Hacker News new | past | comments | ask | show | jobs | submit login
VNC over gif (github.com)
206 points by waxzce on May 24, 2013 | hide | past | favorite | 49 comments

Does the browser keep the entire gif in memory? That could be a problem with long lasting sessions...

The code creates a new buffer for each frame and then pushes that into the gif. There is no freeing of memory or any kind of ring buffer being setup. So yes, it keeps eating memory.

Perhaps a periodic page refresh would work around the issue. Then that brings up another question, is any part of the gif cached by the browser or downstream proxies / web accelerators?

The client side could wrap the gif image in iframe to control the refresh.

I wonder if this could be used as a way to crash browsers if there's no check for image sizes? Most sites allow user submitted images and over time one could stream big enough gif (...err jif) to crash idle tabs.

i saw a site linked on HN that was using that kind of technique to siplay public camera feeds, if anyone remember the link , would be great to share it again.

Security cameras use MJPEG (Motion JPEG), which works quite similarly to animated GIFs.

They're very easy to find as most vendors have a URL pattern. For example, here're a bunch of public security cameras made by Axis: https://www.google.com/#output=search&q=inurl:axis-cgi%2...

you're probably thinking about this (which now 404s): http://cryptogasm.com/webcams/

Don't know why it was taken down. Here is the old thread : https://news.ycombinator.com/item?id=5543465

which mentions the Content-Type "multipart/x-mixed-replace" technique used to constantly update jpegs in the browser.

I'd like to see this too

depends on browser, but I guess yes.

Doesn't work out of the box on OS X: https://github.com/sidorares/vnc-over-gif/issues/1

This is genius! I was just this week trying to think of some way to abuse slow-loading of images by generating the image as data comes in.

This is perfect.

There was a post on HN a few months back of a gif-based realtime message transport : https://github.com/videlalvaro/gifsockets#readme

One way to improve my Instant Background Uploader app [1] and make it actually instant would be by doing just that. Generate the image URL right away and start streaming it while the upload continues.

Instead of waiting for upload to finish before giving you a URL.

But you'd need control over the image hosting backend cuz ImageShack won't let you do it.

[1] https://github.com/shurcooL/InstantBackgroundUploader_OS-X https://github.com/shurcooL/InstantBackgroundUploader_Window...

Interestingly, I already have an image uploading service (that only I use).

It may be a little complicated to make it do this, given how it works currently, but I might try it out.

I too had idly been thinking about this while viewing a few Vine videos that were all using it seemed h264 on iOS.

Great idea. But I guess the performance and latency must be an issue.

I am also currently working on a web-based remote desktop app as a side project. I am using socket.io (python port) and pngs, using transparency to only update the part of the image that changed between frames.

However, I also thought about using long-loading animated gifs, because:

1. Run-length encoding seems to be ideal for screenshots.

2. You can use transparency to only update pixels that changed between frames without need for an alpha layer.

3. Palette-based does not seem to be a big issue for screenshots, which typically have few colors.

4. You use an additional frames to update colors that are off [1]. That way you get the best of both worlds: low latency and high quality images.

Do you have any issues using gifs? Memory usage, closing connections, etc...?

[1] http://phil.ipal.org/tc.html#

GIF doesn't have RLE. It only has dictionary built from "previous pattern + 1 new pixel", so even transparent areas are wasteful (1+2+3+4+5+6px etc in optimal case and you have to restart when 4K-entry dictionary fills up).

Is this supposed to install on Windows? I get a whole bunch of errors when I run "npm install -g vnc-over-gif", most of which seem to be related to node-gif.

Edit: Apparently they're related to unistd.h, which doesn't exist on Windows platforms. Too bad.

I might hack a bit on JS-only gif encoder this weekend but at the moment yes, you need to have proper development environment to compile under windows. unistd.h dependency might be an easy fix though

Interesting that npm is being used to deploy a regular old CLI application that has essentially nothing to do with javascript development. Are we seeing the future of package management with these distribution-agnostic tools?

No, you're just seeing javascript come into its own as a general purpose language community. The surprising part isn't that it's being shipped in npm, it's more that people like programming these sorts of tools in javascript.

This sort of thing is common in Ruby and Python-land. And infinitely better than the `curl foo.io/trolol.sh | sh` we've seen emerge in the last couple of years.


This kind of thing was somewhat common back when rsh / telnet were the usual ways of accessing remote systems.

People have been doing this with CPAN for many years. See: LWP and it's GET, POST, lwp-request utilities.

It's written in javascript and requires nodejs to function, which comes with npm

This is a very common practice if the CLI application depends upon Node.js.

I really want to try the functionality of this, but I don't have npm... I might just have to get it. :(

Install from NodeJS.org it comes with npm. Note: this tool is apparently linux centric. You should have a development environment (c++, make, etc) installed as well as Python 2.7 in order to work with development modules.

As some module mature, they do offer bre-built binaries as needed.

A few years ago I leveraged some reverse engineering to stream individual windows as GIF images.

More info if you're interested: http://zachcimafonte.com/GIF-Window-Server

Is the source code available?

Very interesting. I have a tool that I use for supporting our iOS apps that streams screenshots of the users session to a browser window. Right now I just have that browser window refreshing every 2 - 3 seconds but this could be a much more interesting way to stream those screenshots. Non-technical users + no screen sharing on iOS is absolutely awful for supporting SaaS applications.

This nicely solves a problem I've been asked about: how to share a screen securely (read-only). VNC protocol and implementations are too complex/sloppy so I don't trust them. An endless GIF, on the other hand...

> VNC protocol and implementations are too complex/sloppy so I don't trust them.

The protocol is 50 pages long with pretty reasonable margins and it even has pictures: http://www.realvnc.com/docs/rfbproto.pdf

It is an afternoon read. Most desktop environments in Linux implement their own VNC server just because it isn't that complex and you can implement a subset of the protocol for a server anyway.

I imagine if there was a protocol flaw revealed (or even in the many implementations like libvncserver) it would be patched overnight. All of them support viewer-only mode. I like krfb, because by default it only uses access passes rather than a global password, so unless you give someone credentials of an access ticket nobody can login.

I bet an exploitation in the way gifs download and how http resolves file transfers in the dozens of implementations of both is much more likely to have an exploitable man in the middle or other mechanism to eavesdrop, if not take remote control.

For my use case I'm not worried about the client's security (in fact, he's the one I'm interested in protecting the server from).

We probably are assuming very different tolerance thresholds on security. But even so, I don't think you can argue for any security advantages of typical implementations for a 50-page protocol when comparing them to a one-way simple GIF sender.

+1 rfb protocol is not complex and properly documented

It depends on what you compare it to. I meant complex in the context of the use case I have in mind. It certainly IS much more complex (and powerful) than a simple GIF creator. But if you only need a one-way, low quality stream, RFB is overkill.

What about a service like join.me or gotomeeting?

For this use case I don't trust implementations that I have source code for, due to their complexity. This is intended to share screens that lie behind a firewall. It wouldn't make sense to trust third-party code with closed source code and a similarly complex protocol (and undocumented). Neither would be logical to add this third party, the middle-man, as a point of failure and attack.

Cool, mjpeg might make more sense for vnc though, they animate fine ff at least.

"Requirements... netscape 2.0+"

Made me chuckle, but probably quite accurate.

Is it possible to add mouse clicks via html image maps?

Yes, I was thinking about server-side image maps and link with target in invisible frame. Mouse movements are harder (if possible) to send without client side javascript

This is amazing!!!

agreed - for whatever reason, very very very cool!

Just remember how it's pronounced

Choosy programmers choose gif.

can you explain?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact