Announcement

Collapse
No announcement yet.

Prolific Red Hat Developer Starts Up "Wayland Itches" Project

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • xfcemint
    replied
    Originally posted by Weasel View Post
    And isolating processes from the same user has even more drawbacks.
    I disagree, but I dont want to go into details and examples since such an argument would take forever.

    Originally posted by Weasel View Post
    Maybe because I don't want my own user's processes isolated so why should the OS literally force me to?
    My solution is an option, your crap is what forces it on everyone and that's why Wayland is pure garbage.
    That's not true, in fact it is the opposite. My solution is an option, because an user can always give additional privileges to the apps so they can (partially) break isolation where it is needed.

    If isolation is not implemented, or if it is weakly implemented on OS level, then you start running into trouble, because isolating applications is complex and requires lots of features.

    In other words, process isolation is a feature. If OS has it, it can be disabled at will. If an OS doesn't have it, you are screwed.

    Originally posted by Weasel View Post
    You talk as if it's either full-on isolation or none at all. No, that's not the case. Ideally only a few apps would get isolated while the rest which are trustworthy happily co-exist.
    More precisely: Isolation consists of various aspects. On the OS side, there are OS APIs. By default, an application should be fully isolated. Then, a user can give it a network acces privilege (which makes network API available), open file privilege, a privilege to access a certain directory or even a privilege to acces the root filesystem. On display server side, unrelated to OS: desktop window privilege, maybe multiple desktop windows privilege, a mouse privilege (when mouse is above window), a fullscreen privilege and so on.

    Of course, a user is just prompted about all this once during application installation (like how you install addons in Firefox or Chrome), with a list of privileges required, and the user just has to click on a 'yes' button once.

    So, your idea about 'per-app' isolation is wrong. It has to be much more granular than that, if you want a proper process isolation.

    Of course, some applications would get 'fully confined' privileges only, in which case the app can perhaps open a window on a desktop and access stdin/stdout. No network, no filesystem access exept for a special directory for untrusted apps, with a quota for files, and also a limit on max allowed memory allocation.

    When isolation is properly implemented, as described, a user has the power to run ANYTHING whithout being scared that an app can compromize the system. You can run a closed source app, a virus, an app by a shady company, an app from Microsoft, some add-ridden shareware, an app by Russian hackers, a trojan, whatever, the user and OS is always safe.
    Last edited by xfcemint; 05-17-2019, 11:43 AM.

    Leave a comment:


  • Weasel
    replied
    Originally posted by xfcemint View Post
    Um, that is a workaround, not a real solution. Running a process as a different user has many drawbacks.
    And isolating processes from the same user has even more drawbacks.

    Originally posted by xfcemint View Post
    Or: why would an OS force me to do that?
    It doesn't force you to do anything, you isolate what you don't trust. It's an option, you have it, you use it. Apps by default should expect to synergize with other apps.

    Originally posted by xfcemint View Post
    Why doesn't an OS isolate user processes properly in the first place? Why are you insisting on a cubersome workaround, instead of just having process isolation work properly?
    Maybe because I don't want my own user's processes isolated so why should the OS literally force me to?

    My solution is an option, your crap is what forces it on everyone and that's why Wayland is pure garbage.

    Originally posted by xfcemint View Post
    Mind you, process isolation features are built both into hardware (page tables denying access to memory of other processes) and software (one process cannot snoop on network of another). Why do CPU and OS manufacturers go into lenghts to isolate processes, if it is so unimportant as you claim?
    It's not unimportant, but having processes aware of each other is equally important and essential. Maybe my workflow relies on synergy between some processes, you got a problem with that?

    Meanwhile I isolate only what I want to, as it should be. Piece of shit forced isolation that forces my hand even on processes I trust is what I despise.

    You talk as if it's either full-on isolation or none at all. No, that's not the case. Ideally only a few apps would get isolated while the rest which are trustworthy happily co-exist.

    Leave a comment:


  • ehansin
    replied
    By the way, I've been a little snarky here lately. I did find this on Xeyes, yes more than fiun and games:

    https://unix.stackexchange.com/quest...rpose-of-xeyes

    In the end, I am pulling for Wayland though, coming from a non-expert.

