X.org has many other problems, mostly related to screen tearing or security bugs. It is getting closer for the end of its life as being too complicated and not well designed project.
> It is getting closer for the end of its life as being too complicated and not well designed project.
X11 is 37 years old. Even taking at face value the rumors of its death, I'd say it was shockingly well designed if it's finally - maybe - starting to hit its limits.
It's not really a rumor, if you check upstream you can see that nearly all work on new features is now happening in Wayland and Mesa and then eventually might get backported to X. That's what the article is about.
> X.org has many other problems, mostly related to screen tearing or security bugs. It is getting closer for the end of its life as being too complicated and not well designed project.
That is FUD.
Screen tearing is subjective issue, personally i never cared for it and my biggest annoyance with Windows is that its forced compositor also adds vsync which forces input lag across the desktop. X allowing me to not use that garbage is a big plus. With a fast refresh rate monitor tearing is practically invisible anyway. Also X11 applications can avoid screen tearing, if some do not then this is a bug in the application.
Security bugs is overblown and Wayland security features are akin to keeping your computer turned off to get the best security. In practice if you do not trust an application you can isolate it, though it is really futile since applications can simply use other means than X to "spy" you. X already provide functionality for doing that but if you are really paranoid (why are you running untrusted applications in that case?) you can run a nested X... or even X under Wayland under X. Then once you notice the onionwrapped application launch your browser or any other application, you'll realize the futility of said onionwrapping but hey, until that moment you'll feel safe.
> end of its life
Xorg is an open source program, you can't "end of line" an open source program, it isn't Visual Basic 6 that died because Microsoft decided it should die. As long as someone wants to improve it, it will get improvements.
Also a new version was released just a few weeks ago with a new maintainer that offered to make new releases.
> being too complicated
Have you actually checked the source code? If you ignore the drivers and all the satellite libraries (like Xt, Xaw, etc) the X server itself isn't really that big or complicated.
> not well designed project
This is irrelevant, it does what it is supposed to do.
I always hear these same talking point as well. Why do they want to say things that doom x.org so much? It is some sort of meme that's spewed out from people that want everyone to switch to wayland? I feel like everytime I hear a security issue almost anywhere its paranoia, overblown and generally so improbable that if I never heard of it I would be fine. I disabled spectre and meltdown and recommend everyone else who has an updated browser to as well.
> In practice if you do not trust an application you can isolate it, though it is really futile since applications can simply use other means than X to "spy" you. X already provide functionality for doing that but if you are really paranoid (why are you running untrusted applications in that case?) you can run a nested X... or even X under Wayland under X.
This exactly is the point. Wouldn’t it be nice to just use apps without extra steps? It would make Linux better for non-experts.
You can’t even isolate X applications without running other X.org because there is no permission control once the application has access into socket, and with socket it can see everything.
And you can’t really rework that. Sometimes you need to rewrite whole thing.
Applications cannot normally spy on you unless you run everything in root. It is X.org which provides access for keystrokes and windows.
> Xorg is an open source program, you can't "end of line" an open source program, it isn't Visual Basic 6 that died because Microsoft decided it should die. As long as someone wants to improve it, it will get improvements.
Because the design is bad, it gets harder and harder to add new features. Fixing bug introduces two new ones. Complexity makes it hard to approach project and control everything. Red Hat has maintained it so many years with proper funding, otherwise who knows what would have happened.
>This exactly is the point. Wouldn't it be nice to just use apps without extra steps? It would make Linux better for non-experts.
I don't run untrusted apps, at the cost of crashing, and less overall functionality? Its cutting the nose to spite the face.
>You can’t even isolate X applications without running other X.org because there is no permission control once the application has access into socket, and with socket it can see everything. And you can’t really rework that. Sometimes you need to rewrite whole thing.
Not a real world scenario problem.
>Because the design is bad, it gets harder and harder to add new features. Fixing bug introduces two new ones. Complexity makes it hard to approach project and control everything. Red Hat has maintained it so many years with proper funding, otherwise who knows what would have happened.
Wayland design is... good? So it's taken over a decade to add a fraction of x.org features, and it still crashes? If it so simple and it still sucks, are you calling the programmers incompetent for not making the simple compositor functional?
> I don't run untrusted apps, at the cost of crashing, and less overall functionality? Its cutting the nose to spite the face.
The best practice is zero-trust; handle everything equally. You can't fully say by yourself which is really trustable, and if you are, then you are 0,01% of the actual population, and decision cannot be based on that.
> Not a real world scenario problem.
Of course it is, it is the biggest attack surface for normal application.
No, I am asking about attacks in the wild. I know spectre and meltdown were possible to exploit, but its different from it existing as an attack, like a recipe versus a cooked meal.
