The are three use cases for X11

As the GUI for applications running on super computers, because supercomputers dont waste resource running a desktop environment, and there are no distributed desktop environments anyway. (my use case)

As the GUI for highly secure applications on government systems where no binary code goes anywhere near the users machine, and it is therefore fundamentally impossible for them to do anything to change the way it behaves, not even HTML hits that goal (government, large commercial enterprise especially banks, and many smes use case)

As the KVM interface for linux desktops, wayland and X11 are technically identical here, both use libinput for keyboard and mouse input, both rely on the same parts of mesa to interface the GPU. The main difference between them is the code quality of wayland and things built against it is absolute shite.

I honestly do not understand which of that X11 "legacy" you think wayland is displacing?

nonsense, keyboard/mouse comes over libinput for both, either you can log that or you can't - neither X11 nor wayland have any say in it.

X11 does offer the option to forward keyboard and mouse to a remote server, this is important for secure environments when by law everything someone types on a machine must be retained (citrix stuff relies heavily on this aiui), but this is optional feature not some global must always be on design mistake.

Yes the CDDC is classed as old now.​ But it will be at least until 2037 before we will have access to CDDC in the general consumer space. Highly secure government systems uses these enhanced KVMs. Yes CDDC class KVM do lock screens themselves. So ultra high security X11 broken lock screen is less of problem because something in the form of isolation KVM makes up for this weakness of those these are non portable secure systems.

Yes these highly secure systems the input from the keyboard and mouse the user is using is filtered to make sure other instructions are not being sneaked in. Closest in the consumer space find https://www.aten.com/au/en/products/...-kvm-switches/

Yes government around the world have their own custom KVM hardware for high security systems. All built the same kinds of way. These are not trusting the OS the application is running on have secure interface locking.

The list you just down is all the people who use secure KVM switches. With militarizes using using CDDC class secure KVM switches so applications running in two different domains can be on the same screen.

The problem is as KVM protocol X11 protocol has very poor network performance.

So mSparks these two points are not for X11.

So you are fine wasting resources because network connection got disrupted. Remember local xpra is no different really to running weston with RDP and rail shell other than the fact that Weston with RDP and rail shell can handle X11 and wayland applications and use less network bandwidth than xpra majority of the time.

The best protocol that exists for GUI application running remote and being displayed seamlessly on client end computer with other applications is not X11 but RDP Rail.



I have shown you this before. mSparks do look closer at the diagram. Weston RDP connects to Pirewire RDP so this has allowed audio and video and keyboard and mouse over the one connection.

Now what is the freerdp between weston and windows in that diagram for. That right for doing things like USB over RDP.

Reality the solution you are pushing is feature poor and performance poor.

I don't see Wayland protocol replacing X11 for the network case. I see X11 for the network case have it ass handed to it by RDP that is way better designed for the network case include the features users want for that use case.

Weston RDP backend with the rail-shell clearly shows this.

Of course top side of RDP winning is all the Windows users wanting to connect have OS included RDP client.

You've got that the wrong way round, its wayland and windows that can't do screensavers and lock screens, not X11. X11 has had secure screen locking as an extension (XSecureLock) even since the days when you could bypass the windows lock screen with a "secret" key combination.

Windows does require a little more work now, at least the ability to read and write rather than any old cat walking over the keyboard, but still


RDP -> remote desktop protocol, is not an option for any kind of sensitive data, it makes it possible for anyone with a login to ex filtrate all the data from the server. plus it requires the server run a desktop environment, which has only ever been a use case on machines like those run by the US OPM, the only "benefit" was facilitating sending the Chinese everyones SF86 data



Not something anyone is looking to replicate tbh.
Will there be better solutions. sure, as discussed before


Looks pretty promising. couple years in and already infinately many more products on the market than wayland has managed in a decade and a half. But that's not going to replace X11 either, just supplement it.

Unlike X11, no one is ever going to use matter or wayland for

mSparks i have to admit resistance agaist you is futile​

we all have to accept that local+native desktop does not exist and anything need to be a remote+KVM-switch terminal running X11 of course.

products like Valve Steam Deck are not allowed to exist because it is not a remote solution to render the game in the cloud with poor input lag and on the device its only allowed to show the final picture without calculating anything on the local device. we all have to accept that all the games are unplayable because of the poor input lag from sending the keyboard+mouse input over the internet to then be rendered on the cloud server and the final picture is sendet back to the device.

we all have to accept that you mSparks are the great dictator you know best we all need to bend our knee to your believe that everything need to be a Remote solution.

​

The XSecureLock does not in fact work. The developer of xscreensaver has done many write up on this point that it does not work there are many not able to be fixed bugs.

And other developers have has well.

