Python.
Lol
How is Python a ‘modern’ language? I’ve seen *tons* of unmaintainable Python projects with little to no future-looking design making changes difficult. (that might not be Python’s fault, but the kind of developers it attracts) Rust, C, C++, Ruby, Golang are all better more modern alternatives :-D
That has nothing to do with the language, or “the kind of developers X attracts” regardless of X. There are shitty projects in every language.
How are Rust or Ruby ‘modern’ languages? I’ve seen *tons* of unmaintainable Rust and Ruby projects with little to no future-looking design making changes difficult. (that might not be Rust or Ruby’s fault, but the kind of developers they attract) Python, C, C++, C#, Assembly are all better more modern alternatives :-D
Relevant (and scary): https://github.com/spolu/warp/issues/20
Anyone wants to DDoS that warp.link server?
Always a good sign when it comes to high quality security:
“warp.link uses an invalid security certificate. The certificate is only valid for settle.network Error code: SSL_ERROR_BAD_CERT_DOMAIN”
Read this before using this thing: https://github.com/spolu/warp/issues/20
Ah you can host your own central server? Awesome. That already makes it head-and-shoulders above most options for desktop session sharing!
One line of code to prove that there’s no central server: https://github.com/spolu/warp/blob/master/protocol.go#L13
A discussion about that (with no replies from warp’s developer): https://github.com/spolu/warp/issues/20
What happens if you try to open a warp without internet access: https://github.com/spolu/warp/issues/22
Am I the only one seeing an intelligence agency behind this non-server?
Hmm… it seems I accidentally spammed for the first time. Moderators, feel free to remove all those comments.
We’ve all done it. Easy to forget that two or more links equals moderation.
Thanks for the warnings.
Already doable with SSH, attach multiple sessions to the same shell using a couple of connection flags. SSH is just the tunnel to connect to a shell, typically when you set up an SSH tunnel to a system a new shell is created, but you can specify that an already-existing shell be used.
If you don’t want to use SSH, you can connect to the same shell session directly (Typically through another shell, and using features in the shell to clone stdin and stdout).
Or if you want to use different shells, you can tie them together at the TTY layer (So one person can use bash, another can use ksh and still see the same thing. Commands may be slightly different, but still the same input/output).
Building a cloud-enabled, insecure tool like this just seems to show how little people even know about how their OS operates, and that just makes me so sad…
“connection between machines is secure” and “note that the session name (which is not published) is all anyone needs to connect” don’t really seem to fit together…
From machine 1:
screen -S “whatever”
From machine 2:
ssh user@machine1
screen -rx whatever
Done.
Another hack worth keeping in mind if you’re using a virtual terminal on Linux: /dev/vcsN… I can recall hacking together something that would read that, pass it through
fold -w 80and dump it to a file in my web root so the arcload author could help me debug arcload on an SGI Indigo2 R10000.As a quick 5-minute hack, it worked well.
apt install screen -y
“…if you are really worried about security, note that the session name (which is not published) is all anyone needs to connect. Probably should make it hard to guess…”
Time to start working on a bruteforce script to find live sessions then :^)