BrowserBox VS BrowserBoxPro

Is that right? Could be a recent acquire if it's DOM mirroring.

I heard CF acquired S2 a few years ago, and what S2 did is they created a WebAssembly binary that composited the browser SKIA draw instructions on the client, and streamed the SKIA draw instructions from the server. Not without its issues, but certainly useful.

What we do is just stream pixels to the client. Yes it's expensive in terms of bandwidth, relatively. But the advantage is simplicity. And with a close server and bandwidth trending faster and cheaper, with the increasing drive to video consumption across media, I don't see bandwidth as an issue.

If you're interested, our code is on GitHub: https://github.com/BrowserBox/BrowserBox

Click through for a version on a server close to you that you can play with now.

Source code here: https://github.com/BrowserBox/BrowserBox

This demo is probably not really ready for a widespread audience, but luck it I’m just posting it anyway

> Edit: parent commenter seems to be promoting their product. Looks like a random remote browser, perhaps avoid entering important credentials there.

True. Maybe I should have put a full disclosure? I thought it was obvious, but I get if it wasn't. I'm sorry for not being more clear!

It's a good point to advise people to avoid entering important credentials in something that probably looks untrusted. I'd also advise that at this stage as we have no SLAs for now, and are just testing this SaaS-to-be demo of this source-available product:

https://github.com/BrowserBox/BrowserBox

Thank you for pointing out the reasonable and important security concerns. Although I should have probably done that myself, I was just so eager to help!

Aside: I am surprised tho that you were unable to even login on your VPN. I would think that the IP blocks we run the browser form and those of a VPN would be in the same category of 'cloud IPs', so why should it work on CloudTabs but fail for you directly on a VPN? Who knows?

These are difficult problems and perhaps the modern web has developed at a pace that older tech like RDP has not kept pace with. But Guacamole bucks that trend. The video shows how far it has come.

Guacamole is good, and I love that it's clientles and works in the browsers, but VNC lacks sound so you need to do that separately. Also the input lag when remote frames increase in frequency is challenging.

If you're looking for something lighter weight and possibly smoother and faster (albeit non-free software with a non-commercial option), check out BrowserBox: https://github.com/BrowserBox/BrowserBox

Solving input lag, and maintaining responsiveness across a range of bandwidth situations has been one of our priorities and I think we've mostly achieved.

We've accomplished this through a combination of sensible heuristics for congestion control, and using WebRTC with a fallback to WebSockets when faster. We also have audio out of the box, no set up required!

However there's always room to improve, which is why it makes it so exciting to work on. Depending on how close you are to a server you may encounter lag issues, too. Check out a free live demo of it working here (sorry, signup is not supported yet!):

https://browse.cloudtabs.net/signupless_session

Some other problems we solve that are not always so easy to configure with Guacamole (and are harder to do with an RDP layer in general), but much easier for us as we virtualize the browser itself are first class mobile support.

Obviously that's an issue with remoting desktops from small form devices in general, but if a browser is all you need remotely then we got your back! :)

Same time, BrowserBox will not be for everyone. It all depends on what you need. Get on touch if you are interested!

Run your browser on a remote machine? Using say BrowserBox: https://github.com/BrowserBox/BrowserBox

Full disclaimer: my company develops it.

to "repoint", or reorient an active RDP session to instead targe the "console", a sort of persistent virtual terminal session that the computer always has. From the days of when people actually sat in front of the machines they were using. Physically, like.

I thought that if I could send my RDP session to console then it would live. It would be alive!

And it was. But the audio still died.

All the while, I was context switching out of RDP back to my macOS desktop, to check my BrowserBox connection open in a regular browser tab. Every time, no matter what weird configurations, registry settings, or supposed ways to change various settings related to RDP, nothing worked. Every time audio still died.

This was quite possible the biggest, craziest bug I ever worked on. (Interestingly enough the second biggest, craziest bug I ever worked on was also audio related).