Lets do a RDP screenlock.
RDP session logged in.
RDP server send to client please reconnect.
RDP client reconnects
RDP server connects client to lock screen session.
RDP client send what need to unlock session.
RDP server sends client please reconnect.
RDP client reconnects back to their logged in session.

Windows lock screen is the same it runs in a different session and was this way from Windows NT.

The RDP client processing a reconnect clears all it buffers. So attacker get a machine sitting on RDP lock screen nothing about the user session is there other than user name at worst.

Key thing RDP protocol does not require client connecting to maintain state.

The reality here is if XSecureLock worked lot of cases X11 desktop would pass ISO/IEC 27001 without needing to look for loopholes. Since XSecureLock does not work correctly X11 desktops don't pass ISO/IEC 27001 without using loopholes and those loopholes in ISO/IEC 27001 are being closed.

Basically mSparks you need to pull you head out the sand on this point.

First RDP does not require a running desktop environment that changes with the extensions RAIL and VAIL to the RDP protocol. The arguement that RDP requires desktop environment is out of date argument. This changes when Microsoft starts working on allowing RDP to be seamless as in just send the application windows of the application not the full desktop of course optimization equals run less and less of the desktop until you are basically running zero desktop. RAIL Shell in weston by Microsoft is not desktop environment. RDP RAIL and VAIL extensions to the RDP protocol are both designed for transferring applications without the desktop. Wayland applications due to Wayland security cannot do direct desktop actions results in Rail Shell in weston not need to emulate desktop environment stuff..


ssh is used all the time to exfiltrate data as well. So is HTTP. The only reason X11 is not on the common list of data exfiltrate is that mostly uses don't connect X11 straight to the internet and the items like http servers and ssh servers are more efficient to extract the data with.

so which of your current devices are you replacing with steamos/steam deck?

more specifically which of your X11 machines are better suited to steamos/the steam deck.

since shiney new wayland is supposed to replace X11, seems like a perfect example to give an actual example of what you mean by wayland replacing X11.

And when RHEL10 drops are you really going to be paying ~ $150 to replace steamos with RHEL10?

ISO/IEC 27001:2022 for government purchases comes a solid requirement for 2025. The 2-3 year notice bit.

mSparks you raised X11 security extensions. Remember how I said with Wayland using file handles this auto falls under selinux MLS.

Here a good one with Nvidia gpu memory management not be integrated into OS security system does any system with Nvidia GPU in fact at moment pass ISO/IEC 27001:2022. The answer is no system with Nvidia GPU in fact passes ISO/IEC 27001:2022 this does not matter if you are running windows or Linux.

Nvidia needs to fix their drivers on all platforms so their driver intergrates correctly with OS security so they pass ISO/IEC 27001:2022.

ISO/IEC 27001:2022 like it or not is a serous pain in the but mSparks. Its some of the reason why Redhat is like with RHEL wayland or bust. Losing big contracts to MS Windows would not be particularly nice.

Yes distributions that don't follow will also find themselves unable to sell to many big government contracts and companies who are contracted with government with requirement to be to particular security standards.

The broken screen locker and GPU memory not be linked to OS security have been issues that have been swept under rug over and over again. Finally cleaning under the rug is mandatory.

Yes the suggesting of doing a Wayland compositor with rootful Xwayland on top might sound kind of wrong but at least this way can have a screen locker that meets the bare min of ISO/IEC 27001:2022.

I will not be surprised is future version of ISO/IEC 27001 for screen locker requirement has that the user session and the screen locker be in independent domains/sessions like Windows/RDP screen locker is. and maybe a correctly functional SAK to bring up login screen.

This is why the idea I will just choose another distribution and I will keep on being able to use X11 like I always did does not kind of fly with me. This is zero understanding that governments are starting to get serous and mandate security items in operating systems at least somewhat work.

Oracle and Suse and Ubuntu will all most likely remove X11 bare metal to make sure they still can access government contracts if they choose not to hello loss of market share.

i do not run any X11 for many years now. and many people run a steam deck with USB-typ-C docking station to use it as desktop.

why do i need to pay for RHEL 10 if i use Fedora 39 for free ? also it looks to me IBM/REDHAT is not open-source friendly anymore.

so i would go with Suse linux for a .rpm distro ... but in the last 20 years i did run 15+ years with Debian.

why do you talk about replacing steam os with RHEL ???

honestly nothing what you say here makes any sense to me

The only company contributing to waylands development is redhat (with "awesome" contributions like this).

If people like you don't pay their salaries (my given X11 use case 3)
and people like me don't pay their salaries (my given X11 use cases 1 and 2)

Then there isn't going to be anyone around soon to contribute to waylands development

I'm sure it is, mostly because you can't just tac security on to an insecure design (like wayland or windows), I just don't care, because I've been secure by design for 20+ years.