I'll talk a little about wayland X and arcan at the end. But first:

This is absolutely incorrect. Functionality to security lives on a sliding scale, meaning that different people might draw the line at different points in the continuum. Which is why your extreme example works. But on the other hand, the opposite extreme also works: you wouldn't like a system that you never had to login or type a password, that is functionality that we prefer to give up to have a more secure system. And then comes the next step, having a session manager, using log in cookies, or a password manager that reads your screen and connects to the Internet, then another step in one that does not connect to the Internet and does everything local, and another one that does not read your screen, then another one that needs a crypto key like a thumb drive or nfc to be connected to the computer. Etc. Even what you said about unplugging from the Internet can be desirable, however much usability is given up. Or maybe something like QubesOS, putting everything behind virtual machines.

Everything that makes a system more secure may make it the tiniest bit less usable, maybe it removes functionality, maybe it adds friction, maybe it deminishes usability. The amount of functionality and usability a given person is willing to give up, the amount of inconvenience and friction they may be willing to put up with, varies a lot.

So I completely disagree that functionality ALWAYS trumps security.


Then tto your point about mistakes and malice, just real quick, the vast majority of security issues I've seen is based on exploiting mistakes, most times multiple mistakes in a row, you know like a chain attack. I say vast majority but may even be all.​ Admittedly I'm not a security research, and even if I was I think it is impossible to have seen all security issues/attacks.


Now back to the topic of Wayland, Xorg/X11, and Arcan. I don't know enough to argue in favor of one or another. I know I'm perfectly willing to give up some functionality present in Xorg/X11 or whatever is the correct name for what I'm talking about. I don't need my screen server to control printing I think, I don't need my screen server to have a rendering toolkit and display environment I think. And so on.

Maybe Wayland's security model takes away some utility that is after your line in the sand, it might cross my line too, I don't know and haven't used it yet, when my distro's maintainers change it as default, I'll change over,and that's that.

The way I see the present state of display servers and protocols and compositors etc, FEELS to ME (a layman and dumbfsck) a lot like the pulseaudio times felt like. Very criticised, had performance issues, was limited compared to alsa and OSS and aRts and JACK and enlightened daemon and NAS... people argued that instead of so drastically changing everything and breaking compatibility this effort could be directed towards improving some existing system/API like ALSA. This feels a lot like people saying we should improve X, not break compatibility, be less useful than mir or X12 or Arcan or whatever.

Now, two decades later, looking from a position privileged by hindsight, I'll say that it was very good for Linux in general to go through all those years of Pulseaudio we went through. I'll also say that pipewire is the perfect replacement. Could pipewire have been made at the time, and skipped all the headaches and breaking changes and conflict around pulseaudio, and solved the problems it solves now back then? I have not the slimmest clue.

So maybe wayland gets a lot of things "wrong", even though they are trying to go slow and have every stakeholder opine on every protocol etc, so that wayland is final and makes the least amount of mistakes, maybe they get everything "right". But also maybe wayland is concentrating all of the teething issues that fixing Xorg/X11 mess requires.

And after this revolutionary change, as opposed to evolutionary, we will learn all that went wrong and get it right next time (like pipewire).

We'll see.

I do have to read a lot more on Arcan. I haven't given it the time and attention it deserves yet.

From what I remember, mentions of privileged APIs with TBD shapes still show up in some Wayland spec documents... it's just like what GNU did with their ELF implementation. Perpetually left incomplete.

To me, the problem isn't wanting to get Wayland right, it's distros like Fedora wanting to retire X11 before Wayland has finished spec-ing replacements for the user needs that X11 serves... sort of like the cluster---- that was distros pushing out KDE 4.0 despite the KDE people clearly saying it was a developer preview.

​I think (from the outside) that Wayland, largely because of xWalaynd as well, is much further along than KDE 4 was at the time.

Not to mention, Fedora, at least in the last idk 5 years or more, has been a testing ground where new tech is put to the wolves to see if it survives. Add to that EDGE that to a lot of people Wayland is almost ready, and that Fedora leadership (similar to KDE leadership and I belive GNOME also) believe that to push these final Wayland hurdles it needs widespread adoption, if nothing else just to have the rubber meet the road and having every issue rising up to the surface so it can be fixed, I can empathise with them.


I'm pretty sure my distro's maintainers will ship KDE 6 with Wayland by default some time this month. I won't complain when they do, I went rolling release for a reason and know how it can affect me. Then if something breaks I'll report it, and wish them best of luck.

As I said, I have no idea of what uses of mine Wayland hasn't specced yet. But I already delegate SO MUCH trust and choices etc to the KDE, SystemD and OpenSUSE folks, that I'm sure if they think they got it right I won't be the one to tell them otherwise. And if they didn't I trust they'll have it fixed.

I was taking XWayland into account when I made that statement. I'm talking about things which are only achievable via XWayland if you run everything inside a rootful XWayland instance and just treat Wayland as a HAL.

...a problem that's made much worse as soon as you step outside of what's enabled by GNOME or KDE via either embedding functionality or using non-standardized protocol extensions.

