Ubuntu's X.Org Session Support Now Split Into Separate Package

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • Weasel
    Senior Member
    • Feb 2017
    • 4440

    #11
    Originally posted by duby229 View Post
    Oh yeah, and in fact they'll tell you it's a great feature! Apparently apps aren't supposed to know where they are or what they look like. Apps can be drawn totally off screen for example...

    They'll have you believe that they intended it to be this way, but I guarantee you it was actually the fact that these consequences of being overly simple were never even considered at all...

    It's not hard to remember the fact that Wayland couldn't even support minimize and the argument was that is how it should be. And then it took literally a decade to fix it...Yeah, minimize!!!

    Wayland has at least a hundred other examples like this, no shit ..
    I guess you can be smart when you want to be. No sarcasm.

    Comment

    • skeevy420
      Senior Member
      • May 2017
      • 8555

      #12
      Originally posted by duby229 View Post

      If the compositor had a mechanism to make the app aware of the current screen layout then that wouldn't even be a problem... And once again the problem here is that Wayland is too simplistic...

      It can't do something that literally everything everywhere does for everyone and then somehow that is anyone else's fault...
      Except that apps don't need to know any of that. That only thing that does need to know any of that is what is drawing the app. The Window Manager. Apps being able to get that kind of information is how "they" can fingerprint your system with open metadata. All an app needs to know is how big of an area it has to draw on. For a real-world example of this, Tor Browser intentionally doesn't draw windows to the system's specs to make it harder for web sites to identify and track you based on your screen size and layout. Even if you're secured, isolated, and sandboxed, screen information is freely shared from browser to site in order to render up content and that can be used to identify you (panel layouts, WM padding, theme padding, etc leave their own little traces). Do websites need to know all of that about your system or do they just need to know how much space they have to work with?

      The more apps are given to work with, the more exploitable you are. Delegating functionality away from apps and over to window managers means that apps that may interact with 3rd parties have less information for those 3rd parties to potentially exploit.

      Comment

      • Weasel
        Senior Member
        • Feb 2017
        • 4440

        #13
        Originally posted by skeevy420 View Post
        Except that apps don't need to know any of that. That only thing that does need to know any of that is what is drawing the app. The Window Manager. Apps being able to get that kind of information is how "they" can fingerprint your system with open metadata.
        SANDBOXED apps don't need to know any of that.

        Not all fucking apps are sandboxed.

        Ever thought I WANT to be "fingerprinted" by some apps?

        Like... my own app (script) which automates my life?

        Literally stop fucking talking in app devs' names. You're not their freaking mom.

        Comment

        • Serafean
          Senior Member
          • Dec 2011
          • 614

          #14
          Originally posted by Weasel View Post
          And who the fuck are you to decide that?

          Did you ask "99%" of app devs?
          A privacy conscious developer. If an app knows where it is drawn, that implies it knows about monitor resolution,size and screen configuration. That's a fingerprinting technique right there.
          The only program I know of (ignoring desktop shells) that I see having a legitimate case for knowing screen configuration is yakuake (drop down terminals/things in general) That's the 1%.

          Comment

          • Serafean
            Senior Member
            • Dec 2011
            • 614

            #15
            Originally posted by Weasel View Post
            SANDBOXED

            Like... my own app (script) which automates my life?
            Yeah, that's where compositor scripting comes into play. For instance https://develop.kde.org/docs/plasma/kwin/

            Comment

            • Shiba
              Senior Member
              • Jul 2013
              • 273

              #16
              Does this mean that I can also completely wipe out Wayland when using Xorg?

              Comment

              • duby229
                Senior Member
                • Nov 2007
                • 7778

                #17
                Originally posted by skeevy420 View Post

                Except that apps don't need to know any of that. That only thing that does need to know any of that is what is drawing the app. The Window Manager. Apps being able to get that kind of information is how "they" can fingerprint your system with open metadata. All an app needs to know is how big of an area it has to draw on. For a real-world example of this, Tor Browser intentionally doesn't draw windows to the system's specs to make it harder for web sites to identify and track you based on your screen size and layout. Even if you're secured, isolated, and sandboxed, screen information is freely shared from browser to site in order to render up content and that can be used to identify you (panel layouts, WM padding, theme padding, etc leave their own little traces). Do websites need to know all of that about your system or do they just need to know how much space they have to work with?

                The more apps are given to work with, the more exploitable you are. Delegating functionality away from apps and over to window managers means that apps that may interact with 3rd parties have less information for those 3rd parties to potentially exploit.
                I totally disagree, I'm sorry man...

                I'd like to know what moron decided that all UI elements had to be drawn by the compositor on the freaking title bar of all things and application elements had to be nothing but variations on white space!?

                SSD is a seriously stupid concept.

                EDIT: Don't you think it should be the applications choice of how it looks and what it does and how it does it?

                EDIT: It's a huge part of the reason that Gnome has become so worthless. It has so many apps with no function at all. They just draw white space!!

                EDIT: Well, of course it can't be exploited, it's nothing, it's just white space!!

                EDIT: I guess replacing all functionality and capability with nothing at all is a good way to secure a system.

                I guess have fun with your blank spaces...
                Last edited by duby229; 16 August 2024, 10:25 AM.

                Comment

                • skeevy420
                  Senior Member
                  • May 2017
                  • 8555

                  #18
                  Originally posted by Weasel View Post
                  SANDBOXED apps don't need to know any of that.

                  Not all fucking apps are sandboxed.

                  Ever thought I WANT to be "fingerprinted" by some apps?

                  Like... my own app (script) which automates my life?

                  Literally stop fucking talking in app devs' names. You're not their freaking mom.
                  And, yet, even sandboxed apps can still fingerprint your system based on that kind of information. Anything that can connect to the internet can fingerprint you. That's especially true when the WM is based on X.org where a lot of system information is freely shared because it was from a time when we weren't always connected so security first wasn't paramount.

                  Would it have been better if I had simply said "Apps, by default, don't need to know any of that"?

                  Like... something local, custom written, and can potentially be ran as root? *ouch* I strained my eyes rolling them so hard at that one.

                  Comment

                  • skeevy420
                    Senior Member
                    • May 2017
                    • 8555

                    #19
                    Originally posted by duby229 View Post

                    I totally disagree, I'm sorry man...

                    I'd like to know what moron decided that all UI elements had to be drawn by the compositor on the freaking title bar of all things and application elements had to be nothing but variations on white space!?

                    SSD is a seriously stupid concept.
                    I feel that way about CSD. What moron decided that apps should draw title bars?

                    Comment

                    • varikonniemi
                      Senior Member
                      • Jan 2012
                      • 1070

                      #20
                      Originally posted by duby229 View Post
                      Oh yeah, and in fact they'll tell you it's a great feature! Apparently apps aren't supposed to know where they are or what they look like. Apps can be drawn totally off screen for example...

                      They'll have you believe that they intended it to be this way, but I guarantee you it was actually the fact that these consequences of being overly simple were never even considered at all...

                      It's not hard to remember the fact that Wayland couldn't even support minimize and the argument was that is how it should be. And then it took literally a decade to fix it...Yeah, minimize!!!

                      Wayland has at least a hundred other examples like this, no shit ..
                      Apps should have no power to decide where they draw. It's the job of the DE to remember the window positions.

                      Might be hard to understand under gnome, but under KDE you can set the window settings for all apps individually. And i think when using wayland, they are set automatically to where you left them last time the app was closed.
                      Last edited by varikonniemi; 16 August 2024, 10:25 AM.

                      Comment

                      Working...
                      X