I'd proceed with caution. Apparently it doesn't support Wayland, so when you run it under Wayland it offers you a "Fix it!" button that, when clicked, runs sed on some gdm system config files to revert it to X11 (nevermind that gdm is far from the only way to use Wayland): https://github.com/rustdesk/rustdesk/blob/1.1.9/src/platform.... If this is the kind of thing that's considered acceptable by the developer, I'd rather keep their products far away from my machines.
A quick glance at the code also reveals an almost complete lack of comments and copious use of unexplained `unsafe`.
I don't think the application can work on Wayland because it can't inject commands. Screen sharing is a possibility, but that's it: injecting key strokes or mouse input into applications can only be done by even worse hacks. That said, the "let's disable Wayland to fix it" approach is very... pragmatic, to say the least.
This tool was clearly written by someone with a "make it work for the general public" mindset. And, to be honest, I'm not 100% opposed to this approach, although there should definitely be a giant warning system configuration is changed. When a piece of software says "You are using Wayland and this software requires X11, please change your desktop session type" then you're not helping most people. A simple button to fix the problem can be a lot better than an error message with a link to a complicated step-by-step guide.
As is often the case, this client seems to have been made for people running Ubuntu/Fedora, and a relatively recent version at that.
The copious amount of unsafe seems to revolve around operating system APIs being called. Interacting with X11 requires tons of unsafe operations, you can't really work around that. The best you can do is make your own wrappers to hide the fact you're calling unsafe code behind the scenes, but I can't see too much unnecessary unsafe code in there to be honest.
While I agree that a simple fix this for me button is a great option for users, being a destructive fix it for me button is not. If you want to argue that it is a good thing since this particular piece of software, for the typical linux user who uses without understanding it, I want to counter argument that breaking other software which might rely on wayland in some way and the system now being configured completely different as a side effect, is way worse for a usability point of view.
The user now has one app that works, potentially dozens that don't, doesn't know why it broke, and doesn't know how to fix it. Which is why destructive fix it's for a single app is not a great idea. If it was non-destructive, I would totally agree with you.
From a technical point of view I agree, but I haven't encountered any desktop applications that require Wayland and don't work on X11. It's almost exclusively the other way around in my experience.
I'm sure there are some applications out there that rely on Wayland support, but Wayland is unusable for proper remote tech support without some extensions to the API that Wayland developers don't want to add (notably, the ability to send input to running applications).
There are workarounds (hooking directly into the input system, for example) but those work despite Wayland, not because of it.
I'm willing to go as far as to say that by clicking the "fix me" button, the end user will probably end up fixing more applications than it breaks.
Exactly, if it's not something that can be isolated/determined to ONLY affecting the app itself, it shouldn't be done, and if you really really want to do it, there should be a big fat warning, but I really wouldn't..
I think we can leave that up to the users of the software. If the users grant the developer that authority by running the software, and they're happy with the results, then who are we to say otherwise? True, we can decide not to use the software ourselves. But I don't think people like us that are savvy and contrarian enough to likely be affected by this pragmatic solution are the intended target users of this product anyway, at least not on the receiving end (sometimes called the "host" or "server"), where IIUC Wayland needs to be disabled.
> without some extensions to the API that Wayland developers
Depends on what what you mean by "Wayland developers". Wlroots, and thus sway, support such extensions and I think KDE is open to standardizing such extensions. Gnome supports remote desktop through an xdg portal. The problem is that, as with several other things, all of the compositors haven't agreed on a single standard.
Unfortunately doesn't seem like many, as most apps use some sort of toolkit, and generally most support either only X11 or X11 and Wayland, supporting only Wayland isn't popular.
Though people who want to avoid using toolkits would probably do that, as Wayland's API is much more sane for apps.