But maybe it wasn't a bug. Maybe it just wasn't to be. Perhaps the gods willed it to be not so. None shall ever, from now until the ashes fall upon the ghost of the world, and time stands finally still, stream audio from Windows Server without a real RDP connection.

It was during this period I also discovered the idea of a Windows Session Host server with Client Access Licenses. Turns out, you need to purchase a RDP license from Windows if you want more than 2 RDP sessions (approximately) to the same OS instance/VM.

Turns out, too, that this notion was not related at all to getting audio to work.

It really seemed like I'd never get there. I was starting to think: Cut my losses, abandon it. It was a nice dream, shame it didn't work out, but that's what happens sometimes.

One day, I woke up with a hunch, that if I could someone use VNC at the same time as RDP, perhaps I could trick the repointed console session into staying alive. I didn't know how or why this should happen, but it just seemed like: it should, somehow. As if through all my intense working with Windows, it was somehow whispering to me, telling me how it wanted to be treated. As if Windows itself wanted this to occur, and somehow through all the interacting with it, I'd absorbed that message. And figured it out. I knew I was onto something with this. Momentum, and optimism, returned. I felt re-energized. I began to feel like this was possible. But still, I had no idea how to do it.

Turns out, I eventually figured it out. And made it repeatable. And further that it worked on: Windows Server 2022, Windows Server 2019. It also, IIRC, worked on Windows 10 and Windows 11.

I formalized it all into a ridiculous PowerShell script where nothing now seemed impossible (so I went so far as to even use crazy C#-in-PowerShell hacks to close windows automatically as part of the install process, just to ensure that all that epic work, 10 hour days, maybe for over two weeks or more, were not wasted. And finally I ended up with a script that actually managed to both install BrowserBox, and set up the required VNC/RDP dance needed to keep the Windows audio drivers active, even when I do not have an RDP connection.

It was kind of complex, and like synchronized swimming, depended crucially on the order of the orchestrated VNC and RDP connections, and what was done in each session, but roughly, the process the enable audio on Windows versions, went like this:

- Create an initial RDP connection to the Windows based server for setup.

- Set up the application by performing a normal install of BrowserBox

- Open up registry key settings enabling: multiple (the maximum allowed for free, which is 2) sessions; and connecting to localhost

- Also set up a login script that will perform "The Magic Task" described below.

- Install VNC, and configure it with a password. From within that RDP session, create a VNC connection from that Windows server to itself, and ensure that VNC window is open and not minimized.

- From within that loopback VNC session just created, execute the logon script (which will happen automatically) to perform the Magic Task. The Magic Task is: use tscon to repoint the current main active RDP connection (from my local computer to this remote Windows machine) to instead point at console, disconnecting me, and creating a ourobouros-double-loopback-VNC-RDP-ying-yang super session that is self-stabilizing and crucially (Crucially! because at that point it had been 3 weeks of effort!), keep the audio streaming

The music might die one day. But not today.

I managed to factor out this code into a relatively reusable-esque script that I called Thunderbird (because I was so in awe of myself at that point haha!)

You can see the code here:

https://github.com/BrowserBox/BrowserBox/blob/boss/windows-s...

Postscript

Turns out tho, despite all that effort, Windows was never a very popular target for BrowserBox. Sure, good to prove that it works there and provide a first blush at support, but in the end, not that many people use Windows to run BrowserBox. As proud as I am of that achievement, I can't even guarantee the method described still works today. The script had so many moving parts, I imagine it would be pretty fragile. Also, I have a suspicion that, as of this post today, Microsoft may hear this and want to lock down this seeming workaround because, even tho I don't think there's a way to use it to get more RDP connections that licensed, it sort of seems like something that shouldn't be possible, so I'm kind of worried they will just stamp it out.

This sucks. Supply chain is such an issue.

Even tho we don't currently target any npm releases, I make use of socket.dev to monitor my project by creating an npm release for it. But my project BrowserBox (lightweight virtualized web browser) only uses ~800 dependencies including all descendents, with only 19 top-level deps (cool your heels non-JavaScript folks, this is comparatively lightweight for a full stack boing).

