Announcement

Collapse
No announcement yet.

X.Org Server Clears Out Remnants For Supporting Old Compilers

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Originally posted by L_A_G View Post
    No. Wayland was devised because X.org was found to be fundamentally lacking, not the other way around. Once it became available for use people began to encourage its use for this exact reason. You're just putting the cart before the horse the same way conspiracy theorists do.
    Actually Wayland was devised for minimalist embedded devices... How we got from there to here is an actual travesty...

    EDIT: I was here when Wayland was being discussed. I read about it with my own two eyes. Wayland was never capable of replacing xorg. It's seriously sad that it still isn't.
    Last edited by duby229; 22 February 2024, 10:36 PM.

    Comment


    • Originally posted by duby229 View Post

      Actually Wayland was devised for minimalist embedded devices... How we got from there to here is an actual travesty...

      EDIT: I was here when Wayland was being discussed. I read about it with my own two eyes. Wayland was never capable of replacing xorg. It's seriously sad that it still isn't.
      Ive not actually seen any wayland documentation even suggesting it is supposed to replace it.

      people just assumed it because they find it so hard to believe redhat 10 is going to target mobile devices and is more or less abandoning desktop/workstation PCs and servers.

      Comment


      • Originally posted by dkasak View Post
        Gnome - no, not really. Enlightenment is much snappier under wayland. Unfortunately development appears to have stalled, and there are some corner-case bugs still with wayland support. But it's very noticabely more smooth - eg more fluid animations, more instant responses to inputs.
        That's good to know if you are into Enlightenment that you could get a speed boost from running Wayland. I've never more than tried Bodhi for a few minutes and it's not really my thing, but it's a good idea to keep track of what they are doing as they've always been very innovative.

        Comment


        • Originally posted by Daktyl198 View Post
          X.org is forked from XFree86. Again, PLEASE read up on your history.
          I am fully aware of what I'm telling, one way or another. It's wayland fans, who need to decide:
          - either you claim that the X developers are capable to run new project and make better decisions, but then - why did they failed so hard in X (I'm talking about "bad quality codebase", not protocol deficiencies)?
          - or you should not raise an argument, that wayland is made by X developers - if it's not their fault, then it's not their code

          but then I make an argument, that they were incapable of developing X codebase, while previous maintainers did this for years.

          Therefore - one way, or another, I see no reasons to trust these people.
          So what is your trust in them based upon - and how can it be rooted in X failures?

          As for developers, the one off the top of my head is Daniel Stone. He joined XFree86 in 2002 and joined X.org in 2004, so not early 90s but also joined the X project 22 years ago (7 years before Wayland was proposed). I've not searched through the latest git issues to see how active he is now, but he was a core member (maintainer of XKB) [...]
          Yep, the "breaking security since 2010" guy again. Seriously, what kind of "maintainer of XKB" didn't see this coming?!

          Do you see my point now? This guy is responsible for severe security issue in X11, being a maintainer who introduced this obvious bug, and today you rely on him, creating "more secure" environment?

          There are other old hat X maintainers that approved of and helped the move to Wayland,

          So back to square one - name some. How could anyone interested possibly verify their qualifications, if you're pointing them so vaguely?

          Either you have some arguments, or you don't.

          he's just the first I think of because I remember his talk.
          Oh, I see. In 21st century we call such people "celebrities". And guess what - their fame doesn't mean anything at all.
          Last edited by gotar; 23 February 2024, 04:23 AM.

          Comment


          • Originally posted by L_A_G View Post
            FYI; In just the last decade X.org has had 37 code execution, 11 privilege escalation, 30 denial of service, 2 authentication bypasses and 5 information leak vulnerabilities and those are just the ones with registered CVE's.
            And at least one of them (CVE-2012-0064 - OK, older than decade) was introduced by top anti-X11 evangelist Daniel Stone.

            Comment


            • Originally posted by MrCooper View Post
              the isolation between a Wayland compositor and its clients is mostly the same as between an X server and its clients, so any claim you make about the former applies to the latter as well.​
              No it's not. X client might be running on physically different machine. Not to mention that rootful X server cannot be backdoored by malicious user process without compromising entire system, while Wayland compositor can be easily.

              Yes, there's Waypipe, which is mostly equivalent to SSH X forwarding. [...]That works exactly the same in a Wayland session.​
              No and again, much smaller isolation. Running app through Waypipe requires the remote client to run entire session remotely. In X11 I can run client alone.

              Daniel is still one of the core Wayland developers.
              Is he still planting security bugs?
              I wonder, how many of Xorg CVE were actually authored by current Wayland developers...

              Comment


              • Originally posted by MrCooper View Post
                I can't see GNOME ever allowing X keyloggers to spy on Wayland clients. The proper solution for global shortcuts is the corresponding portal.​
                I agree with you in principle, but I'm sure there are cases where this enables the use of a Wayland session for users who would otherwise be forced to stick with X11. Stopgap solutions like this are not a bad thing in my opinion.

                Comment


                • Originally posted by mSparks View Post
                  yet for some reason you prefer to sweep under the rug that the last few all came from xwayland.
                  Last few? Its literally just one from 2024 and one from 2015. If you're going to claim things like that at least do your background research properly or don't make stuff up.

                  Which doesn't also reflect all that well on X when its so insecure emulating it causes security vulnerabilities.

                  Comment


                  • Originally posted by duby229 View Post

                    So thats something. It's higher than I expected and growth seems to be driven pretty much exclusively by Plasma...
                    The graph shows the percentage of Linux gamers using GNOME Wayland growing as well.

                    Gnome's wayland session just isn't usable
                    ~1/8 of Linux gamers disagree. That's more users than any other DE (X or Wayland) except KDE Plasma.​

                    Originally posted by gotar View Post

                    No it's not. X client might be running on physically different machine.
                    As can a Wayland client via Waypipe. Just like the X client running via SSH X forwarding.

                    The direct connection between the display server and its client is a local socket in both cases.

                    Not to mention that rootful X server cannot be backdoored by malicious user process without compromising entire system,
                    That's false. The fact that the X server runs as the root user doesn't magically prevent a client from exploiting its security holes. On the contrary, it means any code execution exploit gets privilege escalation as a bonus.

                    while Wayland compositor can be easily.
                    Where are the corresponding CVEs?

                    No and again, much smaller isolation.
                    It's literally exactly the same between Xwayland/Xorg and the X client. The difference is that with Xorg, every client can spy on every other client. With Xwayland, X clients can only spy on each other, not on Wayland clients.

                    Running app through Waypipe requires the remote client to run entire session remotely. In X11 I can run client alone.
                    False again, Waypipe allows running individual clients, same as SSH X forwarding. I'm using it every day, the same way I used SSH X forwarding before.

                    Comment


                    • Originally posted by L_A_G View Post

                      Last few? Its literally just one from 2024 and one from 2015. If you're going to claim things like that at least do your background research properly or don't make stuff up.

                      Which doesn't also reflect all that well on X when its so insecure emulating it causes security vulnerabilities.
                      how dare I call 2 vulns "a few" right? rofl.

                      As for how xwayland, whose first release was in 2021, could have a CVE in 2015, I got no clue on that one, but it certainly fits my impression that it is broken by design.

                      Comment

                      Working...
                      X