However for example Waydroid only supports running on Wayland, and somehow nobody has created a reverse XWayland yet (People that ask for this get constantly redirected to nested compositors which is absolutely the wrong thing, a proper reverse XWayland would seemlessly integrate the apps like Xwayland does, and you could drag them, transparency would work, and https://wayland.app/protocols/xdg-shell#xdg_surface:request:... would be converted to _GTK_FRAME_EXTENTS, etc)
I don't remember which anymore, but a bit over a year ago, I tried switching everything to Wayland, and had too many problems in my specific hardware setup, went back to x11 and some things just broke and some apps I couldn't use. It was not a pleasant journey, so to say. The transition itself can also be a problem, some things can stay in a config and then not be properly reconfigured.
I've used sway, as an example to Wayland only, and if you have specific things configured around Wayland as a compositor, they break too..
But that shouldn't really be the focus point of the discussion, what really is the point, you don't just yank a whole system wide config out from under an unsuspecting user, there's so many variables you just don't know or can account for. Creating a stable application, is also respecting other apps and the system it runs on, not just going in blazin' fixing things for yourself and then not caring about what side effect/consequences it can have. And worse, not informing about it properly.
> I don't think the application can work on Wayland because it can't inject commands. Screen sharing is a possibility, but that's it: injecting key strokes or mouse input into applications can only be done by even worse hacks.
This app probably should use libinput to emulate keyboard/mouse instead of tapping into X11. No need for crazy hacks as libinput supports Wayland. Applications that provide remote desktop-like functionality like Sunshine used it and runs well on Wayland.
Notably, the lack of a mouse cursor is kind of a big deal for remote support situations. You want the user to be able to indicate stuff with the mouse.
Think of it as a low latency vnc server suitable for playing games on remote computers. If you want to play your PC games remotely on a raspberry connected to a tv, or on your iPad or laptop, this is for you. Basically self-hosted stadia. But I often use it for non gaming stuff instead of vnc because the latency is very low.
Nvidia gamestream is the proprietary server from nvidia, sunshine is an opensource server compatible with gamestream protocol, and moonlight is an opensource gamestream client.
> injecting key strokes or mouse input into applications can only be done by even worse hacks.
Hum I don't understand this, I've been injecting key strokes for a decade on any Linux-running system using uinput (which creates a new virtual /dev/input). Is this somehow broken by wayland? (I haven't ever really used wayland, nor do i understand how it works)
I use Wayland + Sway plus ydotool(d) on a dailty basis (e.g. with libinput-gestures), as well as kbct to rebind keys (main purpose caps to esc and some ctrl/alt/meta/fn rebinds). Both use uinput. Things I could do with xdotool I can also do with ydotool.
The other day there was an article on HN about Cha Bu Duo. This is it. And it works for quick and dirty hacks. But you wouldn't share those and not care about improvement. You'd put a warning about not using this in production.
I disagree. Not all Rust code needs to be maximally generalized and reusable. If this were library code, I might feel differently. But here we're looking at code for installing a global, system-wide keyboard hook. Using a global variable is a direct, pragmatic, no-nonsense way of doing it.
Edit: Further, there's no such thing as "the purpose of using Rust". Different users can use the same tool for different purposes, and Rust is no different.
At the very least, I would have used an AtomicBool rather than a static mut. See https://github.com/rust-lang/rust/issues/53639 . As a bonus, AtomicBool doesn't require any unsafe code.
That's fair, but I seriously consider the danger of a slippery slope.
To keep in mind, on a pragmatic level, that this type of global can be trivially implemented, at a minimum, via atomics, so the cost to avoid the unsafe is near-zero.
Atomics are not supported by all the platforms, but based on my understanding of their targets (x86-64), they're supported.
It's not that big of a deal tbh and I'm actually not sure there's even a practical safety issue, though there could be bugs if the compiler makes some optimizations based on that (unlikely imo).
AFAIK on any typical platform there's no way you'd have "tearing" for a single byte ie: this will never store an invalid boolean representation.
I am not a user of rustdesk. But from its source code[1], I think does have some warnings about the change. It says,
> "Warning"
> "Current Wayland display server is not supported"
> `Fix it` => a button triggers system gdm config change
> A 'Help' link to github, showing how to change the config manaully.
I wouldn't count it as malware. But I don't think it's OK to change the system configuration by pressing a button of a remote desktop software. It should simply provide a link to user instead.
