Announcement

Collapse
No announcement yet.

Wayland's Weston Lands A Pipewire Plug-In As New Remote Desktop Streaming Option

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #81
    Originally posted by boxie View Post
    I am not missing the point. I 100% agree with the design decisions of Wayland. What you want to do is not a supported use case.
    Hence it will forever suck since it will be missing essential features for many people. Thing is, it's not even opt-in. It's just not there.

    Originally posted by boxie View Post
    As far as I understand it (and here my understanding is a little shaky), Window managers still have control over where windows are placed on the screen, it's just the apps that are running that no longer have access to that, so maybe what you need is (instead of a bunch of hacky X11 scripts/programming) is a small Wayland Window Manager that can move the windows around as you see fit?
    A different user may not have access to query position and that's OK. If you want apps to co-exist knowing of each other obviously you have to run them under the same user. As long as it's the same user -- and access to all your files -- it's assumed trusted anyway. Querying positions is minor compared to that.

    X11 kind of sucks here since it doesn't have separation between users, but Wayland is just too overkill. An analogy would be: Imagine X11 has no firewall, while Wayland completely disables your internet connection. The former is terrible, but it's still better than no internet connection at all (even if it's "secure").

    X11 does have some security extensions to deal with this but, again, they are too overkill just like Wayland, and completely disable hardware acceleration (because omg the driver may have bugs). That's just retarded and makes them unusable and so almost nobody uses it. People designing these things really piss me off with their stupidity.

    Originally posted by boxie View Post
    Now onto the problem of trust - it is a hard one to solve.

    It used to be that you could trust everything on your computer, if you got a virus it was because you put it on there.

    Now we have lots of software on our computers that may or may not be exposed to the Internet and may or may not be exposed to the local network.

    Attack vectors are varied and many. You might have someone else on your network get owned, which allows that machine to run some RCE on everyone on the local network and suddenly you are pwned.

    So many ways to get pwned.

    We can make that harder for attackers though, which is a good thing.

    It does however break a few use cases, like yours.
    I'm a strong believer in the classic Unix way of dealing with it. Isolate apps under different user accounts if they have potential to wreck havoc. Trusted applications should have full access for anything your user has (I mean, they already access all of your files, so seriously who really cares they can't query window positions lmao -- hence why I said "pseudo" security).
    Last edited by Weasel; 07-25-2019, 07:38 AM.

    Comment


    • #82
      Originally posted by Weasel View Post
      Hence it will forever suck since it will be missing essential features for many people. Thing is, it's not even opt-in. It's just not there.
      Here we can agree to disagree I think.

      Originally posted by Weasel View Post
      A different user may not have access to query position and that's OK. If you want apps to co-exist knowing of each other obviously you have to run them under the same user. As long as it's the same user -- and access to all your files -- it's assumed trusted anyway. Querying positions is minor compared to that.

      X11 kind of sucks here since it doesn't have separation between users, but Wayland is just too overkill. An analogy would be: Imagine X11 has no firewall, while Wayland completely disables your internet connection. The former is terrible, but it's still better than no internet connection at all (even if it's "secure").

      X11 does have some security extensions to deal with this but, again, they are too overkill just like Wayland, and completely disable hardware acceleration (because omg the driver may have bugs). That's just retarded and makes them unusable and so almost nobody uses it. People designing these things really piss me off with their stupidity.
      Well, if it is the same app - it knows everything about itself!

      Your arguments against Wayland can be summerised as such:
      • It's missing a feature that I have used
      • It's not yet ready
      • I am angry about the above 2 things
      To which I say:
      • There might be different ways to achieve the same thing
      • It will be ready, DE's are shaking out the the bugs and every release gets better
      • Use this opportunity to learn something new, you might find a better solution to your problem

      Originally posted by Weasel View Post
      I'm a strong believer in the classic Unix way of dealing with it. Isolate apps under different user accounts if they have potential to wreck havoc. Trusted applications should have full access for anything your user has (I mean, they already access all of your files, so seriously who really cares they can't query window positions lmao -- hence why I said "pseudo" security).
      There is only so much you can isolate the user from themselves and the applications that they run.

      You should also change your mindset here on "trusted" applications. Assume everything is already exploited, how do you go about limiting the fallout.

      Flatpak is a good example of how we can sandbox a desktop application to potentially limit the fallout of an exploited app, not entirely sure how you would go about having a different user for every app though, that sounds quite painful to maintain/use.

      Comment


      • #83
        Originally posted by Weasel View Post
        I'm a strong believer in the classic Unix way of dealing with it. Isolate apps under different user accounts if they have potential to wreck havoc. Trusted applications should have full access for anything your user has.
        I consider classic Unix permissions to be too limited and lack granularity.

        Even Windows and Android have interesting concepts not enabled by default in most Linux distributions. I think this should change ASAP and evolve to the future.

        Originally posted by Weasel View Post
        I mean, they already access all of your files, so seriously who really cares they can't query window positions lmao -- hence why I said "pseudo" security).
        That's why better granularity should be enabled by default.

        I consider something similar to Android should be enabled by default for the end user .

        Comment


        • #84
          I get the feeling that those that say that X11 is inferior and insecure never ever sat down and tried security and remote sessions on X11. Even if you ssh to another server and forward an X11 connection, it will have a very different authorisation, and cannot grab or read your screen. If you didn't know that, it means, you never actually used X11 and are just repeating hearsay. As many of the desktop environments or applications that tried to re-invent everything because of lack of knowledge of X11.
          When comparing Netscape vs mozilla, netscape was a big winner for a long time in having correct X11 support. It took years before Mozilla even gained the same X11 support Netscape had. That's mostly due to lack of knowledge and use cases.

          Let's face it: wayland is very different from X11, needs a lot of work application and driver side before it can replace X11 as a kind of desktop.
          In very controlled environments it's a good step forward, and I mean forward as well as backwards. Forwards as in lean and mean, backwards as in a lot of X11 features being scrapped.
          You don't need X11 features in your samsung watch. And if you do need X11 features, you can start an X11-server/wayland client. Although, I doubt wayland even has a notion of a client.
          So while X11 >> wayland, in features and as such wayland can not really replace X11 for me, but I am trying to. I hope to be able to roll out POS systems based on wayland in 2 years.

          So no, X11 is not inferior, but it's like windows: it has such a big bag of legacy (9 text cut buffers vs object oriented selections has been a long pain in copy paste), it's good for most software today to revise it.

          Comment

          Working...
          X