:: Re: [DNG] What do you think of Wayl…
Top Page
Delete this message
Reply to this message
Author: Martin Steigerwald
Date:  
To: dng
Subject: Re: [DNG] What do you think of Wayland?
Joel Roth via Dng - 13.07.19, 01:24:
> On Fri, Jul 12, 2019 at 11:36:17PM +0200, Dr. Nikolaus Klepp wrote:
> > Anno domini 2019 Fri, 12 Jul 13:53:20 -0400
> >
> > Steve Litt scripsit:

[…]
> > Dont know if wayland is compatible to anything not gnome. But I'm
> > not verry eger to try.


It sure is. Plasma developers are working on Wayland support since
almost as long as GNOME developers. There are still things to solve, but
they got quite far already.

> Why throw-away a protocol stack that solves the problem? Why
> not just fix X? Keith Packard and the xorg team did a remarkable job
> of modularizing X, why not build on that? Of course anyone has
> the freedom to re-architect something, and perhaps
> network transparency will be neatly solved. I for one
> don't need to be their bug tester. I've scarcely noticed
> anything with X to complain about.


While it is true that X11 usually just works these days, I do believe it
would be challenging to fix some of the most severe issues with it. Most
notably:

Security of X11 is a complete mess. A complete disaster. Not
surprisingly so: Security has not been much of an issue as X11 was
invented¹. X11 Clients can do *anything*. They see all of the screen,
they can receive all of the keyboard input and… so… on… The network
layer is completely unencrypted. SSH X11 forwarding requires a lot of
trust between client and server and so on. I believe fixing it would
involve inventing a new protocol and re-implement it all from scratch.

From what I have read and seen security in X11 is broken beyond repair.


[1] Martin Flöser, Why screen lockers on X11 cannot be secure

http://blog.martin-graesslin.com/blog/2015/01/why-screen-lockers-on-x11-cannot-be-secure/

Some of the issues with SSH X11 forwarding:

https://security.stackexchange.com/questions/14815/security-concerns-with-x11-forwarding

Or in more depth than I looked into (I did not watch the whole video):

X Security, It's worse than it looks, Ilja van Sprundel
https://media.ccc.de/v/30C3_-_5499_-_en_-_saal_1_-_201312291830_-_x_security_-_ilja_van_sprundel

Just search for "X11 security" to get an idea about the how messed up
X11 security is.

> Quoting wikipedia again[2]
>
>     Unlike most earlier display protocols, X was
>     specifically designed to be used over network
>     connections rather than on an integral or attached
>     display device.


Using X11 over network is what all modern distros disable by default.

For a reason.

Its as insecure as it can get.

> And here from askubuntu[3]:
>
>     Wayland is a lot less complex than X which should make it
>     easier to maintain - although some of this simplicity comes
>     from pushing the complexity (eg: how to actually draw onto
>     that buffer, network transparency) to other layers of the
>     stack. By making clients responsible for all of their
>     rendering the clients can be smarter about things things
>     like double-buffering.

>
> Existing xclients will not work, and although those based
> on GTK+ or Qt *may* be supported in future.


Both GTK and Qt have Wayland support since some time already.

> To paraphrase in doggerl:
>
> Wayland's like a step back
> counting on a future hack.


I do not consider that to be an accurate description of the situation.

Thanks,
--
Martin