It doesn't adequately explain what it does before having you ruing your configuration nor should it really be part of this application. An informative message explaining that the application doesn't work on wayland, why, and a link to a page with solutions would have been much better and not placed the user at risk.
I want to counter the prevailing negativity in this thread. I admire the pragmatism of this project. The developers are clearly willing to work hard to achieve what they value, such as producing a single self-contained executable on Windows. But they're also unafraid to take pragmatic shortcuts where they feel that it's OK to do so.
I wonder if the fact that the original author comes from the largest non-English-speaking population in the world [1], a population large enough to have its own distinct software development culture, is relevant. I'm guessing that they don't routinely participate in our English-speaking software development communities. If that's so, then they're not exposed to our norms or the constant negativity of our online discourse. Perhaps that's liberating. Perhaps we need more independent cultures, doing their own thing with no regard for what we think. In any case, for me, software developed in China, such as this project and Zoom (particularly the Windows client), provides an interesting peek into what Jimmy Maher called a mirror world [2]. It may trigger our natural discomfort with foreignness, but some of the differences from the typical American commercial software culture, such as a continued willingness to develop bloat-free native Windows apps, are refreshing.
Edit: If anyone thinks what I said is offensive, please let me know, either publicly or privately. I tried to approach a delicate topic without offending, but I'm not sure if I succeeded.
I constantly feel belittled, undermined, and shunned by the technically literate - especially the hyper technically literate - because of the exact negativity you’re talking about. I can only imagine the level of shock someone who hasn’t built up calluses to the mentality would feel.
The negativity is most often this kind of discourse. How gizmo x wont possibly fly because of some rules and general ideas, and how this person’s other gizmo is really the bar to meet, and everything else is not worth their time.
I cannot impart to you how terrible I felt for months thinking that I was such a bad engineer that I couldn’t stand up a simple web server on a droplet. I felt like “it’s just so easy and obvious” and I gave up multiple times.
This may be crusty software by some people’s standards, but I challenge those same people to put down their high projects, spend 10 minutes writing an issue, or even a weekend with a PR, and dropping this whole schtick of “lol look at the bad developers doing bad things.”
This comes off as damning and condemning, and it is by intent, but it’s also a cry for help.
If you are technically literate enough to identify issues in something technical.. be the person that shares that understanding freely, instead of holding it like a bar of achievement.
> It may trigger our natural discomfort with foreignness, but some of the differences from the typical American commercial software culture
I have to say, this phrase just struck me as pure arrogant xenophobia.
Like most people on here, I'm sure I can safely speak for the majority when I say there is plenty of shit American commercial software out there. The patriotic US flag waving and "made in US" does not automatically make it the best software.
Also many organisations, especially in Europe, will almost bend over backwards to avoid being tied too much to the US because of what the three-letter-agencies get up to, and the anti-foreigner legislation that supports them.
The recipe to get rid of that "natural discomfort with foreignness" that yanks have is simple: Most Americans just need to get out more ... get that passport that so few of you have and spend some proper time outside US borders (and no, trips to Canada don't count, and likely neither does Mexico).
I'm sorry. I'll be more careful next time. I do have a passport, but I haven't yet used it.
Edit: However:
> Like most people on here, I'm sure I can safely speak for the majority when I say there is plenty of shit American commercial software out there. The patriotic US flag waving and "made in US" does not automatically make it the best software.
As someone who happens to be American, I emphatically agree. I regret that I didn't make this clear in my original comment. I meant to say that I think projects like Rustdesk and the Zoom Windows app are better than a lot of American crap in some important ways. I was trying not to be arrogant, but clearly I failed.
Edit 2: As for xenophobia, yes, I'm prone to it. I thought that was a natural human tendency, not peculiarly American, but I could be wrong.
Even though this might add more negativity, when it comes to commercial or at least closed source software, I can attest that "China is worse". I don't think that transfers over to their open source community though. For one thing, one of the reasons it exists is because those people are fed up with the practices of the commercial players in China. Plus, even though there is the language barrier, they are still exposed to the Western open source community, so at least some of our views and practices might have made it over.
