On 1/18/26 7:27 AM, Derek Atkins wrote:
My #1 required feature is the ability to run over a network.
I do this ALL THE TIME with my servers.
I hope you are not alone in that. It is a very useful feature.
X11 over SSH is a perfect solution.
"Perfect" might be an exaggeration. I'll go with "excellent".
I really admire that X11 was designed as cleanly as it was. As far I
know there was no security designed in, but because it was a clean
architecture it was possible to run over ssh——even though X11 is ten
years older than ssh. The result is the power of a graphical user
interface *and* top notch security (assuming systemd hasn't applied a
vulnerable patch to openssh-server).
I have long used X11 over ssh but my recent heavy dependency is
specifically for security.
It used to be I could be relaxed about my computer's security: Linux is
secure and the bad guys are all going after MS Windows 98, most of them
have never heard of Linux!
Times have changed and Linux is now a target of some very sophisticated
attackers, and that has me worried.
Enter my current Framework 13 laptop. It is pretty fast and has a lot of
RAM, so I am trying to move everything except system administration out
of the host computer and into a collection several virtual machines,
each for a specific set of tasks.
For example, everyone wants to treat e-mail as the new login key, not to
mention how to reset passwords, making e-mail a very sensitive thing
these days. So I run Thunderbird in its own virtual machine
("comms-vm"), in a remote X11 window——not in a remote desktop, but a
first class window on my host computer
Web browsing is pretty important, so I have a VM ("web-general-vm") I
use for that, and I run Firefox (occasionally Chromium) in a remote X11
window.
But the web is *very* important, so I have a different VM
("web-sensitive-vm") I use for purposes such as banking, and again
Firefox is run in a remote X11 window.
The web can also be malicious, so I have a third web VM
("web-dangerous-vm") specifically for potentially evil web sites, and
this one I regularly revert to a saved snapshot to erase any illicit
file system changes. Again, Firefox is run in a remote X11 window.
I have a VM for programming. I don't trust all the various libraries and
modules and crates I might play with (there have been some nasty attacks
on programmers using malicious code), so in addition to the isolation of
a VM I also snapshot this VM to erase any changes, and to let me switch
projects while keeping them separate. (I keep the sources on the host
and pass specific directories through to the guest, as needed, so I'm
able to use git out in the *host* to see any changes that got made in
the guest, including maybe any I maybe didn't make). In my case I used
emacs as my IDE (I have it set up for Rust, C, Python, and bash, and it
works pretty dang well), and I run it over a remote X11 window, so I
have popup widgets for things like text completion of variable names,
mouse-over, real menus, right clicks, etc.. All nice features that are
not available in a text terminal version of emacs.
All these X11 remote windows come together on the host, each as a real
window. I can alt-tab switch between, see them in a menu that lists all
my windows, place them on the host's virtual desktops as I please, etc.
Because this is a very local network connection the performance is
excellent, though programs are slower to launch and there can be some
odd refresh delays. These days compute performance in a VM is
essentially as fast as on the host, though disk IO is not quite as good.
Not bullet-proof, and arguably security overkill, certainly not simple
to set up, but not that bad to manage and I think a pretty good way to
deal with a newly hostile world of computers.
And key to that all being usable is the ancient 41-year-old X Window
System! May it live at least long enough for something better (not just
shinier) to come along.
-kb, the Kent who still does use a remote desktop now and then, but not
very often.
_______________________________________________
Discuss mailing list
[email protected]
https://lists.blu.org/mailman/listinfo/discuss
