Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Remote Desktop from any browser (allmydesktops.com)
65 points by asadm on Feb 12, 2018 | hide | past | favorite | 49 comments

So relevant:


Back ~4 years ago I did a similar web application as a way to bring a legacy Windows desktop to the web...I used the Guacamole project before it was brought into the ASF. It was remarkably easy to use and even modify for our business use case.

This project is based on guac too. I LOVED guacamole. One thing I didn’t like was the client dependency on Java and Tomcat. So I wrote a client myself and made some improvements in websocket protocol. It’s still a wip.

Do you have it somewhere on, like, github ?

Not yet but I plan to. It's written in nodejs.

I learned about guacamole about a year ago from HN and it is amazingly useful software. I use it as a way to have a cloud desktop on a linode instance. I've heard some great use cases, such as people using it to serve up legacy software as a simple web app. Awesome stuff!

yet another site which asks for your email before showing you anything. Just one page telling how incredible this is. But not even a page about the authors/makers and how the magic (not plugin required) works.

I tried showing a quick demo in the attached video. I wonder how can I improve this.

You may want to include differences from [mstsc.js](https://github.com/citronneur/mstsc.js) for RDP and [noVNC](https://github.com/novnc/noVNC) for VNC, apart from those are both being free open source software while yours is closed source monthly subscription software.

The demo didn't show up for me (Brave v.0.20.29) until I started to scroll down, and it was not obvious to me that I could do so until I read this comment and wondered.

EDIT: to be clear, there was enough screen real estate to show it; it was simply empty white.

Might be a bug. Let me try it on Brave.

Same bug happened to me on Chrome stable, though only on the first load

How would this compare to something such as https://guacamole.apache.org/

This is built around guac but more of a managed version with a custom frontend and browser client.

if you install Guacamole on a server, what kind of software to be installed on machines that need remote access? there's no mention of how to access windows machines, even thought it's in the demo?

There's a HTML5 browser interface. With some basic scripting/"programming" skills and some front-end magic anyone could build such a service. More important is a good network and security engineer to keep it safe and stable for everyone (around the globe).

What measures have take to secure your infrastructure??? If someone is able to penetrate your network can they now have access to all your clients machines???

just the lack of _any_ answer from the founder shows me that they haven't even thought this far into the security of their product and that, _right there_, tells me I shouldn't be using their product.

Does this use Apache Guacamole or is it a custom-made software?

This indeed is mostly a wrapper around guac. But we did design a custom client protocol for speed.

Doesn't Guacamole Client's Apache License 2.0 require you to provide copyright notice / attribution for using it in this way? I don't see it anywhere here.

I think the Apache License 2.0 does not require any attribution or copyright notice, unless you redistribute the source code.


From the license itself, it seems like you do need to include the license contents within the derivative work somewhere. Since "Derivative works" includes "Object" (compiled) projects, and 4a states:

> You must give any other recipients of the Work or Derivative Works a copy of this License

They're pretty clear on attribution being in the source only in 4c:

> You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works

OP here. So it’s okay to keep the license in source only right? Do I need to attribute on the site too?

According to the letter of the law probably. But I would suggest that it might be nice to credit the main Open Source project(s) on which your business is built, maybe in a 'Thanks to...' page.

How does it fair against a firewall or behind a router? Is it just a simple client for convenience or does it provide a server too? Cause being able to pass through a firewall would be worth paying for, otherwise I still have the same problems as using a normal client.

This works through websockets. So if you (the client) can access this website, you can RDP to your machines.

Just so you know, it doesn't require websockets. There is a HTTP tunnel fall back (at least there was one when I worked with guac).

Quick search seems to suggest the HTTP fallback persists: https://glyptodon.org/jira/browse/GUAC-1474

But how does it work if I can't normally RDP to my computer due to NAT router?

ngrok.com (freemium) or https://github.com/mmatczuk/go-http-tunnel (open source, needs some afford, very fast and easy configurable)

btw. @op go-http-tunnel would provides you with great base for a "branded" ngrok like client for your users.

Thanks for the link. I have been planning on doing this since most people don’t keep their machines with public IP.

Chrome remote desktop is very fast, speedwise how does this compare?

I feel like it got a little slower when they moved it from a Chrome App to https://remotedesktop.google.com as part of deprecating Chrome Apps. Other than that, it's pretty great (and simple to use). I always recommend it to people with Windows home editions, since they can't use RDP.

Is it private? I know it says it's encrypted, but that's not the same as end-to-end encrypted.

I think this only works on the local network (or vpn) ? In which case I wonder what the added value is ? There are several free solutions that work exactly like this in a local network (like vnc). The only (?!) difference is you asking money ?

The bigger challenge (and therefore added value) is to access desktops from remote locations. Similar to TeamViewer or Google RemoteDesktop.

This should work from anywhere if the server you are connecting to has a public IP.

None of 'all my desktops' have a public ip. Therefore I use Teamviewer or Google RemoteDesktop which give access to any desktop anywhere. Occasionally I use vnc or rdp for the networks where I can use vpn for access.

Its still very unclear to me what your added valude is ?

I believe most of the rented VMs on AWS/Azure have public IPs. I suppose you could use this product with those.

But in that case we can just run vnc on the server

I've found RDP to be a better protocol, personally.

Once it's set up I agree, but it's a bit of a pain to set up on Linux servers (in my limited experience, even including SSH encapsulation to make vnc not completely vulnerable).

Oh, could be. I am not a proper sysadmin though, so my experience is limited to managing a few machines at our small startup.

I have seen RDP to be way faster in comparison too.

If I may ask, how do you manage those machines right now? What does the workflow look like.

I don't have a workflow as such, but being a programmer, I've tried to automate as much as I can through AD group policy and scripts. Most weeks I don't have to spend any time managing them. We're a biotech company so people here are mostly non-technical (IT) and rarely install random software, etc..

Security: I lock down most machines so that they can only run executables from certain directories, streamline windows updates through GPO, strict firewall rules, etc. At the router level, I use cisco's meraki service, which manages VPNs, content filtering and router firmware updates, etc for me.

Machine Management: I use RDP if needed. I have a 'request support' script that sends me a message if anyone needs anything.

Machine Imaging: I have a clean W10 sysprep-ed image with our LOB software, office 365, etc. I have a deployment script that sets up the partitions and images the machines, etc. I'm looking into getting Intel's ME for our office so I can do that over the network without physically going to the machine. We have two locations and its a pain if I have to physically go to the other one.

Storage: We have networked drives for every user and those get backed up every day through veeam, along with all of our VMs, etc.

Do you have to install anything on the host machine? Or can both just go to the website? (Will this help me fix my mom's computer remotely?)

Unfortunately not a replacement for teamviewer right now. This only helps you access machines that already have Remote Desktop enabled and accessible on public internet. Like servers.

Do you support smart card authentication?

Not right now! I wonder if that's doable here.

Chrome provides the WebUSB API for example: https://developers.google.com/web/updates/2016/03/access-usb...

remoteApp support?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact