
Apache Guacamole – Clientless remote desktop gateway - gsempe
https://guacamole.apache.org/
======
gunta
There is OpenSTF which is similar but for physically remote controlling
Smartphones. No need to install any client. Can be controlled from any
browser, even from another smartphone.

[https://openstf.io](https://openstf.io)

------
jodrellblank
Slightly off topic, but it's often bugged me that remote desktop protocols
push for things like video and audio redirection as if everyone was on gigabit
networking, but I haven't seen much in the way of pushing down down down on
bandwidth.

Dameware Mini Remote Control from years ago used to have options to set
grayscale and dithering and horizontal scanline interleaving(?) and slow
refresh frequency and things, but I imagine going beyond that - a line sketch
of the visible window borders and their titles, then let me draw a region to
update with the mouse, scrape the text out and send that to me.

There's ways to build TUIs inside CLIs, but what about squishing a GUI down
towards a CLI-style-basics?

------
WalterSobchak
Previous discussions:

* 2 yrs ago - [https://news.ycombinator.com/item?id=15389727](https://news.ycombinator.com/item?id=15389727)

* 2 yrs ago - [https://news.ycombinator.com/item?id=15778902](https://news.ycombinator.com/item?id=15778902)

* 4 yrs ago - [https://news.ycombinator.com/item?id=11744430](https://news.ycombinator.com/item?id=11744430)

* 5 yrs ago - [https://news.ycombinator.com/item?id=8166388](https://news.ycombinator.com/item?id=8166388)

------
cerberusss
My problem isn't really the protocol or the client. It's that the device is
behind a NAT, a corporate firewall or otherwise not reachable at a public IP
address.

I assume this project doesn't help with that?

For now I'm just sticking to products like TeamViewer.

~~~
Timothycquinn
RDP uses a single port so opening a port on the public IP NAT for RDP is
trivial, however it's always best to hide RDP behind a VPN. This security rule
applies to pretty much any remote access protocol, which you should avoid
having listening on the open Internet.

~~~
hunter2_
I'm all for defense in depth generally, but if a use case demands the
convenience of not having this extra step, can't various application protocols
be made as tough as a VPN to crack? At that point the VPN just adds obscurity.
Wrapping insecure legacy protocols, like SMB for example, with a VPN is
absolutely required.

~~~
Spivak
The step of flipping a switch to connect to a VPN isn’t that bad. Googles IAP
is in a lot of ways more annoying since you end up having that step multiple
times.

It’s not really the protocol that people are worried about — it’s attack
surface. VPNs have basically zero — everything is opaque and an attacker
learns nothing except that you’re on a VPN by observing your traffic. An
attacker doesn’t even know that the application you’re connecting to _exists_
and can’t even reach it to break in it without first breaking into your VPN.

You can call this obscurity but I think it’s better to say that you’re not
leaking side-channel information about your network.

Having a VPN isn’t an excuse to have poor network security internally but a
single portal that’s internet facing is much more defensible than n different
home-grown apps.

------
mkj
This works pretty well, the only downside is ctrl-w can't be captured so I
keep closing the browser tab!

~~~
haydn3
Use an on-screen keyboard on the Remote side

~~~
azinman2
That’s not a useful way to remotely work.

~~~
gsich
Then you need to use RDP. Not in a browser.

------
francescovv
Is there anybody around here who tried both Guacamole and
[https://github.com/novnc/noVNC](https://github.com/novnc/noVNC) \- and can
describe pros/cons?

~~~
sansnomme
Guacamole is a VNC wrapper and proxy in a box. It's like comparing Visual
Studio to GCC. Apples to oranges.

~~~
SlavikCA
NoVNC is a wrapper, too. It requires VNC server and present that VNC server as
HTML5 app.

~~~
sansnomme
No you are incorrect. noVNC is still ultimately a client, a simple baked-in
static web server does not a PaaS make. Guacamole is a turnkey server that
works out of the box where you get a full blown GUI and control panel and
everything. Guacamole has the added overhead of the proxy but it's a lot more
convenient. Unless you are doing high performance applications like cloud
gaming with the server halfway across the globe, Guacamole is more than
sufficient if you don't want to fiddle with too many knobs.

~~~
SlavikCA
I still don't see your point. Yes, Guacamole may be "turnkey server", but
noVNC is server, too.

noVnc supports only VNC. Guacamole supports VNC, RDP, SSH.

noVNC can be run on Windows and Linux. I think Guacamole server has be run on
Linux. Not sure about that.

That's not apples to oranges.

~~~
Lex-2008
As a user of noVNC, I'd be interested in such comparison, too. I haven't used
Guacamole, but as I understand, sansnomme's point is that Guacamole compared
to noVNC is like Visual Studio compared to GCC - while GCC and noVNC offer you
most basic tool, Guacamole and Visual Studio provide some helper utilities
around - like session management, config UI, etc.

So when compiling single-file "hello world" app or connecting to a single
machine you would prefer a simpler tool (GCC/noVNC), since more complex tools
require more complex workflow; but for more complex projects (or when you have
tens of machines under your control) you would prefer more complex tools.

Disclaimer: I have never used Guacamole, used Visual Studio very little, and
my experience with GCC is rather limited.

------
asadlionpk
Love this project. I maintain a service around Guacamole[1] with slightly
modified protocol and client built in nodejs instead of the included Java one.

[1] [https://www.allmydesktops.com/](https://www.allmydesktops.com/)

~~~
marktangotango
Nice, are you getting any traction with this? The land page says "No
Installation Required" but the users desktop does require either VNC or RDP
enabled correct? And from the "user inside the firewall" perspective, ports
have to be opened for RDP/VNC?

~~~
asadlionpk
Last I checked, I had 150+ unique weekly active with successful sessions.

Most use it to connect to their ec2-like machines and not for teamviewer-like
usecase.

My main problem is that user’s login creds have to go through our server
unencrypted as we essentially provide a translation proxy for VNC/RDP to
websockets.

~~~
marktangotango
So 150 paying customers? Nice work, how have you acquired users?

------
badrabbit
I've used this a ton with cuckoo sandbox. If you haven't already set up your
own cuckoo and use it to visir untrusted links and open untrusted files. It is
fun! I like how guacamole allows you to interact with the session. I know a
few (most?) Paid alternatives that won't let you interact.

~~~
Iwillgetby
I never have been able to find a cuckoo install guide that feels
straightforward. Any tips or links you can share that helped you?

~~~
PenguinCoder
Same. I have an installation setup, with KVM, but even after following
instructions and setupz cuckoo never reverts the snapshot it used. So after
the first use , it reused the potentially malicious snapshot for the next run.
If I can't figure out how to fix that , I can't use it.

------
gravypod
Has anyone set something like this up with sound + multiple viewers? I've been
looking for someone to help me watch TV with friends who are remote. I used to
use rabb.it but I think that died.

~~~
xemdetia
Have you looked into VLC or OBS for doing this? The big issue that isn't
really solved is that most desktop protocols take advantage that the image has
a majority of the screen static and only small areas of the screens need
updates. Video is the exact opposite problem: nearly every pixel changes
across frames and so to have it be reasonably well sync'd especially with
sound you need a different kind of protocol.

[https://www.videolan.org/vlc/streaming.html](https://www.videolan.org/vlc/streaming.html)

~~~
gravypod
Rabb.it was really cool because it was a shared web browser that was ephemeral
and neutral. Both people could control it, there was very low latency, and you
could keep doing sensitive stuff while rabbit was also open. I haven't been
able to find a way to do that with RTMP streaming systems.

