Re: [DNG] What do you think of Wayland?
On Sun, Jul 14, 2019 at 01:19:37PM +0200, Martin Steigerwald wrote: > Joel Roth via Dng - 13.07.19, 01:24: > > On Fri, Jul 12, 2019 at 11:36:17PM +0200, Dr. Nikolaus Klepp wrote: > > > Anno domini 2019 Fri, 12 Jul 13:53:20 -0400 > > > > > > Steve Litt scripsit: > […] > > > Dont know if wayland is compatible to anything not gnome. But I'm > > > not verry eger to try. > > It sure is. Plasma developers are working on Wayland support since > almost as long as GNOME developers. There are still things to solve, but > they got quite far already. > > > Why throw-away a protocol stack that solves the problem? Why > > not just fix X? Keith Packard and the xorg team did a remarkable job > > of modularizing X, why not build on that? Of course anyone has > > the freedom to re-architect something, and perhaps > > network transparency will be neatly solved. I for one > > don't need to be their bug tester. I've scarcely noticed > > anything with X to complain about. > > While it is true that X11 usually just works these days, I do believe it > would be challenging to fix some of the most severe issues with it. Most > notably: > > Security of X11 is a complete mess. A complete disaster. Not > surprisingly so: Security has not been much of an issue as X11 was > invented¹. X11 Clients can do *anything*. They see all of the screen, > they can receive all of the keyboard input and… so… on… The network > layer is completely unencrypted. SSH X11 forwarding requires a lot of > trust between client and server and so on. I believe fixing it would > involve inventing a new protocol and re-implement it all from scratch. > > From what I have read and seen security in X11 is broken beyond repair. > [1] Martin Flöser, Why screen lockers on X11 cannot be secure For me, at least this is not an issue, as I don't use a screen locker. > http://blog.martin-graesslin.com/blog/2015/01/why-screen-lockers-on-x11-cannot-be-secure/ > > Some of the issues with SSH X11 forwarding: > > https://security.stackexchange.com/questions/14815/security-concerns-with-x11-forwarding There is some danger is remoting to a malicious server, although the X11 SECURITY extension helps somewhat. > Or in more depth than I looked into (I did not watch the whole video): > > X Security, It's worse than it looks, Ilja van Sprundel > https://media.ccc.de/v/30C3_-_5499_-_en_-_saal_1_-_201312291830_-_x_security_-_ilja_van_sprundel This presentation is great. After reviewing a lot of the X client and X server code, he says that there are 10x as many bugs in glx (the X extension that enables X to use the GPU via the opengl API) as in the rest of X. That's interesting because glx is a newer part of X and also because the group responsible for glx are our friends at freedesktop.org. -- Joel Roth "Welcome to the World Heat Bank, where we store your waste energy and return it with interest." ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What do you think of Wayland?
Martin Steigerwald - 14.07.19, 13:19: > > And here from askubuntu[3]: > > > > Wayland is a lot less complex than X which should make it > > easier to maintain - although some of this simplicity comes > > from pushing the complexity (eg: how to actually draw onto > > that buffer, network transparency) to other layers of the > > stack. By making clients responsible for all of their > > rendering the clients can be smarter about things things > > like double-buffering. > > > > Existing xclients will not work, and although those based > > on GTK+ or Qt *may* be supported in future. > > Both GTK and Qt have Wayland support since some time already. Also there is XWayland for X11 clients that have not yet been ported to Wayland. That is basically X11 on Wayland. It has the same issues as X11 itself, but it allows to run programs that use X11. I bet it would be required for quite some time. -- Martin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What do you think of Wayland?
