[-] Ullebe1@lemmy.ml 1 points 8 months ago

Not even close, you're even more off base than you were before. I mean what do you even base your ridiculous statements about my opinions and perceptions on?

[-] Ullebe1@lemmy.ml 1 points 8 months ago

Not at all, seems like you're reading things into it that aren't there.

By modern distros I mean that for the newer variants of multiple large distros (Like Fedora Silverblue and its cousins, openSUSE MicroOS, etc.), even ordinary Ubuntu, Fedora and their derivatives and cousins, across the major DEs like Gnome and KDE, for all of them apps packaged like Flatpaks and Snaps have an increasingly large role.

I'm specifically not saying it's the only way to be modern or that other approaches can't have merit, I'm saying there is a clear trend among some of the largest players in the game.

I think it's dangerous to put words in other peoples mouths and then argue against those imaginary statements, and I think it's sad that you seemingly feel it's the best way to argue for what you believe in. You can do better.

[-] Ullebe1@lemmy.ml 1 points 8 months ago

The X11 connection is generally an enormous hole in such containment, but yes. Such containment definitely helps. That is why I run as many applications as possible as Flatpaks, as they employ similar countermeasures, and why they're playing an increasingly big role in modern distros.

And it's great that you're risk averse and able to avoid untrusted scripts to that degree. It's just not feasible for the general user, which is why things need to be secure even if a malicious script is mistakenly allowed to execute.

I'm not saying that that specific annoyance is a security measure. I'm saying that the whole paradigm shift that Wayland is is partially motivated by improving security. Such paradigm shifts come with paper cuts, especially in the beginning. But the rough edges are being filed down one by one. That's not to say that Wayland is the answer for everyone yet, nor that it will ever be. There'll always be exceptions. But for the vast majority of users it is, and it helps keep their systems safer than they are without it.

[-] Ullebe1@lemmy.ml 0 points 8 months ago

So I guess your question wasn't in good faith then, but just bait so you'd have an excuse to rant about things unrelated to my answer?

The security issue that Wayland helps solve has nothing to with systemd or logind, so I'll just ignore your tirade against them. If you don't want to use them, then good on you.

The issue is an inherent issue with the X11 protocol. It can be worked around, but it can't be fixed without something changing in the protocol on a fundamental level. The core premise that any client can be trusted unquestionably is broken and was broken the second browsers began running JavaScript. Not to mention all the other times most modern computers run opaque code of uncertain origins.

Keeping it simple is definitely a great basis to build a secure system upon, it just can't stand alone because of reasons like the above.

[-] Ullebe1@lemmy.ml -1 points 8 months ago

I absolutely am. Calling Wayland "something that has been broken for more than a decade" rather than "something that has been in active development for more than a decade" is also an interesting take. By that measure X.Org is "something that has been broken for almost two decades", so let's just not go there. And I'm not saying that Wayland magically makes everything secure. I'm saying that Wayland (or something like it) is a necessary step if we want a desktop that is secure. I have seen people propose something like nested sandboxed X servers with a single application for each as an alternative, but I think it's probably better to actually fix the underlying problem.

That's an interesting use case. It isn't really anything I've had a need for, so I don't know what the best way to do something like that is. If your compositor doesn't allow it, could it perhaps be possible to run as a different user in a nested compositor, like Cage or gamescope? Also, how do you sandbox the applications X11 access? If they share the same server, then a sandboxed application can just wait for you to launch a terminal and use sudo, at which point it can inject a malicious command as root.

[-] Ullebe1@lemmy.ml 1 points 8 months ago

Allowing any app unrestricted access to the input and output of any other app (like in X11) is a terrible security practice. It allows for trivially easy keyloggers and makes horizontal movement to other apps after the first has been exploited super easy.

Many people's answer to this is "then just don't run untrusted apps, duh", but that is a bad take since that isn't realistic for 99% of users. People run things like Discord or Spotify or games or Nvidia drivers all the time, not to mention random JavaScript on various websites, so the security model should be robust in the presence of that kind of behaviour. Otherwise everyone is just a single sandbox escape in the browser away from being fully compromised by malware installed with root privileges. Luckily we know better now than when X11 was designed and that is the reason for things like Bubblewrap (used in Flatpak for sandboxing), portals and the security model of Wayland.

And in the end: the people who decided this are the people actually willing to do the work to build and maintain the Linux desktop stack. If anyone knows what the right approach is, it's them.

[-] Ullebe1@lemmy.ml 1 points 8 months ago

Even people on Arch should use it. It ensures better isolation of processes and is the only supported installation method if you ever have issues.

[-] Ullebe1@lemmy.ml 1 points 10 months ago

What makes you think that? The whole point of it is to create a rustc backend that uses libgccjit instead of LLVM.

[-] Ullebe1@lemmy.ml 1 points 11 months ago

Yup, and I believe it even does it automatically if it fails to reach the desktop for a number of boots in a row.

[-] Ullebe1@lemmy.ml -1 points 1 year ago

western regimes

Lol.

[-] Ullebe1@lemmy.ml 1 points 1 year ago

IIRC the debacle about theming was:

a. Only about programs using libadwaita b. About their opinion that just overriding the global style like in GTK3 was causing too many issues in apps defining their own widgets or CSS to be worth it.

IIRC they were willing to accept a contribution of a more advanced theming system (but building it themselves was not something they wanted to prioritise over other things), but lacking that they'd rather enforce using adwaita in libadwaita.

view more: ‹ prev next ›

Ullebe1

joined 1 year ago