Bad Review of VNC at CNET

Yan Seiner yan "at" cardinalengineering.com
Tue, 18 Sep 2001 10:33:44 +0000


My take on this:

VNC was intened AFAIK for remote admin use.  As such, it assumes a
certain base knowledge of networking, tcp/ip, and security.  Any admin
who opens random ports to the internet, and leaves servers running with
root priveledges accessible to the public, deserves to be shot.  VNC
docs basically tell you to run VNC via a vpn or ssh.  I can't see
PCAnywhere running via ssh....

VNC was intended to run over a high-speed local area network.  If the
reviewer bothered to read the docs, he would find out that's why it does
not have encryption or compression.  Both take CPU cycles that are
better used elsewhere.

I was amazed at the negative attitude of the article.  This sounds like
a paid hack piece for GoToMyPC...

OTOH, there are valid points.  VNC has the same problems as many
maturing open source products.  I'm guessing it started life as a need
for some admin.  S/He got tired of walking around looking at servers, so
s/he wrote a little proggie to help him/her.  S/He didn't need docs.  It
worked so s/he gave it to some other admins.

Next thing you know, the proggie has some real features, still is
lightweight, and still has no real docs, so we put it on a web site and
let people download it.  Unpaid people like to code much more than write
docs.

VNC also follows the *nix model as opposed to the win model.  

*nix utilities tend to be small, lightweight, and rely on other
utilities to provide essential features.  The advantage is that the
utiltity itself is easy to use and relatively simple to code and
maintain.  The downside is that the user is left with the task of
integrating the various tools to get the functionality he needs.  Take
security, for example.  I don't worry about running a secure VNC since I
only run it over a vpn.  The vpn took a while to set up on its own; if I
had to bootstrap a "secure vnc" from scratch I'd have several months of
work to get the bugs out.

win tools tend to be all-in-one, self contained kitchen-sink-and-tub
appliances.  The advantage is that everything is provided in one
package, so the casual user can easily have the full functionality. 
OTOH, when you need more than one package running at a time, the result
can be a mess.  Each package doing its own security, for example, opens
lots of vulnerabilities.  I have to have lots of open ports, and
programmers with limited security experience are coding the security
layer of their apps.  Since the source is closed, there is no way to
ascertain the quality of the code.


--Yan

Greg Breland wrote:
> 
> I read a very bad review of VNC on CNET today.
> 
> http://www.cnet.com/software/0-3227892-1205-7056561.html?tag=st.sw.3227892-1204-7056561.rev.3227892-1205-7056561
> 
> The review was so bad, that I feel it needs to be responded to to
> correct the blantent errors and misinformation contained in it. I have
> written a response to the review and would like your help checking that
> I have all my facts in order and that I have crossed all my Is and doted
> all my Ts. :)
> 
> http://www.mozillanews.org/vnc/cnet_response.php3
> 
> Please email me with any additional information you think should be
> added or removed as well as any corrections.
> 
> Thanks,
> 
> Greg Breland
> ---------------------------------------------------------------------
> To unsubscribe, send a message with the line: unsubscribe vnc-list
> to majordomo "at" uk.research.att.com
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------