Joel Roth via Dng - 13.07.19, 01:24: > On Fri, Jul 12, 2019 at 11:36:17PM +0200, Dr. Nikolaus Klepp wrote: > > Anno domini 2019 Fri, 12 Jul 13:53:20 -0400 > > > > Steve Litt scripsit: […] > > Dont know if wayland is compatible to anything not gnome. But I'm > > not verry eger to try. It sure is. Plasma developers are working on Wayland support since almost as long as GNOME developers. There are still things to solve, but they got quite far already. > Why throw-away a protocol stack that solves the problem? Why > not just fix X? Keith Packard and the xorg team did a remarkable job > of modularizing X, why not build on that? Of course anyone has > the freedom to re-architect something, and perhaps > network transparency will be neatly solved. I for one > don't need to be their bug tester. I've scarcely noticed > anything with X to complain about. While it is true that X11 usually just works these days, I do believe it would be challenging to fix some of the most severe issues with it. Most notably: Security of X11 is a complete mess. A complete disaster. Not surprisingly so: Security has not been much of an issue as X11 was invented¹. X11 Clients can do *anything*. They see all of the screen, they can receive all of the keyboard input and… so… on… The network layer is completely unencrypted. SSH X11 forwarding requires a lot of trust between client and server and so on. I believe fixing it would involve inventing a new protocol and re-implement it all from scratch. From what I have read and seen security in X11 is broken beyond repair. [1] Martin Flöser, Why screen lockers on X11 cannot be secure http://blog.martin-graesslin.com/blog/2015/01/why-screen-lockers-on-x11-cannot-be-secure/ Some of the issues with SSH X11 forwarding: https://security.stackexchange.com/questions/14815/security-concerns-with-x11-forwarding Or in more depth than I looked into (I did not watch the whole video): X Security, It's worse than it looks, Ilja van Sprundel https://media.ccc.de/v/30C3_-_5499_-_en_-_saal_1_-_201312291830_-_x_security_-_ilja_van_sprundel Just search for "X11 security" to get an idea about the how messed up X11 security is. > Quoting wikipedia again[2] > > Unlike most earlier display protocols, X was > specifically designed to be used over network > connections rather than on an integral or attached > display device. Using X11 over network is what all modern distros disable by default. For a reason. Its as insecure as it can get. > And here from askubuntu[3]: > > Wayland is a lot less complex than X which should make it > easier to maintain - although some of this simplicity comes > from pushing the complexity (eg: how to actually draw onto > that buffer, network transparency) to other layers of the > stack. By making clients responsible for all of their > rendering the clients can be smarter about things things > like double-buffering. > > Existing xclients will not work, and although those based > on GTK+ or Qt *may* be supported in future. Both GTK and Qt have Wayland support since some time already. > To paraphrase in doggerl: > > Wayland's like a step back > counting on a future hack. I do not consider that to be an accurate description of the situation. Thanks, -- Martin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What do you think of Wayland?
Hi Steve. Steve Litt - 12.07.19, 19:53: > What do you think of Wayland? I hear Buster now defaults to Wayland. > > I've always been under the impression that Wayland is just another > overly complexified mess from Redhat and Freedesktop.org. I do not share that view. For me rather X11 todays is that overly complexified mess. And it has a huge ton of security issues too. So for example an application can see the whole screen and receive *all* keyboard input. From what I learned it would be trivial under X11 to make a keylogger app with a hidden window. Wayland has a much tighter security. For me it is not black and white. Not everything coming *through* Red Hat and Freedesktop.org is a mess. I did my own tests with Plasma on Wayland every now and then. So far it did basically worked but it was not quite round and polished for me. Plasma developers are still working on it. It is a huge change. I am also reading about Pipewire which may replace Pulseaudio and at least for some uses Jack for multimedia purposes. Coming from Red Hat as well, they like will use Systemd to start it, but who knows, I did not check it so far. Thanks, -- Martin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What do you think of Wayland?
