What this will do, however, is hopefully end for good the mess of "How do I expose a command line application to my windows-using friends such that they aren't confused and won't hate me.". And there's a whole lot of value to that.
Also, in-band signalling, escape characters, magic select() timing loops to distinguish from "real" input, hackarounds for the fact that the original terminal was a separate computer and had local and remote modes and some keys never sent anything... is that metaphor REALLY still relevant?
And your first point is just verifiably wrong. If there were truly better workflow metaphors for software development, you'd think at least some of the best hackers would have discovered it and moved to it at some point in the last four (!) decades. Instead, all of the most productive developers in our subculture (almost quite literally every single one of them) work at a command line. They haven't moved elsewhere, because it won't happen, because your thesis is simply incorrect: no better metaphors have been discovered.
Also check out http://www.wolfram.com/cdf/ for the more general attempt to make a dynamic document standard. I don't know how successful that's been.
Thanks for all the links.
Yes, but the proposed replacement for UNIX consoles is a Google web browser that requires you log into Google in order to use it?? I don't think so....
The TermKit reply in this thread should be sufficient to see why this will be very cool.
 E.G. http://fishsoup.net/software/reinteract/
There may be undiscovered exploits, of course, but CSP severely reduces the chances.
Unless, of course, the developer integrating the existing OpenSSH code did so in a way that's not the formal OpenSSH interface. Like if he had to do some kind of dirty hack. But he shouldn't have to for this project.
Any XSS type vulnerabilities in this are likely the result of issues with the extension itself rather than OpenSSH, IMO.
Like many people, I'm trying to step back from google/facebook snooping, and this would be a solid step toward such big brothering. I suppose next they'll see what email providers I use and whom I correspond with with mutt or whom I chat with on other services with finch etc.. Why expand google's data-gathering "attack surface"? And all this for... (?) what does this offer that sets it above my current terminal client?
Someone please tell me if there is any technical reason I should need to sign in to add an extension (in particular this, or some game).
>For me this is a bridge too far: I don't care to tell google about every single extension/application (extensplication?) I'm using.
Is there anything to this " I suppose next they'll see what email providers I use and whom I correspond with with mutt or whom I chat with on other services with finch etc.. Why expand google's data-gathering "attack surface"?
Or is it further chicken-little, slippery slope conjecture with no basis in reality? Keep in mind that you're connecting to their web store to download this, even sans login. That means they have your IP, and a metric ton of identifying information about you via your browser fingerprint (ala Panopticlick). Complaining about signing in just seems rather silly. Oh noes! They know that you downloaded an extension!
You'll have to forgive me for being blunt. This particular absurd line of thought is starting to seriously become an annoyance - even the chans have latched onto it. Correcting people who have the wrong idea is getting old.
Maybe they do, maybe they don't. ;-)
So they are a targeted-ad company whose value is to a great extent commensurate with the amount of information they have on users (another uncontroversial statement, I hope). More info = more value, and you think it's "conjecture" to speculate that they might push further and further into your experience on their platform?
This is the crux of it for me: I've been installing desktop applications and browser extensions for years, and I've never needed to tell an advertiser and the biggest tracker / data snooper on the 'net what my email address. Now all the sudden I do, and there's no (clear) method to opt out, and I'm OK with this because why? I'm willing to trade my data for services when the services are valuable (I use gmail & facebook), but this looks like "give us more info, just cuz" with no value prop. Sure you can sync but I don't want to and there's no reason you should be forced to sign in; that is 100% about data gathering (otherwise there'd be a "forgo sync" option).
IP address and browser fingerprint is not the same as "link everything explicitly to my google account," by the way.
"You'll have to forgive me for being rude, obnoxious, conclusion-jumping."
Fixed that for ya.
Obnoxious? Don't post misinformation and you won't be challenged.
Conclusion jumping? What conclusion did I jump to?
And as far as making "Fixed" posts go.. doctor, heal thyself ;)
The login can be optional if Google chooses to make it so. If I don't want to log in and therefore endure a shitty UX, let me have that shitty UX, thank you very much! It's not like I need all the same apps in all my devices anyway. For example, I might not need this SSH app in a device that can run a proper OpenSSH client.
And that's exactly the problem that some of us have with the /Chrome(OS)?/ philosophy. It's either their way or highway, with no options in between. (That's not necessarily bad for everyone, though. There are alternatives like Firefox for those who don't like Chrome.)
Trust me when I tell you this:
Google will never steal money from your bank account, by using a password recovery link that you had emailed to your GMail account.
Does that really need to be said? Do you really need CONVINCING of this?
my bankaccounts are important, but they also come with fraudprotections.
the complete picture of my life, all data mined, possibly misinterpreted, and then availableto my enemies is farmore scary.
