| ▲ | 65a 17 hours ago |
| As a user, I like wayland. X11 was a security disaster. Wayland is much better about tearing. What scares me though are all the responsibilities passed to compositors, because what ends up happening is that each compositor may reimplement what should be common functionality in annoying ways. This is especially true for input things, like key remapping. This ultimately fragments linux desktop experiences even harder than it was before. |
|
| ▲ | eqvinox 17 hours ago | parent | next [-] |
| Huh. The "security" preventing me from doing things I want to do is a major reason I dislike Wayland :/. (e.g. automation & scripting / input events, clipboard, ...) It also has noticeable mouse lag for me, I really hope this isn't due to avoiding tearing. |
| |
| ▲ | ranger_danger 17 hours ago | parent [-] | | With great power comes great responsibility :) | | |
| ▲ | eqvinox 16 hours ago | parent [-] | | That's a nice quip, but what does it mean in this case? If you remove "insecure" or "dangerous" features that people actually need from software, what you achieve is people using other software, and thus you have failed your responsibility? |
|
|
|
| ▲ | torginus 16 hours ago | parent | prev | next [-] |
| Win32 has managed to do this without any API change, all the existing APIs work. The same approach would've worked for X11. What it does is simple - all the functions that deal with windows/handles or events simply do not work on ones that you don't have access to, for example, the EnumWindows function allows you to wall through the tree of windows simply do not see the ones the process has no access to. SetWindowsHookEx which allows you to intercept and modify messages meant for other windows simply doesnt fire for messages you're not supposed to access. Granted, outside of UWP apps, the application of security is rather lax (this is for legacy purposes, the security's there, just not enforced), but for apps running as admin, or UWP apps, the sandboxing is rather solid. |
| |
| ▲ | adrian_b 14 hours ago | parent [-] | | Indeed, this is the right approach. Moreover, it is possible to choose as the default policy that no program may access a window that it did not open, but then there must exist a very simple method for the user to specify when access is permitted, e.g. by clicking a set of windows to grant access to them. |
|
|
| ▲ | uecker 15 hours ago | parent | prev | next [-] |
| IMHO the security advantage of Wayland is mostly a myth and probably the same is true regarding tearing. The later is probably more an issue with respect to drivers and defaults. |
| |
| ▲ | adrian_b 14 hours ago | parent [-] | | On my desktop computers and on most of my laptops I have never experienced tearing in X11, at least during the last 25 years, using mostly NVIDIA GPUs, but also Intel GPUs and AMD GPUs. I have experienced tearing only once, on a laptop about 10 years ago, which used NVIDIA Optimus, i.e. an NVIDIA GPU without direct video output, which used the Intel GPU to provide outputs. NVIDIA Optimus was a known source of problems in Linux and unlike with any separate NVIDIA GPU, which always worked out-of-the-box without any problems for me, with that NVIDIA Optimus I had to fiddle with the settings for a couple of days until I solved all problems, including the tearing problem. Perhaps Wayland never had tearing problems, but I have used X11 for several decades on a variety of desktops and laptops and tearing has almost never been a problem. However, most of the time I have used only NVIDIA or Intel GPUs for display and it seems that most complaints about tearing have been about AMD. I have always used and I am still using AMD GPUs too, but I use those for computations, not connected to monitors, so I do not know if they could have tearing problems. |
|
|
| ▲ | zb3 16 hours ago | parent | prev | next [-] |
| > X11 was a security disaster. This only matters if you compare properly sandboxed apps, otherwise an app that runs with your uid can still do harm and practically indirectly completely compromise the system.. Are most flatpaks _properly_ sandboxed? Of course not. |
| |
| ▲ | uecker 16 hours ago | parent [-] | | And X11 always had a mechanism for isolating clients as well, i.e. trusted and untrusted clients. Nobody used it because it was irrelevant before sandboxing. |
|
|
| ▲ | calvinmorrison 17 hours ago | parent | prev [-] |
| A security disaster? Howso? |
| |
| ▲ | AshamedCaptain 16 hours ago | parent | next [-] | | Well, it allowed local users to actually use their computers for computing instead of just safely consuming "apps" -- obviously that needed to go. | |
| ▲ | m132 16 hours ago | parent | prev | next [-] | | Letting any GUI application capture all input and take full control of the desktop completely defeats the point of sandboxing and X11 does exactly that. | | |
| ▲ | ceayo 16 hours ago | parent | next [-] | | > Defeats the point of sandboxing Sandboxing defeats the point of said applications. If you want your computer to have no functionality, check out Figma. A clickable prototype sounds like precisely the security the world needs right now. | | |
| ▲ | m132 16 hours ago | parent [-] | | So accordingly, ActiveX was a brilliant idea and any web page should be able to execute code in the kernel context, otherwise no meaningful functionality can be provided | | |
| ▲ | FeepingCreature 14 hours ago | parent [-] | | The whole problem with wayland is this mistaken absurd belief that the security standards of a desktop are equivalent to those of a website. |
|
| |
| ▲ | flohofwoe 16 hours ago | parent | prev [-] | | Yawn, X11 (and similar "unsecure" desktop environments) existed for half a century and the sky hasn't fallen. I'm tired of that "will somebody think of the children/grandparents" scare mongering. | | |
| ▲ | m132 15 hours ago | parent [-] | | It hasn't, but Windows has had its fair share of keyloggers, RATs, and so on, and I think we can all agree that anti-virus software is an inherently flawed concept. The only thing keeping those away from Linux was its market share. With npm malware on the rise, this is no longer enough of a protection. |
|
| |
| ▲ | drtgh 15 hours ago | parent | prev [-] | | Keyloggers for example. Linux always has been a system were the existence of malware was ignored, specially Desktop, contrary to other OSes (tooling included). But since a couple of years ago can be observed (I observe) slooow movements trying to correct this colossal mistake. If this is the best way to do it or not, I do not enter. I particularly just welcome most of the advancements about this matter in Linux due such absence of worrying, keeping my fingers crossed that the needed tooling arrives on time (ten years behind Windows, I think). | | |
| ▲ | calvinmorrison 14 hours ago | parent [-] | | so the security um, hack here is that someone has unauthorized access to your machine. its not related to x11. If you run untrusted code, thats it... who cares about x11? | | |
| ▲ | drtgh 9 hours ago | parent [-] | | Why did you used the "untrusted code" term? sounds like if you were delegating all the weight over the user's shoulders, two years ago, trusted code like xz-utils [0] had seven months of freedom in the infected systems. [0] https://news.ycombinator.com/item?id=39891607 > its not related to x11 Ideally one want to detect malware the earlier possible, and try to restrict what they can do from the beginning, until is noticed. In this case Wayland, voluntarily or not, it's more restrictive than X11 with the access to screen and keyboard. I know, I know, later the reply of the community will be a couple of downvotes more and "that already existed", "you could use, bla bla bla", and this is how Linux is ten years (minimal) behind Windows in tooling for this matter ¯\_(ツ)_/¯ |
|
|
|