I'm considering just snapshotting all 800 deps into a @browserbox namespace at npm. And then tracking any vulnerabilities discovered and patching the fixes.

It sounds crazy, but that's where we are. At least that way I "own" all the dependencies and can guarantee (up to company security at least) that we don't have supply chain vulns on the Node/JS side.

https://socket.dev

https://github.com/BrowserBox/BrowserBox

I'm using this type of simple approach to build a SaaS right now. We need to spin up many VPS and provision them, and the fastest way to do that is with rsync and ssh.

But we didn't stop there: this SaaS for our open source browser product is entirely built like this^0: behind the scenes it's a collection of bash scripts that implement and execute the business operation of the SaaS.

So basically, it's a command-line interface to the SaaS. Think of it this way, say I didn't have a website, with login, and "click a button to open a browser", but instead people would write me letters, send me cheques, or call me on the phone. Then I can serve their requests manually, at the command line.

The reason I made it like this was:

- clear separation between thin web front-end and actual business logic

- nice command-line interface (options, usage, help, clear error messages) to business logic for maintenance and support to jump on and fix things

- inheritance of operating system permissions and user process isolation

- highly testable implementation

Maybe this is dumb, but I really like it. To me it's an architecture and approach that makes sense.

I'm sure this is not new, and I think a lot of good quality operations must be built via this way. I highly align with the author's stance of the composition of a few simple command line tools to get the job done.

Perhaps we can call this "unix driven development", or "unix-philosophy backend engineering"

0: https://github.com/dosyago/BrowserBoxPro (saas coming soonish)

If you're concerned about these kinds of bugs on your local OS platform you may consider "abstracting away" your local connection point via a remote browser. This way, whatever your local machine and OS, you can have a dedicated server that you run your browsing through. Granted it doesn't enclose your entire network connection: only your browsing, but what it does there is change your IP address, mask your location, and add protection from browser 0 days.

We're constantly adding new features add BrowserBox to respect and protect privacy and improve the overall experience. It's open source so you can change it how you want too. If you don't like AGPL-3.0 you can get a commercial license. Come take us for a spin: https://github.com/dosyago/BrowserBoxPro

If you don't want something open source, but prefer the joy of a large company I think Mullvad also has their Mullvad Browser which does something similar!

Agree. This is one of the reasons it's better to go with older and more reliable JPEG for viewport streaming. An exploit chain would need to penetrate screen capture images to pass to the client. Browser zero days do occur and this is why it's important to have protection. For added protection consider browser isolation. Check out open source Zero Trust browser isolation at BrowserBox using JPEG (now WebP) now: https://github.com/dosyago/BrowserBoxPro

Technically, we did try using WebP due to its significant bandwidth gains. However, the compute overhead for encoding versus JPEG introduced unacceptable latency into our streaming pipeline, so for now, we're still against it. Security is an additional mark against the newer standard, as good as it is!

Notes

renice: https://stackdiary.com/linux-docs/renice/

audio server code: https://github.com/dosyago/BrowserBoxPro/blob/boss/src/servi...

audio client code: https://github.com/dosyago/BrowserBoxPro/blob/boss/src/publi...

-------

FAQ

What real time prio did you renice to? We tried a few around -16 but settled on -15.

Did you try WebRTC for the audio? Yes, we tried the channel for streaming chunks, but in this case WS was more reliable and faster (I guess it was because we were producing small chunks at a consistent rate). I'm interested in exploring WebRTC audio channel streaming if anyone knows, come and contribute: https://github.com/dosyago/BrowserBoxPro or get in touch at [email protected]

Why are you using WAV not MP3 for audio? Because we're chunking it. I didn't know how you can slice MP3 into tiny pieces for custom ACK-based streaming like we are doing, and I'm not even sure if it's possible: when I tried the MP3 became corrupted, but WAV worked fine, (I guess because it's linear not a compressed self-referential format like MP3). In tests the reduction in bandwidth due to MP3, was somewhat lost to the increase in latency / compute on the server to encode it. If anyone knows a better way to stream audio (or MP3) in this case come contribute: https://github.com/dosyago/BrowserBoxPro or get in touch at [email protected]

People have requested this for years. I finally got around to it. This is a WIP but tested on MacOS and Linux it worked.

