[vox-tech] Exporting displays

Karsten M. Self kmself at ix.netcom.com
Fri Mar 18 00:53:43 PST 2005


on Thu, Mar 17, 2005 at 02:26:32PM -0800, Mark K. Kim (lugod at cbreak.org) wrote:
> On Thu, 17 Mar 2005, Karsten M. Self wrote:
> 
> > on Wed, Mar 16, 2005 at 10:42:41PM -0800, Mark K. Kim [censored] wrote:
> [snip]
> > >    $xhost +
> >
> > BAD MARK.  NO DONUT.  OR COOKIE.
> 
> Lols.  In theory, you're right that it's a bad advice.  In practice, it's
> not a problem, especially for:
> 
>    1. Brief connections.
>    2. Local/trusted connections.
>    3. Connection check before securing it.
> 
> One should always be aware of security issues, of course, which I briefly
> touched upon and suggested using ssh instead for that reason.  The MIT
> magic cookie thing would be the next best thing but it's so convoluted
> that nobody uses it.
> 
> BTW, John, you can add a hostname after the '+' sign to allow connections
> only from that computer.  Example:
> 
>    $xhost +remote_host_ip_or_name
> 
> which would be the next next best thing to ssh -X and MIT magic cookie
> thingy.
> 
> My autoshop teacher once told me that a good mechanic always uses the
> correct wrench for the correct nut, so a good mechanic should never use
> the monkey wrench (a.k.a. adjustable wrench.)  But a good mechanic, he
> added, would never be without a monkey wrench in his toolbox.  `xhost +`
> is one of those monkey wrenches for UNIX people, and it would always be
> a tool I'd teach people along with `ssh -X`.

xhost is rather more like the guy who uses chisels as screwdrivers or
for opening paint cans.  Actually, using a chisel for live-circuit tests
on 220VAC is probably about the right spirit.

See my earlier response quoting Joe St. Sauver.  The Intranet is dead
but for the very smallest values of same.


Peace.

-- 
Karsten M. Self <kmself at ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   Moderator, Free Software Law Discussion mailing list:
     http://lists.alt.org/mailman/listinfo/fsl-discuss/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://ns1.livepenguin.com/pipermail/vox-tech/attachments/20050318/cb080169/attachment-0001.bin


More information about the vox-tech mailing list