Gmail was not the OP's cause for concern.
Kind of a pain, but if someone does want to try it out badly enough...
Google seems to be working on this. If you've ever seen someone without a Google account try to use Android for the first time you can see how much effort they are putting into stopping people from using their products.
*The DSi Shop is a big pile of fail, but that is unrelated.
It's about ensuring that the same experience exists whether you're spending money or not. The reasoning goes, if it's painful to spend money the first time, many people will never set things up if they can get away with free stuff. But if you're required to have an account with a credit card already set up to even get a free thing, then you're more likely to spend money when the time comes. This is also why installing a free app on your iPhone requires you to enter your password and confirm your purchase.
Google's implementation of this is worse than Apple's, because they don't demand your credit card information until the first time you try to purchase something. But ultimately, they're both driving at the same thing, and it's hard to argue with the fact that they're pretty successful at it.
As for your DSi, I hope you never lose or damage it. The lack of accounts for the store means that your purchases are bound to the device and are non-transferrable.
It was really difficult with the ADP1/G1 back in 2008. But meanwhile it is not that difficult if you don't want to use the Google services.
You press the "skip" button and then don't try to launch Gmail or Google Play or anything else that understandably needs a Google account.
What is so... appalling about that. There is no effort to "stop people" from using an Android phone without Google. Further it's a pretty silly attack on Google given their competitors and the fact that you bought... a Google Android phone...
(edit: speaking about the Nexus line of phones which I would tend to argue best reflects Google's "effort".)
To those saying "who cares" consider that you may wish to use this extension on a computer where you don't feel comfortable issuing your Google login credentials.
maybe some people don't care, but i think it's pretty cool.
This is actually completely solvable, if it was something lots of people wanted to do it could be trivially built into any browser.
It could be built into FF globally with an extremely simple plugin.
But to be honest that's not how I actually do my stuff. I use QuickSilver and when I want to go to Mail.app, I just press Cmd-Space, then 'M' or 'Ma' (because Mail.app begins with M) and press return. It takes less than 0.4 seconds (QS is wicked fast) and is much more convenient than a tab in my browser. Not to mention that a native app is usually way faster and more responsive (I have a ridiculously slow internet connection).
Nevermind "killer" app... why is there ANY need for this?
I feel like I'm missing something very obvious.
I can't work on a Windows machine without installing SecureCRT or Putty. One less thing to install and tweak.
Additionally, it doesn't even work right. In a screen-controlling app like vim it seems fine, but in the normal shell, once I enter enough text to use more than a screen, the bottom-most line is actually off the window (even if I scroll down).
And your browser size issue goes away if you open the terminal in its own window. Chrome even has an "Open as Window" option (right click on the Secure Shell icon) to open in a window with no browser UI.
Now this isn't the same because it's NaCl and therefore not pure-web, but a pure-web terminal emulator would be awesome! It would mean you could embed it within normal web content and mash it up with other stuff. Want to edit your dropbox contents/Gmail in Vim? Maybe pipe the contents of a file into a text box? Maybe just live refresh the output of your web site when you save?
Actually, I'm running out of cool things you could do. Nobody needs a spinning 3D cube with a PDF on it, but the fact that you CAN do it means that people will invent something useful for it, and I have no doubt they would invent something awesome with an in-browser terminal emulator.
Unfortunately, this being NaCl, it may not be it. Shame.
The only reason it isn't currently cross-browser is because I don't have enough time in the day to make it work everywhere. I tried not to make it too Webkit specific though. If some brave JS hacker/Firefox user wants to make this cross browser, I'd be happy to help.
The Chrome extension could be nice for preconfigured "many-to-many" single-sign on from/to a number of hosts with a (hopefully encrypted) RSA key, however.
Looks like this will eventually replace the inbuilt ssh supplied with crosh (Chromium OS shell)
So with the Chrome keyboard shortcuts to switch between tabs, it makes things a little quicker.
I also started a new tmux instance (rather than attach to existing one) still no status bar. Any suggestions ?
Edit : Problem solved. I went into Full screen mode (F11) after clicking in addressbar (When focus was on the terminal, F11 printed ~) Anyway, when I started tmux in full screen mode, I could see tmux status bar. I continued to see it even after I left full screen.
Not sure what was the (temporary) problem.
What sorts of configs have you had to do for Putty?
Seems like one of its goals is to make it easier to move PuTTY configurations from one machine to another.
FWIW, it was reviewed internally by Google security people before going live.