Pull the image and follow the run instructions: https://github.com/dosyago/BrowserBoxPro/pkgs/container/brow...

How to Use GitHub Actions and ngrok to Test a Remote Browser, BrowserBoxPro

It's worth noting the following method will work for any web application, it's just surprising to me that it worked with one which uses WebSockets, WebRTC and has a significant back-end component!

I've recently made an exciting breakthrough with my project, BrowserBox, a remote browser application that supports WebSockets and WebRTC. Amazingly, I was able to run and test it successfully in the context of a GitHub Action, even browsing the web as normal! If you're curious about running your own remote browser for testing purposes, here's how you can do it too:

How can you do this yourself?

1. Fork the repo

https://github.com/dosyago/BrowserBoxPro/fork

2. Add your ngrok auth token to your fork's repository secrets under NGROK_AUTH_TOKEN (you need to sign up for an ngrok free account if you don't have one)

3. Go to your fork's Actions page and run the CI action.

4. Wait a couple minutes for the setup to run and click on the URL produced by the "Print ngrok URL" step.

5. Play around with the remote browser! Just click on the big + to create a new tab and enter a search query or an address in the address bar and you're away!

IMPORTANT! I'm not sure if this violates the GitHub terms doing this (it may do! Any GitHub employees please email me at [email protected] and I will remove this Action if it does!), but it's logical that just using this to browse the web would be wasting resources from the Actions runners intended purpose, so don't overdo it! To try to help with this I've set the Action to only run the browser for 5 minutes.

If anyone wants to port this to GitLab or another CI platform, we would very much welcome your contribution!

Anyway, I was really happy and surprised to discover that we can use the generous free compute from Microsoft and GitHub, and the free tunnel from ngrok, to really do some useful things, and you can check up on those and integration test using ngrok and GitHub Actions!

Many comments on here are about this protecting the ad business model, but I think it's actually about protecting against competitor browsers.

If official Google Chrome is the only browser that passes this attestation proposal, you can effectively own the market and prevent new competitors.^0

I'm sure the technical specifics will be slithered over with enough worm-tongue to make it vague and innocent enough to not trigger anti-competitive lawsuits or whatever, but that might still be an option.

From a legal view, isn't this worse than microsoft force bundling IE into its OS? Taken to its full realization, it seems attestation is Alphabet force bundling Chrome into the whole web (that ubiquitous, "global OS", used my almost everyone). It's not there yet, but is it impossible to go from current zero to very-scary one?

As a maker of a competing browser technology (that uses Chrome under the hood), I'm worried about this, but heartened by the fact that as we are also an open-source product, the solution (that I've talked about elsewhere in this thread), if it's possible, will be distributed and built by people.

It's plain that Alphabet faces a conundrum: how do they prevent their investment in the open-source product being used against them? How do they prevent competitors (like brave, and BrowserBox) benefiting from the code Alphabet pays its employees to write, essentially using Alphabet's money to gradually chip away at (or threaten chipping away at) Alphabet's Chrome market share.

I understand the paradox they face, but I don't think "DRM" level control of a global and ubiquitous "means of access" is the way to solve it. But as owner of an open-source company myself, I don't think the solution is one where Google can't capture any value from what they invest in creating.

In terms of the long term economics, I don't have a solution. But I don't think that matters. I think technically there will be solutions to this, and they'll be built in the open.

DOSYAGO is really not an activist company, nor do we seek to be. But some things are worth standing up for. Future of the web should be one, I think. If you'd like to get involved, come on over to BrowserBox and contribute!

https://github.com/dosyago/BrowserBoxPro

0: With a current "monopoly", these new competitors may seem theoretical, but I think internally their viewed as very real threats over the long term. Brave, etc. And the fact that anyone can use Chromium to build a new browser.