You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I apologise beforehand, I know this is a discussion topic and probably belongs on the discord server, but I am currently too busy to follow this up, so I am creating an issue in the hope is starts a discussion among the kind people who do dedicate their time. I noticed this was a relatively new project, and felt it better to raise this now, than keep quiet.
I only came across this project 30min ago, and liked the idea a lot. However the inclusion of a built in SSH server seems very strange to me, and likely to result in all sorts of security vulnerabilities, for example: #52
If I were to guess why this was added it was because of the following two scenarios:
You want to create GIFS on a remote computer where things were setup already for what you wanted to record.
You want to setup VHS on only one computer rather than install it locally, but getting the output files locally.
My alternative solution for scenario 1 is adding the ability to stop/start recording. This way, someone can use ssh to connect to the remote at the beginning of the tabe file, start recording, then stop recording before disconnecting. The advantage here is that VHS does not need to be installed on the remote at all. Another idea is introducing some kind of pre/post hooks concept.
For scenario 2, we already have tools like scp, that should be enough to cover most use cases.
Referencing this famous quote:
Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface.
I think VHS looks really cool. But I do not think it should try and do something that other programs already do well, especially things that potentially compromise security. If users need to allow remote SSH access to a machine, they should use something proper developed for that purpose.
I am sorry for being a bit of downer on what probably seemed like a good idea at the time, I just think this particular idea is trying to solve a problem that could be handled in a more simple way.
The text was updated successfully, but these errors were encountered:
I apologise beforehand, I know this is a discussion topic and probably belongs on the discord server, but I am currently too busy to follow this up, so I am creating an issue in the hope is starts a discussion among the kind people who do dedicate their time. I noticed this was a relatively new project, and felt it better to raise this now, than keep quiet.
I only came across this project 30min ago, and liked the idea a lot. However the inclusion of a built in SSH server seems very strange to me, and likely to result in all sorts of security vulnerabilities, for example: #52
If I were to guess why this was added it was because of the following two scenarios:
My alternative solution for scenario 1 is adding the ability to stop/start recording. This way, someone can use
ssh
to connect to the remote at the beginning of thetabe
file, start recording, then stop recording before disconnecting. The advantage here is that VHS does not need to be installed on the remote at all. Another idea is introducing some kind of pre/post hooks concept.For scenario 2, we already have tools like
scp
, that should be enough to cover most use cases.Referencing this famous quote:
I think VHS looks really cool. But I do not think it should try and do something that other programs already do well, especially things that potentially compromise security. If users need to allow remote SSH access to a machine, they should use something proper developed for that purpose.
I am sorry for being a bit of downer on what probably seemed like a good idea at the time, I just think this particular idea is trying to solve a problem that could be handled in a more simple way.
The text was updated successfully, but these errors were encountered: