• 0 Posts
  • 13 Comments
Joined 1 year ago
cake
Cake day: July 4th, 2023

help-circle








  • jw13@beehaw.orgtoLinux@lemmy.mlThoughts on this?
    link
    fedilink
    arrow-up
    16
    ·
    10 months ago

    It’s a valid concern IMO. Any application on X11 can install a key logger, record your screen, and influence other applications in a myriad of ways. With open source software from a trusted repository, this is not an issue, but an increasing number of people run random binary blobs from Steam, the Snap Store and Flathub. I am 100% certain that some less-conscientious publishers are already using X11 features to build ad profiles of their users; it’s a matter of time before the first ransomware will appear. The only sensible way to prevent this, is to confine applications to their own space.

    But ok, more security isn’t a bad thing. But why not make it an option, like SELinux for example? That way users can choose a degree on a scale between security and convenience that suits their use case and circumstances. Why make it all or nothing?

    Wayland simply doesn’t have protocols for most of this stuff. (Applications are supposed to use D-Bus and portals.) Developing new protocols that offer X11-like functionality is a large investment and will also need changes in the toolkits and apps to make it work.


  • jw13@beehaw.orgtoLinux@lemmy.mlThoughts on this?
    link
    fedilink
    arrow-up
    27
    arrow-down
    3
    ·
    10 months ago

    That is a serious problem, but advocating X11 will not solve anything. Wayland is being improved every day, while X.org is in deep maintenance mode.

    And let’s not pretend that X.org is perfect. Race conditions at least can be fixed, even if it takes a lot of time and effort. Worst case, someone will rewrite wlroots in Rust. But in X11 any application can kill other applications, install a key logger, pin itself to the foreground, etcetera. This is by design: it’s what makes window managers, xkill and xeyes work. It’s also a huge security flaw that can never be fixed.


  • jw13@beehaw.orgtoLinux@lemmy.mlThoughts on this?
    link
    fedilink
    arrow-up
    82
    arrow-down
    3
    ·
    10 months ago

    Most of the post is an “argument from authority”: Trust me, I have a PhD and maintain my own X server, and I assure you that Wayland is a pile of shit!

    OP claims that “actually nothing will actually run” because the stable Wayland protocols lack so much important functionality. In reality, many people use Wayland every day, and multiple large distributions use it as the default display server. This doesn’t inspire confidence in OP’s knowledge.

    Admittedly, the first bug they linked is a real issue and it should be fixed, but it’s not a Wayland design flaw. It’s an (arguably important) feature that hasn’t been implemented by all compositors yet. With the second bug OP laments that Wayland compositors are implemented in C, an unsafe language. This is true about X.org too, so I don’t really see the point. Arguably Wayland improves on X11 here, because someone could develop a new Wayland compositor in Rust, while in X11 this is a core part of the display server.