So the middleware stays the same but the underlying server changes? That’s an amazing strategy I wish Wayland did this instead of breaking damn near everything with it’s strange restrictions on behavior and overlays
The thing with Wayland and X11 is: this couldn’t really be done because of how fundamentally broken incompatible X11 is (and there is XWayland for most clients that mostly works)
Really? Like not letting apps draw over other apps? As far as I know Windows still allows that, so does even Mac OS. I don’t know who in the industry decided that screenshotting is a bad behaviour and needs to be removed but maybe they should find a new industry, like fast food line work for example.
Allowing any app unrestricted access to the input and output of any other app (like in X11) is a terrible security practice. It allows for trivially easy keyloggers and makes horizontal movement to other apps after the first has been exploited super easy.
Many people’s answer to this is “then just don’t run untrusted apps, duh”, but that is a bad take since that isn’t realistic for 99% of users. People run things like Discord or Spotify or games or Nvidia drivers all the time, not to mention random JavaScript on various websites, so the security model should be robust in the presence of that kind of behaviour. Otherwise everyone is just a single sandbox escape in the browser away from being fully compromised by malware installed with root privileges. Luckily we know better now than when X11 was designed and that is the reason for things like Bubblewrap (used in Flatpak for sandboxing), portals and the security model of Wayland.
And in the end: the people who decided this are the people actually willing to do the work to build and maintain the Linux desktop stack. If anyone knows what the right approach is, it’s them.
Nice appeal to authority. Are you referring to a formalised security model (of which I’d love to read more, if you have a link?), or the actual clipboard on your PC?
But not all interaction is equal. Access control and granularity of permissions is something X11 is sorely lacking in, which Wayland has built in. Which is why X11 is a bad fit for common treat models and Wayland is not.
Ohh, @LainTrain@lemmy.dbzer0.com said so, so it must be true! I’ll let you keep believing that while I enjoy them and watch them grow in popularity and usage, just like Wayland.
I’m referring to the actual clipboard on your PC, yes.
Don’t get me wrong ofc X is not without issues at all, but Wayland is like chopping off your arm at the elbow because you messed up some nail polish, and you arguing for it is like saying that now since you don’t have that arm anymore no one can break it, while all the other OSes watch on in horror and embarrassment as they allow all access to screen elements to any random app like god intended.
If you got malware installed it’s all over anyway. Why bother with weird screen access when you can just ransom the home partition and all personal files instead?
Without OBS, Discord, Steam, Guake, proper screenshot tools, etc. it’s not really a functional OS anymore for general use and that’s what you get with Wayland.
If Wayland fixes all the issues with it I’d happily switch, but it likely won’t since they are fundamental to it’s design and if so then the only way it will secure Linux desktops is by making no one ever use one again.
So the middleware stays the same but the underlying server changes? That’s an amazing strategy I wish Wayland did this instead of breaking damn near everything with it’s strange restrictions on behavior and overlays
The thing with Wayland and X11 is: this couldn’t really be done because of how fundamentally
brokenincompatible X11 is (and there is XWayland for most clients that mostly works)That’s what xwayland is.
Apps can talk to xwayland with the x11 protocol but instead of an X server rendering it, your Wayland compositor renders it.
The restrictions come from the fact that those x11 behaviours are exactly things the industry has decided are a bad idea and should be replaced.
Really? Like not letting apps draw over other apps? As far as I know Windows still allows that, so does even Mac OS. I don’t know who in the industry decided that screenshotting is a bad behaviour and needs to be removed but maybe they should find a new industry, like fast food line work for example.
Allowing any app unrestricted access to the input and output of any other app (like in X11) is a terrible security practice. It allows for trivially easy keyloggers and makes horizontal movement to other apps after the first has been exploited super easy.
Many people’s answer to this is “then just don’t run untrusted apps, duh”, but that is a bad take since that isn’t realistic for 99% of users. People run things like Discord or Spotify or games or Nvidia drivers all the time, not to mention random JavaScript on various websites, so the security model should be robust in the presence of that kind of behaviour. Otherwise everyone is just a single sandbox escape in the browser away from being fully compromised by malware installed with root privileges. Luckily we know better now than when X11 was designed and that is the reason for things like Bubblewrap (used in Flatpak for sandboxing), portals and the security model of Wayland.
And in the end: the people who decided this are the people actually willing to do the work to build and maintain the Linux desktop stack. If anyone knows what the right approach is, it’s them.
X11 doesn’t have to allow any app unrestricted access to any other app.
I’m a cybersec MSc and the security model you’re describing is that of the clipboard.
Apps interacting with each other is also how just about anything works on a computer since multi tasking OSes.
Flatpaks and Snaps are also DOA along with Wayland lol.
Nice appeal to authority. Are you referring to a formalised security model (of which I’d love to read more, if you have a link?), or the actual clipboard on your PC?
But not all interaction is equal. Access control and granularity of permissions is something X11 is sorely lacking in, which Wayland has built in. Which is why X11 is a bad fit for common treat models and Wayland is not.
Ohh, @LainTrain@lemmy.dbzer0.com said so, so it must be true! I’ll let you keep believing that while I enjoy them and watch them grow in popularity and usage, just like Wayland.
I’m referring to the actual clipboard on your PC, yes.
Don’t get me wrong ofc X is not without issues at all, but Wayland is like chopping off your arm at the elbow because you messed up some nail polish, and you arguing for it is like saying that now since you don’t have that arm anymore no one can break it, while all the other OSes watch on in horror and embarrassment as they allow all access to screen elements to any random app like god intended.
If you got malware installed it’s all over anyway. Why bother with weird screen access when you can just ransom the home partition and all personal files instead?
Without OBS, Discord, Steam, Guake, proper screenshot tools, etc. it’s not really a functional OS anymore for general use and that’s what you get with Wayland.
If Wayland fixes all the issues with it I’d happily switch, but it likely won’t since they are fundamental to it’s design and if so then the only way it will secure Linux desktops is by making no one ever use one again.
Yeah it’s kinda the opposite of “New interface, old implementation.”
Which I learned from https://henrikwarne.com/2024/01/10/tidy-first/