That said, there are minuses. The big minus is that Chrome, like literally every piece of software that handles the download and installation of other software, provides an entirely new way to discover, download, and install software. The instructions for downloading putty for windows is simple and stable over time. The instructions for installing this plugin are Chrome specific and unstable over time.
Overall, I'd say this plugin has marginal positive value.
Does it run on ARM?
I might even move to this entirely if it adds support for key auth; having a consistent environment across all devices on which you work is a big win, even if the native terminal emulator might be integrated better with the OS.
On a related note, I used to cringe whenever I had to do anything on Windows; such a foreign environment. Nowadays so much has moved to the browser that I hardly notice, modulo some text editing shortcuts. The browser is really about to become the operating system.
- It's sandboxed - big deal, if sandboxing SSH were a real concern then it's a call to sandbox-exec(1) away.
- It could theoretically be extended to support HTML-based console interfaces - but sticking a web view in a regular terminal would solve this just as well with less overhead.
(Note the lack of benefits that usually apply to webapps: multiple browser implementations; written in a high-level language, which increases hackability [you might be able to get some of that]; don't need to trust the app; page-based paradigm allows deep linking.)
- Slow. The FAQ says it's intended to compete performance-wise, and it's reasonably fast, but comparing the behavior of 'ls' or, more dramatically, 'cat /usr/share/dict/words' or 'yes' (try interrupting it) demonstrates that it doesn't quite hold up. *
- You have to trust a silently updating, non-downgradeable app with your data. I guess people already do this with Chrome, but terminal emulators don't exactly benefit from constant updates in the way browsers do.
- Non-native - if you're on Chrome OS, this is a benefit, because Web is native, but on other operating systems, you lose the look and feel of the OS (from Terminal.app: useful cmd-tab, transparent window backgrounds, Lion fullscreen mode, Lion auto reopen, other applications can launch the terminal, native keyboard shortcuts, ctrl-w...) for no reason.
- The current version requires an account(!!)
- The current version is buggy - when I try it, just typing "ls" messes up the terminal so that it's not fully scrolled down. I guess this will be ironed out soon, but existing terminal emulators are highly stable.
*edit: or 'bb', heh - Terminal doesn't exactly handle it well (it's a good demonstration of the superior performance of xterm), but at least it doesn't hang like this terminal
The difficulty interrupting something like 'yes' is a known issue. We need to add some flow control to deal with cases where the network overwhelms the UI. This also makes hterm appear slow when cat'ing /usr/share/dict/words, and running aafire. A fix is in the works.
Yes, as you mention, automatic updates are something you already accept with Chrome. It also seems to be the way Firefox is heading. And Android and iOS apps. Anyone is free to build a version locally if they really want to stick with a particular version.
The webstore may require an account, but the source is open. You're welcome to build it yourself. Or, create a throw-away account and download the CRX, then install it in your "real" account.
Of course the current version is buggy, it says that right in the web store description! I've been working on it for a few months now, but it's difficult to get everything right in a terminal without a lot of users. I fixed an issue after the 0.7.9 release that may be what you're describing, but I can't know for sure without more details.
FWIW, as the FAQ says, the terminal emulator and the NaCl SSH client are essentially two codebases. Maybe you could impress people by creating a good-web-citizen version of the SSH command and combine it with hterm.
That would most definitely require an HTML-to-SSH relay in the middle (which hterm supports). Then you'd have to trust that though, at which point you have to decide where you really want your potentially untrustworthy code to live.
> Can I connect using a public key pair or certificate?
Sorry, not yet.
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
Permission denied (publickey).
Connecting to -i id.pem user@host, port 22...
Loading NaCl plugin... done.
Warning: Identity file id.pem user@host not accessible: No such file or directory.
This explains why my Keychain did not work, since I was logged into a "remote" host.
I mean sure, opening up an ssh client is 4 keystrokes for me (on windows) but we need to have it integrated into the browser so firefox (or chrome in this case) can find a way to be even more of a bloated memory pig.
no ssh keys, no port forwarding, Chrome 19 + "Open as Window" for some shortcut keys, etc.
Welcome to Secure Shell version 0.7.9.
The list of Frequently Asked Questions is available here: http://goo.gl/m6Nj8
Connecting to email@example.com, port 22...
Loading NaCl plugin...
Downloading the official chrome build works.
Everything works perfectly both to localhost and across the lan.
Oh wait a minute...
I tried adding it manually in settings->Content Settings...->Handlers, but it only allows you to select handlers on sites that have already requested permission, not add new ones (as far as I can tell).
I'd been checking every few months for the last several years to see if sockets were available in NaCL, for this exact killer app (along with a vnc/rdesktop client)
Sad that it had to be done with an internal whitelist, but I'm mostly just happy that it exists for me to use even if I didn't get to write it!