I think the "trample the users gdm config" issue for example might be a small influence from the Chinese proprietary software world. A quick and dirty fix. At least there was some message in this case. Usually, proprietary Chinese software doesn't even ask. There was some wild stuff going on in the XP days.
Nevertheless, it still doesn't change my impression. I read it like "(you) don't have to worry about security". The other interpretation "we didn't worry about security" seemed too unlikely.
It doesn't inspire confidence if they want me to be in a relaxed position. I'd expect them to raise concerns about security and take the initiative to show how secure their system is...
I’m not sure I feel great about a project written in rust using “rust” in its name like this, it seems pretty obvious to me that it’s looking for free publicity simply because it’s written in rust, nevermind how high quality the code or application is in the first place.
Sounds great! Even comes with a rendez-vous system so you don't need to mess with firewalls (like you need to with VNC and such).
I can't read anything on the front page though, the website shows up light-grey-on-white. Is that just me? Did the CSS fail to load somehow? Edit: never mind, the CSS sets the text color to #999 and a font weight of 200 for many elements. Apparently that's intentional. Going by the font list, I'm guessing the theming was tested on macOS and made to look nice without testing if the fallback fonts were even readable in the slightest.
A few days ago there was a story here at HN about a chrome plugin that fixes exactly those problems by making the fonts show as black and thus restoring a useful contrast.
I can’t remember the name (it was just two letters, like ‘SD’ or such) and I forgot to bookmark it as well…
Unless this has changed, RuskDesk seems to require a TURN/ICE server to connect at all- you can’t directly connect via IP. This would be fine if you could run your own, but you can’t:
Open home page, "please set up your own server"
Click link, second line "Note: You need buy license When using this software"
Click link, "Currently we are not selling server licenses as we are working on a new version of the server. "
Combine this with the default server being slow and it’s unusable.
I couldn't find a single inline comment nor docstring in the code. I'm no Rust expert, but I know enough about software development to draw some conclusion about the qualifications and proficiency of the developers from this fact.
Been using anydesk religiously for the last 2 years and the increasing ads starting with chrome banners and more recently the "pro" use, I started using rustdesk.
This is really great.
I dare say the performance is "better" than anydesk, nothing objective or I could measure. Maybe its me wishing it be as prevalent and more than anydesk/tw
I like how the screenshot on the main page shows "Not Secure" for the browser window with web.rustdesk.com. This one detail makes me sceptical of the whole product (:
Not necessarily. You can design your system's security and then implement your features first. A good example would be "we know we need TLS, let's get a non TLS version up first and then add it before release".
The problem is they have released it. Even if it’s considered a “pre-release” in versioning terms, it’s still been released to the public in actual terms. And given the nature of this software, it’s not unreasonable for people to expect a base level of security.
I guess we won't agree on this. In my experience this is the sort of "good programmers don't do mistake X". Though technically possible, unreliable in reality.
The cynical side of me wonders when the scammers are going to set-up their own servers for this though and start using it instead of AnyDe(x/sk)/TeamViewer. No way of being reported then other than the IP to the server host themselves.
I'm sure they do once they realize they can, but on the other hand, there are lots of bad things you can do with any open source products. nmap can be used to evaluate your firewall or it can be the first step in taking down critical government infrastructure.
I don't believe that reporting scammers to remote support companies has ever been effective in the fight against these people, especially with the local police departments near the scammers' offices taking their sweet time to respond to any outcry about them.
The sad reality is that less than a week after scammers find out about this tool, the Windows binary will probably be flagged by every single AV engine out there.
My use case for this type of software is helping older, technically-illiterate friends and relatives.
The biggest challenge for this group is getting them to:
Find the website for the tool
Find the download button
Find the file in their downloads
Run it so they can give me the connect number
What the tool can do to help is make the website very distinct so I can be sure from a verbal description they’re on the right domain, have an in-your-face download button, and have 0 install or configure steps upon launch.
I have been using TeamViewer for this specific case, helping out (usually older) people with their computer issues.
I have struggled with this very same problem, and finally using some short url for downloads. Helps a little bit.
