Re: xterm binary ascii transfer
- From: Jeff Silverman <jeffs@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 11 Jan 2006 23:41:39 -0800
On Wed, 11 Jan 2006 21:22:45 +0000, Steve Foley wrote:
> I've always gone under the assumption that if the system was not
> physically secured, there's not much point in securing the network.
>
> These workstations are on the shop floor, accessable to anyone inside
> the building. Why bother wiretapping the network when you can walk over
> to a workstation and get whatever you need?
>
Are you the original poster? I'm confused. In general, security is a
consideration.
Okay, if you don't like my answer, there are more reasons why scp is
better:
1) It's faster because it does data compression. Because scp encrypts
data in blocks, it can compress the data before it goes over the wire. By
way of contrast, the Xwindows protocol adds a bunch of overhead. This is
acceptable when you are doing graphics intensive work, but not when doing
heavy data transfer.
Furthermore, to move a binary file over an ASCII connection requires a
coding that expands the bits into bytes. Typically, each byte (256
possible values) gets stuffed into 96 safe character values, so it takes
about 2-1/2 bytes "on the wire" to send each byte.
Finally, using a file transfer program requires a stream coming back to
the sender for error control and throttling. Over a TCP/IP connection,
that stream creates additional IP packets so that the TCP can work
reliably, as it was designed to do. By way of contrast, since scp runs
directly on TCP/IP, it can send a byte as a byte, and it can rely on the
throttling and error control in TCP.
2) It's simpler, once the sshds are set up.
scp SOURCE_FILE REMOTE_HOSTNAME:DESTINATION_FILE
or
scp REMOTE_HOSTNAME:SOURCE_FILE DESTINATION_FILE
depending on whether you are pushing the file to the remote machine or
pulling the file from the remote machine. This is also very easy to
script. I manage a couple of thousand computers and I use this technique
on a routine basis to update software and push content.
3) I think it's more reliable, but I can't prove that. While my
experience is that X-windows tends to be reliable, every once in a while
an xserver hiccups for reasons I'm not sure I understand (it may be
excessive lost packets, but I can't prove that). scp uses a single tcp/ip
port so it only has to manage a single connection. Xwindows uses a bunch
of connections and if any of them breaks, then there is a problem.
Jeff
> "Jeff Silverman" <jeffs@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
> message
> news:pan.2006.01.11.07.21.58.92835@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> On Tue, 10 Jan 2006 14:06:10 +0000, Steve Foley wrote:
>>
>> > Can you please explain why this is so bad, bad, bad?
>> >
>> > I could see it being a problem is the telnet port was open to the
>> > internet, but if it's not, I don't see the problem.
>>
>> Because the X-windows protocol has "0" security. It can be easily
>> wiretapped, and it is easy to inject things into the stream. If you
>> want to make X-windows secure, then you can tunnel it through SSH. But
>> if you are going to tunnel X, then you might as well just use scp which
>> requires the same overhead.
>>
>>
>>
>> > "Jeff Silverman" <jeffs@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
>> > message
>> >> Boy, are you doing things the hard way, and it not only costs you
>> >> effort, but it makes your system less secure. In short, the way you
>> >> are doing things now is bad, bad, bad. So stop it, right now. I
>> >> mean it.
>>
>>
.
- References:
- xterm binary ascii transfer
- From: yyy
- Re: xterm binary ascii transfer
- From: Jeff Silverman
- Re: xterm binary ascii transfer
- From: Steve Foley
- Re: xterm binary ascii transfer
- From: Jeff Silverman
- Re: xterm binary ascii transfer
- From: Steve Foley
- xterm binary ascii transfer
- Prev by Date: Re: Lost address book, messages - Thunderbird
- Next by Date: Re: how to fix system freezing problem?
- Previous by thread: Re: xterm binary ascii transfer
- Next by thread: Re: xterm binary ascii transfer
- Index(es):
Relevant Pages
|
