I'll talk a little about wayland X and arcan at the end. But first:
This is absolutely incorrect. Functionality to security lives on a sliding scale, meaning that different people might draw the line at different points in the continuum. Which is why your extreme example works. But on the other hand, the opposite extreme also works: you wouldn't like a system that you never had to login or type a password, that is functionality that we prefer to give up to have a more secure system. And then comes the next step, having a session manager, using log in cookies, or a password manager that reads your screen and connects to the Internet, then another step in one that does not connect to the Internet and does everything local, and another one that does not read your screen, then another one that needs a crypto key like a thumb drive or nfc to be connected to the computer. Etc. Even what you said about unplugging from the Internet can be desirable, however much usability is given up. Or maybe something like QubesOS, putting everything behind virtual machines.
Everything that makes a system more secure may make it the tiniest bit less usable, maybe it removes functionality, maybe it adds friction, maybe it deminishes usability. The amount of functionality and usability a given person is willing to give up, the amount of inconvenience and friction they may be willing to put up with, varies a lot.
So I completely disagree that functionality ALWAYS trumps security.
Then tto your point about mistakes and malice, just real quick, the vast majority of security issues I've seen is based on exploiting mistakes, most times multiple mistakes in a row, you know like a chain attack. I say vast majority but may even be all. Admittedly I'm not a security research, and even if I was I think it is impossible to have seen all security issues/attacks.
Now back to the topic of Wayland, Xorg/X11, and Arcan. I don't know enough to argue in favor of one or another. I know I'm perfectly willing to give up some functionality present in Xorg/X11 or whatever is the correct name for what I'm talking about. I don't need my screen server to control printing I think, I don't need my screen server to have a rendering toolkit and display environment I think. And so on.
Maybe Wayland's security model takes away some utility that is after your line in the sand, it might cross my line too, I don't know and haven't used it yet, when my distro's maintainers change it as default, I'll change over,and that's that.
The way I see the present state of display servers and protocols and compositors etc, FEELS to ME (a layman and dumbfsck) a lot like the pulseaudio times felt like. Very criticised, had performance issues, was limited compared to alsa and OSS and aRts and JACK and enlightened daemon and NAS... people argued that instead of so drastically changing everything and breaking compatibility this effort could be directed towards improving some existing system/API like ALSA. This feels a lot like people saying we should improve X, not break compatibility, be less useful than mir or X12 or Arcan or whatever.
Now, two decades later, looking from a position privileged by hindsight, I'll say that it was very good for Linux in general to go through all those years of Pulseaudio we went through. I'll also say that pipewire is the perfect replacement. Could pipewire have been made at the time, and skipped all the headaches and breaking changes and conflict around pulseaudio, and solved the problems it solves now back then? I have not the slimmest clue.
So maybe wayland gets a lot of things "wrong", even though they are trying to go slow and have every stakeholder opine on every protocol etc, so that wayland is final and makes the least amount of mistakes, maybe they get everything "right". But also maybe wayland is concentrating all of the teething issues that fixing Xorg/X11 mess requires.
And after this revolutionary change, as opposed to evolutionary, we will learn all that went wrong and get it right next time (like pipewire).
We'll see.
I do have to read a lot more on Arcan. I haven't given it the time and attention it deserves yet.
Originally posted by Weasel
View Post
Everything that makes a system more secure may make it the tiniest bit less usable, maybe it removes functionality, maybe it adds friction, maybe it deminishes usability. The amount of functionality and usability a given person is willing to give up, the amount of inconvenience and friction they may be willing to put up with, varies a lot.
So I completely disagree that functionality ALWAYS trumps security.
Then tto your point about mistakes and malice, just real quick, the vast majority of security issues I've seen is based on exploiting mistakes, most times multiple mistakes in a row, you know like a chain attack. I say vast majority but may even be all. Admittedly I'm not a security research, and even if I was I think it is impossible to have seen all security issues/attacks.
Now back to the topic of Wayland, Xorg/X11, and Arcan. I don't know enough to argue in favor of one or another. I know I'm perfectly willing to give up some functionality present in Xorg/X11 or whatever is the correct name for what I'm talking about. I don't need my screen server to control printing I think, I don't need my screen server to have a rendering toolkit and display environment I think. And so on.
Maybe Wayland's security model takes away some utility that is after your line in the sand, it might cross my line too, I don't know and haven't used it yet, when my distro's maintainers change it as default, I'll change over,and that's that.
The way I see the present state of display servers and protocols and compositors etc, FEELS to ME (a layman and dumbfsck) a lot like the pulseaudio times felt like. Very criticised, had performance issues, was limited compared to alsa and OSS and aRts and JACK and enlightened daemon and NAS... people argued that instead of so drastically changing everything and breaking compatibility this effort could be directed towards improving some existing system/API like ALSA. This feels a lot like people saying we should improve X, not break compatibility, be less useful than mir or X12 or Arcan or whatever.
Now, two decades later, looking from a position privileged by hindsight, I'll say that it was very good for Linux in general to go through all those years of Pulseaudio we went through. I'll also say that pipewire is the perfect replacement. Could pipewire have been made at the time, and skipped all the headaches and breaking changes and conflict around pulseaudio, and solved the problems it solves now back then? I have not the slimmest clue.
So maybe wayland gets a lot of things "wrong", even though they are trying to go slow and have every stakeholder opine on every protocol etc, so that wayland is final and makes the least amount of mistakes, maybe they get everything "right". But also maybe wayland is concentrating all of the teething issues that fixing Xorg/X11 mess requires.
And after this revolutionary change, as opposed to evolutionary, we will learn all that went wrong and get it right next time (like pipewire).
We'll see.
I do have to read a lot more on Arcan. I haven't given it the time and attention it deserves yet.
Comment