As the Arcan guy commented in this post:

Wayland is at least an order of magnitude less ready for use if you step outside the big DEs and I think that's why so many people who have built more customized desktops see it as a threat.

I don't know if I follow your reasoning, I'll need it explained to me like I'm five (or like I'm the dumbfsck that I am)

​You said your problem is Fedora wanting to retire X11 without having replacements for everything a X11 user is able to do. But then you say that the issue is that the big guys have it all figured out and that that is the problem, that somehow a DE or toolkit having features that others don't is a "threat", I don't know what are they threatening.

Another thing I don't understand is how would the reversal be fair, if we were to "keep" the previous "status quo", then the small guys would benefit from the big guys taking care and fixing/extending X11, when they don't want to. Not to mention that (although as I said I don't know the underlying tech at all) some features like fractional scaling and variable refresh rate and colour management and tear free experience etc, would be bigger issues much more difficult to solve under X11. So "people who have built more customised desktops" would, you know, still be behind in tech, or w/e threat they think they are under, they would depend either way on the whims of the big guys.

That's something I don't understand.

Now in Wayland they can choose a compositor that has also done the work and base their desktop on it, I don't know, if they have an issue with for example weston they may like sway or wlr or something else or make their own etc.

And I also don't understand why needing xwayland is bad. As I said I don't know enough about Arcan, but I do know that they have many solutions that fit what you said about treating Wayland as a HAL. They have things like the Waybridge and ways to adapt between being a server and a client and a compositor etc., serving as an abstraction layer between x, Wayland, both and either and Arcan. Isn't it?

Either way I got lost in your posts,aand for sure that is a me problem.

I understand where the misunderstanding was here. I was talking about how it's a bad idea to have a secure way of doing something and then providing an insecure way that bypasses it. Obviously backwards compatibility is something that needs to be considered but only to a point. I know that Windows has notably been great about that but you can't just leave a problem like that around just for reason. Either break old applications or capture attempts to use the old functions and to make them redirect to the new functions if possible.

In the case of creating global hotkeys, does portal gets you the same functionality but does it more securely. And one thing both it and Windows has over X11 is that they actually have global hotkey functionality. X11 just has an exploit that people started using for hotkeu functionality... and it's not even performant.

I'm not sure why there are people that insist that global hotkeys have some connection to compositing or windowing. The whole purpose of the feature is to bypass all that. That's why the Global Shortcuts portal works on both X11 and Wayland. It doesn't care about the window management. An application can use it without even having a window.

That's not similar to anything we're talking about though. Both screen sharing and global shortcuts provide the same functionality that you get under X11 but in a more secure way and they work in X11 and Wayland. The problem is that X11 still supports the insecure methods of doing them so malicious apps can easily get around them. All Portals does for X11 apps is provide legitimate apps an easier way to implement that functionality in a way that works in XWayland, too.

[QUOTE=Weasel;n1440705]If you write your script and now can't do things with your script then didn't you just lose control?

"[b]If[b] you write [b]your[b] script" is a big "if". How is a compositor supposed to know you wrote it?

Autohotkeys registers hotkeys with the Win32 RegisterHotKey function. You can see it in the hotkey.cpp file in it's source code.

I'm not super familiar with Arcan but from what I can tell it's not a successor to X11 at all. It's a different kind of implementation of it and Wayland. It's not like there's any Arcan apps.​

No, I'm saying that there aren't replacements for all things people want to do yet, and that the list of missing features is even longer outside GNOME and KDE.

The problem is that a lot of features aren't yet exposed via standard protocols where you can write an application that'll just work on any desktop. Instead, they're either built-in (eg. Can't write it for GNOME because there's no API to do that outside GNOME Shell itself in the name of security) or your need to implement one protocol for KDE, one for GNOME, and one for Sway and, for anything else wlroots-based, you're SOL.

I'm not talking about mere "XWayland". I'm talking about "rootful XWayland"... as in, from the perspective of applications and users, it's the same X11 as before, with the same X11 window managers and keyloggability and so on... it's just running as a single fullscreen Wayland window in a kiosk-mode compositor (i.e. attempts by other Wayland applications to connect will be rejected) in order to work around bare-metal directly-on-the-hardware X.org being sunsetted by using the Wayland compositor analogous to how your average hobby OS will only work in a VM to avoid needing to maintain a ton of drivers.

Waybridge (the Wayland support) is an Arcan app, similar to how XWayland is a Wayland app with special privileges, or how Xephyr is an X11 app, or how kwin_wayland with the X11 backend is an X11 app. There are also various utilities analogous to the various binaries that are developed as part of the X.org project.

Arcan calls its protocols SHMIF and A12.

Your thoughtfulness is commendable, but it's late. Lots of us, enthusiasts and developers, have played with Wayland-based systems for years now; long enough to appreciate the reality.

And go ahead and read the Arcan essay. But myself and others have, and while it's someone's favorite movie, to almost everyone who isn't a partisan it's just a treatise, and will never be implemented. DOA, iow. And personally I think it's solving the wrong problem; Wayland was right to yield much of the display stack.

But by all means, wait for your distro if you really have to. Or, if you have the typical Linux curiosity, fire up sway and see. It's tiny.