21 thoughts on “Scotty, Warp Screen Sharing!

      1. It’s not a ‘bad’ language per se, just rather mediocre. It doesn’t do anything new and in some areas is a significant step backwards from ‘modern’ languages such as Python.

        1. How is Python a ‘modern’ language? I’ve seen *tons* of unmaintainable Python projects with little to no future-looking design making changes difficult. (that might not be Python’s fault, but the kind of developers it attracts) Rust, C, C++, Ruby, Golang are all better more modern alternatives :-D

          1. That has nothing to do with the language, or “the kind of developers X attracts” regardless of X. There are shitty projects in every language.

          2. How are Rust or Ruby ‘modern’ languages? I’ve seen *tons* of unmaintainable Rust and Ruby projects with little to no future-looking design making changes difficult. (that might not be Rust or Ruby’s fault, but the kind of developers they attract) Python, C, C++, C#, Assembly are all better more modern alternatives :-D

    1. Always a good sign when it comes to high quality security:
      “warp.link uses an invalid security certificate. The certificate is only valid for settle.network Error code: SSL_ERROR_BAD_CERT_DOMAIN”

  1. Already doable with SSH, attach multiple sessions to the same shell using a couple of connection flags. SSH is just the tunnel to connect to a shell, typically when you set up an SSH tunnel to a system a new shell is created, but you can specify that an already-existing shell be used.

    If you don’t want to use SSH, you can connect to the same shell session directly (Typically through another shell, and using features in the shell to clone stdin and stdout).

    Or if you want to use different shells, you can tie them together at the TTY layer (So one person can use bash, another can use ksh and still see the same thing. Commands may be slightly different, but still the same input/output).

    Building a cloud-enabled, insecure tool like this just seems to show how little people even know about how their OS operates, and that just makes me so sad…

  2. “connection between machines is secure” and “note that the session name (which is not published) is all anyone needs to connect” don’t really seem to fit together…

  3. Another hack worth keeping in mind if you’re using a virtual terminal on Linux: /dev/vcsN… I can recall hacking together something that would read that, pass it through fold -w 80 and dump it to a file in my web root so the arcload author could help me debug arcload on an SGI Indigo2 R10000.

    As a quick 5-minute hack, it worked well.

  4. “…if you are really worried about security, note that the session name (which is not published) is all anyone needs to connect. Probably should make it hard to guess…”

    Time to start working on a bruteforce script to find live sessions then :^)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s