I'm not sure what you mean by attacks in the wild. I don't have any news stories talking about how companies lost millions of dollars due to an X.org-based ransomware; but I hope you can see how it's not a good idea to wait for that to happen before fixing a security bug :)
Encryption attacks are being mitigated by backups, but Linux servers don't usually use x.org or GUI do they? This might be why desktop linux isn't being adopted by business, but my point was that we hear of encryption attacks often, but not a single x.org attack that would make migration more pressing. Its living in a nuclear shelter when there is no nuclear threat, and living in an uncomfortable state out of paranoia.
Linux is said to be safer in the public, but if x.org is that bad, is windows actually safer since it doesn't use x?
I think its useful to mitigate problems, without real world examples its hard to care about invisible hypotheticals, especially at the cost of lost functionality.
I'm still not sure I understand. If there is a working proof of concept for the exploit that is published, would you still consider that an invisible hypothetical? To me, it's not, I would like to have those patched. As with meltdown and spectre there may be functional tradeoffs, but when significant money is at risk from security vulnerabilities then I'd usually expect security to win out.
The attack vector for a trojan or ransomware can be a GUI system. It can be anything really, the malware just needs a way to get into the network and then it can cause more trouble and spread to more nodes.
>I'm still not sure I understand. If there is a working proof of concept for the exploit that is published, would you still consider that an invisible hypothetical?
Yes. If deployment is difficult and not applicable in real world settings it isn't really a threat, its like reading about the TouchID since the first iPhone 5S being tricked by copying fingerprints, or needing a bust of a person to trick FaceID. Do people still usually use it? Its a recipe, maybe even its cooked, but if nobody eats the poisoned food because it smells bad, I am not worried I might eat it.
>then significant money is at risk from security vulnerabilities then I'd usually expect security to win out.
In practice it sadly isn't true like the leaks of other people's data that constantly happens.
I think updating browsers is a good idea, I think sandboxing apps can be safer, using a VM for some functionality could be useful too (if you run XP and malware detects its a VM, it doesn't even infect it). Basically I see most security issues as paranoia when its academics publishing hypothetical attacks that have never been seen in the wild, if they made super ebola in a lab or anthrax, I am not too worried about breathing it in.
I would like it patched if the cost is worth it. Intel's was not, I disabled it, and religiously update my browser, my computer is faster, I have safety despite it never existing as an attack because it was easy to defeat.
>its like reading about the TouchID since the first iPhone 5S being tricked by copying fingerprints, or needing a bust of a person to trick FaceID
That's not really comparable, these are trivial exploits that can probably be targeted with a 100-line program, or less.
>In practice it sadly isn't true like the leaks of other people's data that constantly happens.
I've known many security people who take their jobs very seriously. If they weren't doing their jobs, you'd see quite a lot more data breaches than you do now :)
>That's not really comparable, these are trivial exploits that can probably be targeted with a 100-line program, or less.
I feel like it would be newsworthy if they were trivial, or we'd see more of them. Today there was a story on malware on Pinephone, a device almost nobody has that didn't cost any money to anyone. If they were trivial, it would be utilized more and we wouldn't need to care about the wayland issues as much since the alternative is worst.
I tried wayland just because of this thread, and I got 2 crashes within minutes.
I will, KDE discourages me somewhat because it’s not enough or relevant information the few times I tried using their reporter. I think it has to do with mouse speed like gnome.
> You can’t even isolate X applications without running other X.org because there is no permission control once the application has access into socket, and with socket it can see everything. And you can’t really rework that. Sometimes you need to rewrite whole thing.
Actually you can, the X server can run applications in an untrusted state where they cannot see other resources. It is not straightforward to setup though so running a nested X server is much simpler - at least until you realize that the same "untrusted" app has access to the rest of your system anyway.
> It is X.org which provides access for keystrokes and windows.
You can avoid that if you want but as others have mentioned you are way more likely to need that functionality for legitimate purposes.
You can finetune access control of your app into filesystem for example with AppArmor, but access for X.org is always required, remaining as the biggest attack surface.
Neither are really good options for graphical applications. The focus now is on using container sandboxing, at least with things like flatpak and snap anyway.
I'm not an expert on the wayland/xorg/xinput/gnome-shell stack, but unless someone smarter takes good measurements of various things (visual and input delays), I'd suggest
1). Xorg + gnome-flashback or Xorg + other non-compositing WM
or
2). Non-gnome compositor under wayland
As for 1).
Xorg b/c it can provide pointer movements at ~native speed via xnput vs Gnome/Wayland 60-240Hz. And gnome-flashback b/c it's a non-compositing WM, so there's no frame buffering (unless you enable it in nvidia's panel, or via TearFree in amdgpu).
As for 2).
Sway, I suppose, doesn't aggregate mouse movements, but
looking at https://zamundaaa.github.io/wayland/2021/12/14/about-gaming-... the author used some hack to enable "immediate" "drawing" under KWin. I'm not sure what's the default behavior of e.g. Sway - does it buffer frames?