    Leave a comment:


  • DanL
    replied
    Originally posted by shmerl View Post
    Again, don't waste time please.
    The truth is never a waste of time. Stop wasting time with lies.
    Last edited by DanL; 05-17-2019, 05:24 AM.

    Leave a comment:


  • the_scx
    replied
    Originally posted by ehansin View Post
    Xeyes and TWM. Need I say more? Okay, XBill would be nice as well.
    Jokes aside, xeyes may be a very useful tool. Because it doesn't work over Wayland apps, you can use it to check if the selected program is running in native Wayland mode or just through XWayland.
    This information is important when you creating flatpak packages, because you have to explicitly mark Wayland access in the manifest.
    http://docs.flatpak.org/en/latest/sa...rd-permissions
    Relying on the toolkit/graphics library is simple not enough. For example, wxWidgets 3.0/3.1 apps may support native Wayland when using wxGTK3 (Gtk+3), but this is not always the case, because e.g. wxGLCanvas doesn't work with Wayland yet.
    And when we are talking about binaries, this is even less obvious. The fact that the game uses SDL2, doesn't have to mean that it will work in native Wayland mode. The same applies to the Qt5 apps.

    Leave a comment:


  • ehansin
    replied
    Xeyes and TWM. Need I say more? Okay, XBill would be nice as well.

    Leave a comment:


  • shmerl
    replied
    Originally posted by DanL View Post

    I wasn't defending Nvidia's less than ideal driver situation. I was debunking your bullshit statement(s) that Nvidia ignores Linux and doesn't support it in any way. How about if you stop wasting peoples' time with patently false statements?
    Again, don't waste time please.

    Leave a comment:


  • DanL
    replied
    Originally posted by shmerl View Post
    Then stop wasting others' time here, defending Nvidia's foul behavior.
    I wasn't defending Nvidia's less than ideal driver situation. I was debunking your bullshit statement(s) that Nvidia ignores Linux and doesn't support it in any way. How about if you stop wasting peoples' time with patently false statements?

    Leave a comment:


  • duby229
    replied
    Originally posted by miabrahams View Post

    Nvidia developers have contributed EGLStreams backends for both Mutter and KWin. In what way do they ignore Linux?
    Obviously, it's because -NOBODY- uses EGLstreams, literally it has not even -one- single opensource user. nVidia is completely alone on it. They are the -SOLE- consumer. A pre-existing and far superior solution called GBM already existed, which -literally- everyone else already uses. But using it would have required nVidia to actually implement a proper memory manager, but of course that was too much to ask from nvidia.... They would never consider -really- implementing an actual proper memory management.....
    Last edited by duby229; 05-16-2019, 12:35 PM.

    Leave a comment:


  • duby229
    replied
    Originally posted by mroche View Post

    Outside of the Wayland fiasco (EGL vs GBM) can you define NVIDIA’s broken drivers? I haven’t had a problem in several years using their driver for multiple cards on my workstation for computer graphics work (an industry where AMD GPU’s will not be making a surge in any time soon). If you’re referring to their choices of ending support for “older” hardware or refusing to open source the driver, that’s one thing. But it’s also their prerogative as a company to choose what they support and for how long. Doesn’t mean I like it, but I accept that’s the way things are for the time being. As it is on X, the stuff works great.

    Cheers,
    Mike
    Lets, start with xrender acceleration, it's really bad. Nvidia -needed- to redesign their 2d engine support decades ago and never did. By far the very slowest desktop performance of all modern hardware out there. Run any xrender benchmark for proof. The other thing is that twinview is horribly buggy, if you've evr used dual monitors on nVidia then you must be aware of it, everything from horrible unfixable tearing to fullscreen apps can only stretch across all screens. Their multimonitor support is an absolute fucking disaster. And then the most recent fiasco was the whole wayland support thing....It has so many bugs that are -decades- old, it's just stupid....

    Leave a comment:

Working...
X