On Fri, Jul 12, 2019 at 11:36:17PM +0200, Dr. Nikolaus Klepp wrote: > Anno domini 2019 Fri, 12 Jul 13:53:20 -0400 > Steve Litt scripsit: > > Hi all, > > > > What do you think of Wayland? I hear Buster now defaults to Wayland. > Another step in windosification of linux. It seems obvious that big players would have a powerful motivations to influence the software that millions of people run. It is one of the alternatives for explaining the famous bug in Debian's pseudorandom number generator. Here's a good write up with incisive comments. https://freedom-to-tinker.com/2013/09/20/software-transparency-debian-openssl-bug/ > Has the > "middle-mousebutton-press does not copy text" been fixed > at last? > Can it do display over network now? No, but one of the proposals is to do it the way X does. Quote from Wikipedia:[1] Initial versions of Wayland have not provided network transparency, though Høgsberg noted in 2010 that network transparency is possible.[12] It was attempted as a Google Summer of Code project in 2011, but was not successful.[13] Adam Jackson has envisioned providing remote access to a Wayland application by either "pixel-scraping" (like VNC) or getting it to send a "rendering command stream" across the network (as in RDP, SPICE or X11).[14] As of early 2013, Høgsberg is experimenting with network transparency using a proxy Wayland server which sends compressed images to the real compositor.[15][16] In August 2017, GNOME saw the first such pixel-scraping VNC server implementation under Wayland.[17] ISTR hearing assertions early on that network transparency was not a priority for the Wayland project, and thinking that it didn't seem like a good direction. > Dont know if wayland is compatible to anything not gnome. But I'm not verry > eger to try. Why throw-away a protocol stack that solves the problem? Why not just fix X? Keith Packard and the xorg team did a remarkable job of modularizing X, why not build on that? Of course anyone has the freedom to re-architect something, and perhaps network transparency will be neatly solved. I for one don't need to be their bug tester. I've scarcely noticed anything with X to complain about. Quoting wikipedia again[2] Unlike most earlier display protocols, X was specifically designed to be used over network connections rather than on an integral or attached display device. And here from askubuntu[3]: Wayland is a lot less complex than X which should make it easier to maintain - although some of this simplicity comes from pushing the complexity (eg: how to actually draw onto that buffer, network transparency) to other layers of the stack. By making clients responsible for all of their rendering the clients can be smarter about things things like double-buffering. Existing xclients will not work, and although those based on GTK+ or Qt *may* be supported in future. To paraphrase in doggerl: Wayland's like a step back counting on a future hack. Those less geeky won't think twice Hearing all is new and nice. They'd be more choosy what they run Knowing who's behind the fun 1. https://en.wikipedia.org/wiki/Wayland_(display_server_protocol) 2. https://en.wikipedia.org/wiki/X_Window_System 3. https://askubuntu.com/questions/11537/why-is-wayland-better -- Joel Roth "Welcome to the World Heat Bank, where we store your waste energy and return it with interest." ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What do you think of Wayland?
Anno domini 2019 Fri, 12 Jul 13:53:20 -0400 Steve Litt scripsit: > Hi all, > > What do you think of Wayland? I hear Buster now defaults to Wayland. Another step in windosification of linux. Has the "middle-mousebutton-press does not copy text" been fixed at last? Can it do display over network now? > I've always been under the impression that Wayland is just another > overly complexified mess from Redhat and Freedesktop.org. Dont know if wayland is compatible to anything not gnome. But I'm not verry eger to try. Nik > > SteveT > > Steve Litt > July 2019 featured book: Troubleshooting Techniques > of the Successful Technologist > http://www.troubleshooters.com/techniques > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > -- Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ... ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What do you think of Wayland?
On Fri, 12 Jul 2019 13:53:20 -0400 Steve Litt wrote: > What do you think of Wayland? I hear Buster now defaults to Wayland. I had been waiting for it to come out into mainstream use for some time, because of its supposed solutions to video playback screen tearing issues. I've always assumed Devuan will eventually adopt it. > ... overly complexified mess from Redhat ... Aw shit.. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] What do you think of Wayland?
Hi all, What do you think of Wayland? I hear Buster now defaults to Wayland. I've always been under the impression that Wayland is just another overly complexified mess from Redhat and Freedesktop.org. SteveT Steve Litt July 2019 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng