Announcement

Collapse
No announcement yet.

X.Org Server Clears Out Remnants For Supporting Old Compilers

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Originally posted by MrCooper View Post
    Where are the corresponding CVEs?
    You don't get CVE for something that is simply available as-is and is not being prevented in any way.
    Here you don't even need to manipulate other processes memory, you can simply put your own binary in $HOME, alter $PATH and wait or induce session restart.

    Comment


    • Originally posted by mSparks View Post
      As for how xwayland, whose first release was in 2021, could have a CVE in 2015, I got no clue on that one, but it certainly fits my impression that it is broken by design.
      ​The wayland page at freedesktop.org has mentioned and links to the resources for building XWayland since at least 2012 according to the internet archive's wayback machine.

      I guess talking out of your ass is something of a specialty of yours when you get the time of release wrong by 9 years. You may want to look thing up before talking if you don't want to look like an idiot.

      Originally posted by mSparks View Post
      how dare I call 2 vulns "a few" right? rofl.
      Furthermore, your English is crap because when spelled out what you said meant; "There are multiple ones in a row from the latest on" and not "One in 2015 and then another 9 years later". Either learn to use a language properly or don't use it at all.

      English is my 3rd language so you really have no excuse here...

      Comment


      • Originally posted by mSparks View Post

        how dare I call 2 vulns "a few" right? rofl.

        As for how xwayland, whose first release was in 2021, could have a CVE in 2015, I got no clue on that one, but it certainly fits my impression that it is broken by design.
        It's because we aren't talking about a few years, it's been 12-(almost)17 years depending on what metric is used. I just got done reading an article written in 2011 about attempts to port neon to Wayland. And the funny thing is they'll try to claim it didn't even exist that far back while still calling it the future.

        Comment


        • Originally posted by L_A_G View Post
          ​The wayland page at freedesktop.org has mentioned and links to the resources for building XWayland since at least 2012 according to the internet archive's wayback machine.
          releases and their dates are here

          the first release of xwayland was 2021-02-17 17:07

          its had a point release for a new vuln set every other month since then.
          Last edited by mSparks; 23 February 2024, 03:54 PM.

          Comment


          • Originally posted by mSparks View Post

            releases and their dates are here

            the first release of xwayland was 2021-02-17 17:07

            its had a point release for a new vuln set every other month since then.
            Yeah that's true for certain, but xWayland has existed since long before then by at least a decade.

            Comment


            • Originally posted by MrCooper View Post

              The graph shows the percentage of Linux gamers using GNOME Wayland growing as well.



              ~1/8 of Linux gamers disagree. That's more users than any other DE (X or Wayland) except KDE Plasma.​
              I'm not sorry, I don't agree. Wayland sessions have so much basic functionality missing that it just feels broken. It cant remember window location, it can't support popup dialogs, it can't track curser location, etc... And I KNOW I'm not the only one to say these things to you guys. You put your head in the sand and say it works all you want but it DOES NOT. It doesn't!! And this is why people don't trust you guys. At this point it's plainly obvious that Wayland won't get fixed, will never be feature complete and will always feel broken...

              Argghhh!! This is so frustrating. You guys are -exactly- the reason why linux can't take desktop marketshare... it is waylands fault...

              EDIT: If security by obscurity was your goal then you accomplished it! Good Job!!

              EDIT: You guys and your insistence that it's just fine is exactly what's wrong with wayland and why it still doesn't work.

              EDIT: Just because 1/8th of Gnome gamers can tolerate it doesn't mean it isn't broken! It IS!!
              Last edited by duby229; 23 February 2024, 06:34 PM.

              Comment


              • Originally posted by MrCooper View Post

                Waypipe.
                anyone who recommended waypipe to you, like you, has never run it, let alone assessed its suitability for use in a production environment.

                Because those that have do not recommend it - including the author of waypipe.
                Last edited by mSparks; 23 February 2024, 10:09 PM.

                Comment


                • Originally posted by duby229 View Post

                  I'm not sorry, I don't agree. Wayland sessions have so much basic functionality missing that it just feels broken. It cant remember window location, it can't support popup dialogs, it can't track curser location, etc... And I KNOW I'm not the only one to say these things to you guys. You put your head in the sand and say it works all you want but it DOES NOT. It doesn't!! And this is why people don't trust you guys. At this point it's plainly obvious that Wayland won't get fixed, will never be feature complete and will always feel broken...

                  Argghhh!! This is so frustrating. You guys are -exactly- the reason why linux can't take desktop marketshare... it is waylands fault...

                  EDIT: If security by obscurity was your goal then you accomplished it! Good Job!!

                  EDIT: You guys and your insistence that it's just fine is exactly what's wrong with wayland and why it still doesn't work.

                  EDIT: Just because 1/8th of Gnome gamers can tolerate it doesn't mean it isn't broken! It IS!!
                  To be clear before commenting, I'm not a "pro-Wayland" kind of guy. Nor pro-x, I'm a "I trust my distro maintainers have my best interest in mind", and at some point here in these forums I even said so, saying that I have never used Wayland, but won't resist when opensuse tumbleweed updates my system to use it.


                  What I do want to say tho, is that Iwas incorrect and did not know. My desktop is huge, very performant, always up to date and I use tumbleweed. But my laptop is a 13' thinkpad that I use exclusively when I need the portability. Just this week I found out it is running Wayland. I did not know, I did not have any issues with it that made me find it out, I did not miss on any features.

                  That includes pop up notifications, window positioning (less important with a 13' screen and gnome shell extensions for tiling), etc etc. It does not include gaming, and remoting was only done with Rust desk. Another thing that I thought wouldn't work in Wayland but apparently does work and has worked for all this time, is using "barrier" to control multiple machines with a single set of peripherals.


                  So yeah, just came to say that Wayland has worked so well for me for the last couple of years that I even thought I had never tried it.

                  Comment


                  • Originally posted by duby229 View Post

                    I had a reply go to the mod queue, you'll see it eventually. It more or less said Wayland is a simple protocol, too simple. Xorg is more feature complete because of it. Wayland can't be feature complete because of it and never will be. Even MS's compositor going as far back as -Vista- is more feature complete than any Wayland compositor.

                    EDIT: Some compositor may get close to parity with the likes of Windows someday but it won't be thanks to Wayland it'll be despite it.

                    EDIT: Which brings us straight to the failure of Linux distros in the desktop marketplace... Squarely Wayland's fault. Pure and simple.
                    The failure of Linux on desktop (which is not a failure) has nothing to do with wayland or xorg, wayland is now starting to be adopted significantly by distros and the situation is the same as before. So what failure are you talking about?
                    Because if you're talking about market shares, the last statistic I saw Linux is on the rise, but let's be clear no distribution or almost no distribution aims to have more market shares, it's simply not interesting as it's not profitable, however if a company aims to the desktop market perhaps with a paid distribution, it cannot distribute software that it knows to be vulnerable, in the same way as Google cannot distribute software that it knows to be vulnerable, after which all complex software can have security bugs, but they must be corrected once once the vulnerability is discovered.
                    Those of Xorg are not security bugs, but design flaws due to when it was designed, too many years ago, when PCs were anything but.​

                    Comment


                    • Originally posted by mSparks View Post
                      releases and their dates are here
                      That's xwayland server. xwayland itself has existed since at least 2012. That's like saying that Coca Cola came out in 1985 because that's when they started selling cherry Coca Cola.

                      its had a point release for a new vuln set every other month since then.
                      Nothing there says anything about vulnerability fixes so you're back to talking out of your ass.

                      Well... At least you're being consistent...

                      Comment

                      Working...
                      X