But one funny story related to this:
I was helping one gentleman and i told him on the phone that he should go to "www dot teamviewer dot com" . He had not used that before and his English skills were non-existent.
He had trouble finding Download -button from the site and that time Teamviewer.com had young female model stock photo there. I asked him - to confirm that he is on the right website - like "Do you see there that brown haired cute girl?". He answered: "Yes, and few blondes.".
I asked him to read address line for me and it was "teenviewer.com".
After few corrections to the url we finally got Teamviewer installed.
I've found using tinyurl (or hosting/redirecting the download page yourself) is generally best for that.
I use AnyDesk - it was the first one I found which requires no installation (and when I got access, I added a link on the desktop and start menu). However, it requires extra clicks to access sensitive things (device manager at least).
AnyDesk is also what I use at the moment. It's pretty good for this use. There are fake/scam AnyDesk sites with virus downloads so I have to be careful to check which site they arrived at. Tinyurl isn't a bad idea.
The only real problem I face is macOS requires these screen recording/accessibility permissions for the connections to work on some versions and it's extremely tedious to walk someone through setting those verbally.
I use RemoteSupportTool for years now and it works great. Simple VNC over SSL, with no configuration on the client side. No server necessary.
https://github.com/OpenIndex/RemoteSupportTool
I tried this as an alternative to teamviewer not long ago to help my dad with something. He runs a little bit of an older macOS version because reasons (I'm a bit wary upgrading it because another newer macbook my mum owns basically said the device is unsupported when I upgraded to the latest version).
Rustdesk refused to install because the macOS version was too old. Until Rustdesk runs on many OSes, especially older OS versions, it will be hard to use.
Mind you, it's not entirely clear what OS versions are supported from the website, so I went through a
lot of trouble to get my dad to try and install it, only to then be disappointed.
I hope this succeeds. Remote desktop sounds like an easy problem and there are many implementations, but most of them don't work well in practice. TeamViewer works very well, but the company is a bit scummy and the pricing is crazy. Windows Remote Desktop works well between Windows machines, and with Tailscale it's pretty convenient. I use PulseWay at work and their remote control is quite barebones and very slow, even in good network conditions. I remember trying all the open source VNC clients/servers I could find a while ago and was disappointed.
Performance wise, the best one I've tried is Splashtop which is also free for personal use on a lan. Business pricing is pretty cheap imo as well. I used it to remote into a machine ~3k miles away (different country) and didn't notice much cursor/kb latency at all.
In the past I found I was able to play some games on a windows machine remotely across campus from a terrible netbook running arch at like ~30 fps. Every other tool I tried had too much latency or was too poor quality of a connection to make that viable.
Edit. I may have been using the windows client through wine, I don't think they had an official Linux client at the time.
There's a compatibility hack in Windows that causes binaries with "setup" in the name to request administrator privileges, unless they embed a manifest that specifies they don't need it (last part slightly speculative)
So I wonder why they obfuscated the executable name rather than adding the required manifest properties. I get that the overall negativity of this thread led me to look at this with extra scrutiny, but wouldn't the unknown word "putes" in the executable name make anyone suspicious?
The manifest needs to be embedded with the MS build tools (which aren’t available for cross platform builds) or separately as myfile.exe.manifest (making it no longer a single-file download).
We've been using RealVNC's Instant Support (https://www.realvnc.help), it's been the easiest we've found yet that matches the level of complexity customers can handle. We'll check out Rustdesk, as the Web interface would make it even easier for the team to jump on for help when on the road.
Finally! I was looking for something like this for a long time. The closest is MeshCentral but it seems to expect the target computers to stay in the web panel, I needed something like this for quick remote assistance, not having to keep everyone's computer in a list. Looking forward to try this in the near future
awesome from first try on Ubuntu 18.04 LTS and Mac, it even recognized that I have two screens and split them in the remote application 1-2 and can click on 1 or 2 to select what screen to show
also, it has shrink feature to make bigger screen fit on the local screen
A quick glance at the code also reveals an almost complete lack of comments and copious use of unexplained `unsafe`.