So I guess your question wasn’t in good faith then, but just bait so you’d have an excuse to rant about things unrelated to my answer?
The security issue that Wayland helps solve has nothing to with systemd or logind, so I’ll just ignore your tirade against them. If you don’t want to use them, then good on you.
The issue is an inherent issue with the X11 protocol. It can be worked around, but it can’t be fixed without something changing in the protocol on a fundamental level. The core premise that any client can be trusted unquestionably is broken and was broken the second browsers began running JavaScript. Not to mention all the other times most modern computers run opaque code of uncertain origins.
Keeping it simple is definitely a great basis to build a secure system upon, it just can’t stand alone because of reasons like the above.
What would js be able to do out of firejail or other such forms of containment?
I only allow js for very specific sites, and most that you can’t do without I just do without. I am not that worried about security though, it is just an exercise.
I use seatd with wayland but it can be compiled without it too. My main issue is as I said, I can’t just run “sudo -u user2 leafpad” for example, you say it is a security measure, I say it is an inconvenience.
The X11 connection is generally an enormous hole in such containment, but yes. Such containment definitely helps. That is why I run as many applications as possible as Flatpaks, as they employ similar countermeasures, and why they’re playing an increasingly big role in modern distros.
And it’s great that you’re risk averse and able to avoid untrusted scripts to that degree. It’s just not feasible for the general user, which is why things need to be secure even if a malicious script is mistakenly allowed to execute.
I’m not saying that that specific annoyance is a security measure. I’m saying that the whole paradigm shift that Wayland is is partially motivated by improving security. Such paradigm shifts come with paper cuts, especially in the beginning. But the rough edges are being filed down one by one. That’s not to say that Wayland is the answer for everyone yet, nor that it will ever be. There’ll always be exceptions. But for the vast majority of users it is, and it helps keep their systems safer than they are without it.
Not at all, seems like you’re reading things into it that aren’t there.
By modern distros I mean that for the newer variants of multiple large distros (Like Fedora Silverblue and its cousins, openSUSE MicroOS, etc.), even ordinary Ubuntu, Fedora and their derivatives and cousins, across the major DEs like Gnome and KDE, for all of them apps packaged like Flatpaks and Snaps have an increasingly large role.
I’m specifically not saying it’s the only way to be modern or that other approaches can’t have merit, I’m saying there is a clear trend among some of the largest players in the game.
I think it’s dangerous to put words in other peoples mouths and then argue against those imaginary statements, and I think it’s sad that you seemingly feel it’s the best way to argue for what you believe in. You can do better.
You have a very narrow perception of what a linux distribution/system should be, and that is a heavily commercial windows/macos alternative for people who deny reading.
That audience makes total crap popular!
Not even close, you’re even more off base than you were before. I mean what do you even base your ridiculous statements about my opinions and perceptions on?
So I guess your question wasn’t in good faith then, but just bait so you’d have an excuse to rant about things unrelated to my answer?
The security issue that Wayland helps solve has nothing to with systemd or logind, so I’ll just ignore your tirade against them. If you don’t want to use them, then good on you.
The issue is an inherent issue with the X11 protocol. It can be worked around, but it can’t be fixed without something changing in the protocol on a fundamental level. The core premise that any client can be trusted unquestionably is broken and was broken the second browsers began running JavaScript. Not to mention all the other times most modern computers run opaque code of uncertain origins.
Keeping it simple is definitely a great basis to build a secure system upon, it just can’t stand alone because of reasons like the above.
What would js be able to do out of firejail or other such forms of containment?
I only allow js for very specific sites, and most that you can’t do without I just do without. I am not that worried about security though, it is just an exercise.
I use seatd with wayland but it can be compiled without it too. My main issue is as I said, I can’t just run “sudo -u user2 leafpad” for example, you say it is a security measure, I say it is an inconvenience.
@Ullebe1
The X11 connection is generally an enormous hole in such containment, but yes. Such containment definitely helps. That is why I run as many applications as possible as Flatpaks, as they employ similar countermeasures, and why they’re playing an increasingly big role in modern distros.
And it’s great that you’re risk averse and able to avoid untrusted scripts to that degree. It’s just not feasible for the general user, which is why things need to be secure even if a malicious script is mistakenly allowed to execute.
I’m not saying that that specific annoyance is a security measure. I’m saying that the whole paradigm shift that Wayland is is partially motivated by improving security. Such paradigm shifts come with paper cuts, especially in the beginning. But the rough edges are being filed down one by one. That’s not to say that Wayland is the answer for everyone yet, nor that it will ever be. There’ll always be exceptions. But for the vast majority of users it is, and it helps keep their systems safer than they are without it.
> and why they’re playing an increasingly big role in modern distros.
My modern distros, are you implying if a distro adopts flatpak use it is modern, if not it is antiquated?
Those are dangerous doctrines when foss is meant to provide choice, and it can be a choice to reject certain groups of software.
@Ullebe1
Not at all, seems like you’re reading things into it that aren’t there.
By modern distros I mean that for the newer variants of multiple large distros (Like Fedora Silverblue and its cousins, openSUSE MicroOS, etc.), even ordinary Ubuntu, Fedora and their derivatives and cousins, across the major DEs like Gnome and KDE, for all of them apps packaged like Flatpaks and Snaps have an increasingly large role.
I’m specifically not saying it’s the only way to be modern or that other approaches can’t have merit, I’m saying there is a clear trend among some of the largest players in the game.
I think it’s dangerous to put words in other peoples mouths and then argue against those imaginary statements, and I think it’s sad that you seemingly feel it’s the best way to argue for what you believe in. You can do better.
You have a very narrow perception of what a linux distribution/system should be, and that is a heavily commercial windows/macos alternative for people who deny reading.
That audience makes total crap popular!
Is that better now?
@Ullebe1
Not even close, you’re even more off base than you were before. I mean what do you even base your ridiculous statements about my opinions and perceptions on?