Originally posted by mdedetrich
View Post
Announcement
Collapse
No announcement yet.
X.Org Server Hit By New Local Privilege Escalation Vulnerability
Collapse
X
-
All this talk about Rust misses the point entirely, which is that the entire concept of "privilege escalation" is a leftist conspiracy to hand over the root of our systems to Lennart Poettering and his followers of hackers on estradiol through concepts like "rootless Xorg" and "seats". Just look at the growth of search interest for this buzzterm over the past 5 years, you can't convince me this is natural:
piq0yi.png
Back in my day we would simply run everything as administrator because we were the administrator, and things just worked. To this day, the very first thing I, and any serious Ubuntu user tries when something doesn't work, is to prefix it with "sudo". It's a basic system administration skill that is taught in most quality post-secondary Linux education institutions. I believe RedHat actually offers a certificate for it.
I think we should stop trying to separate privileges and start to accept responsibility for the software we choose to run.
- Likes 3
Comment
-
Originally posted by mdedetrich View Post
Your stating that re-writing software makes it more buggy as an axiom when its an assumption. I have done entire codebase rewrites on non trivial software (10k+ LOC minimum) and the new software hasn't been noticeably buggier than the previous version. There may have been new bugs in the rewrite, but the rewrite itself may have also revealed bugs in the old version (then you have a discussion if the bug is a feature or not).
Originally posted by mdedetrich View PostAnd when specifically talking about Rust rewrites of equivalent code, there is actually opposite evidence (i.e. the rewrite has less bugs and less security issues), for example when Firefox rewrote their CSS render from C++ to Rust (which also did more than the C++ equivalent, i.e. Rust version was multicore) see https://hacks.mozilla.org/2019/02/re...onent-in-rust/. I am not saying that this is conclusive proof that a Rust rewrite will never have more bugs, but all of the current evidence does show that to a degree.
Comment
-
Originally posted by Sergey Podobry View PostThere are ways to bypass it in Rust too. I'm just advocating against blaming C++ when a memory issue is found in C code. There is no C/C++.
I believe that Wayland will not be well integrated until Vulkan is not the default render of every graphical desktop environment in Linux oses, The coexistence of two graphical stack or even three ones has hugely increased the complexity and the development work to do. Currently linux operating systems involve Xorg, XWayland and Wayland together. In my opinion that's crazy.
Another matter: how many compositors deal with Wayland? I understand the benefit of flexibility but so many projects that increase the fragmentation.
Last edited by MorrisS.; 07 February 2023, 02:55 PM.
- Likes 1
Comment
-
Ahh, seems like I got some backporting to do. My current travel laptop still runs xorg 1.20.14, because I need to maintain compatibility with the Nvidia-340.108 driver. It rocks a Core2Duo @2.53 Ghz, 8GB RAM, a 120GB SSD, the "mighty" GeForce 9400M and a new battery. Since I'm using Gentoo, it's still suprisingly usable. Opening LibreOffice takes 2 seconds and Chromium lets me scroll through websites without lag most of the time, aswell as accelerate video playback.
It's enough for some typing, shitposting on Reddit and Phoronix, Zoom, aswell as other light office work. Don't tell anyone about this herecy, but I have many applications installed as a flatpak to keep updating times shorter and I use systemd. Last full system update with distcc (helper PC uses a 5900X) took 8 hours, as the laptop can't distribute enough concurrent jobs xD.
- Likes 2
Comment
-
Originally posted by WannaBeOCer View PostI agree X.org should be replaced but not until it reaches feature parity with X.org. Last I recall color management was just introduced about 3-4 months ago with Weston 11.0 and still has a long way before it becomes stable for production use for content creators or researchers.
Originally posted by WannaBeOCer View Posthttps://gitlab.freedesktop.org/wayland/wayland-protocols/-/merge_requests/103
Comment
-
Originally posted by You- View Post
X11 does not have color management, so adding it to Wayland is not feature parity - it is going above and beyond what X11 can do. Once it is implemented and figures out in wayland someone might backport it to x11, but again its not about feature parity.
Same here, this feature is not available in x11.
- Likes 1
Comment
-
Originally posted by ClosedSource View Post
It would be irresponsible not to fix something many people use. People aren't simply going to stop using X11 because it is insecure. Hardly anyone on the planet has time to care for software security. just look at how entire countries are using unpatched old copies of Windows 10.
People don't simply interrupt their workflows to adopt more secure technologies. If it weren't for older computers having obsolete hardware or simply getting damaged, half the planet would still be using Windows XP today.
Comment
Comment