this post was submitted on 23 Feb 2024
206 points (97.7% liked)

Linux

48145 readers
617 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] excitingburp@lemmy.world 38 points 8 months ago (2 children)

PipeWire wins in the feature-set game, which is why it is being preferred over PulseAudio.

According to the inventor of PipeWire, this is the wrong perspective to take. PipeWire is preferred over PulseAudio as a server, clients (apps) should continue to use the PulseAudio/JACK APIs because the PipeWire API is not designed for general use (it's designed for things like pipewire-pulse and pipewire-jack).

[–] SpaceCadet@feddit.nl 20 points 8 months ago (1 children)

clients (apps) should continue to use the PulseAudio/JACK APIs because the PipeWire API is not designed for general use

Really? That is news to me ... explains why mpv's pipewire audio output was briefly broken a couple of months ago.

[–] excitingburp@lemmy.world 14 points 8 months ago

I heard it in a podcast, but here's a written source on that: https://fedoramagazine.org/pipewire-1-0-an-interview-with-pipewire-creator-wim-taymans/

The message is still to use the PulseAudio and JACK APIs. They are proven and they work and they are fully supported.

I know some projects now use the pw-stream API directly. There are some advantages for using this API such as being lower latency than the PulseAudio API and having more features than the JACK API. The problem is that I came to realize that the stream API (and filter API) are not the ultimate APIs. I want to move to a combination of the stream and filter API for the future.

[–] LainTrain@lemmy.dbzer0.com 4 points 8 months ago (5 children)

So the middleware stays the same but the underlying server changes? That's an amazing strategy I wish Wayland did this instead of breaking damn near everything with it's strange restrictions on behavior and overlays

[–] NekkoDroid@programming.dev 34 points 8 months ago* (last edited 8 months ago)

The thing with Wayland and X11 is: this couldn't really be done because of how fundamentally ~~broken~~ incompatible X11 is (and there is XWayland for most clients that mostly works)

[–] lengau@midwest.social 9 points 8 months ago (1 children)

That's what xwayland is.

Apps can talk to xwayland with the x11 protocol but instead of an X server rendering it, your Wayland compositor renders it.

The restrictions come from the fact that those x11 behaviours are exactly things the industry has decided are a bad idea and should be replaced.

[–] LainTrain@lemmy.dbzer0.com 0 points 8 months ago (1 children)

Really? Like not letting apps draw over other apps? As far as I know Windows still allows that, so does even Mac OS. I don't know who in the industry decided that screenshotting is a bad behaviour and needs to be removed but maybe they should find a new industry, like fast food line work for example.

[–] Ullebe1@lemmy.ml 1 points 8 months ago (3 children)

Allowing any app unrestricted access to the input and output of any other app (like in X11) is a terrible security practice. It allows for trivially easy keyloggers and makes horizontal movement to other apps after the first has been exploited super easy.

Many people's answer to this is "then just don't run untrusted apps, duh", but that is a bad take since that isn't realistic for 99% of users. People run things like Discord or Spotify or games or Nvidia drivers all the time, not to mention random JavaScript on various websites, so the security model should be robust in the presence of that kind of behaviour. Otherwise everyone is just a single sandbox escape in the browser away from being fully compromised by malware installed with root privileges. Luckily we know better now than when X11 was designed and that is the reason for things like Bubblewrap (used in Flatpak for sandboxing), portals and the security model of Wayland.

And in the end: the people who decided this are the people actually willing to do the work to build and maintain the Linux desktop stack. If anyone knows what the right approach is, it's them.

[–] yianiris@kafeneio.social 3 points 8 months ago (1 children)

Are you comparing 40years of graphical environment stability and global use with something that has been broken for more than a decade and now all of a sudden is portrayed as secure?

I want to start applications as another user in my own environment and my own system and wayland prevents me, while x11 allows me (together with many forms of sandboxing and containerization).

I have asked this question to all pretend to be experts of wayland and I have 0 responses.

@Ullebe1 @LainTrain

[–] Ullebe1@lemmy.ml -1 points 8 months ago (1 children)

I absolutely am. Calling Wayland "something that has been broken for more than a decade" rather than "something that has been in active development for more than a decade" is also an interesting take. By that measure X.Org is "something that has been broken for almost two decades", so let's just not go there. And I'm not saying that Wayland magically makes everything secure. I'm saying that Wayland (or something like it) is a necessary step if we want a desktop that is secure. I have seen people propose something like nested sandboxed X servers with a single application for each as an alternative, but I think it's probably better to actually fix the underlying problem.

That's an interesting use case. It isn't really anything I've had a need for, so I don't know what the best way to do something like that is. If your compositor doesn't allow it, could it perhaps be possible to run as a different user in a nested compositor, like Cage or gamescope? Also, how do you sandbox the applications X11 access? If they share the same server, then a sandboxed application can just wait for you to launch a terminal and use sudo, at which point it can inject a malicious command as root.

[–] yianiris@kafeneio.social 3 points 8 months ago (1 children)

I don''t use systemd or logind so I don't have to worry about such magic security violations this bogus pile of crap creates. I have more control of processes and don't allow some "automated" service to be loging-in-out system users 2000 times a nanosecond as logind does.

It only happens when I want it to happen, not uncontrollably.

KISS is the best security measure.

@Ullebe1

[–] Ullebe1@lemmy.ml 0 points 8 months ago (1 children)

So I guess your question wasn't in good faith then, but just bait so you'd have an excuse to rant about things unrelated to my answer?

The security issue that Wayland helps solve has nothing to with systemd or logind, so I'll just ignore your tirade against them. If you don't want to use them, then good on you.

The issue is an inherent issue with the X11 protocol. It can be worked around, but it can't be fixed without something changing in the protocol on a fundamental level. The core premise that any client can be trusted unquestionably is broken and was broken the second browsers began running JavaScript. Not to mention all the other times most modern computers run opaque code of uncertain origins.

Keeping it simple is definitely a great basis to build a secure system upon, it just can't stand alone because of reasons like the above.

[–] yianiris@kafeneio.social 2 points 8 months ago (1 children)

What would js be able to do out of firejail or other such forms of containment?

I only allow js for very specific sites, and most that you can't do without I just do without. I am not that worried about security though, it is just an exercise.

I use seatd with wayland but it can be compiled without it too. My main issue is as I said, I can't just run "sudo -u user2 leafpad" for example, you say it is a security measure, I say it is an inconvenience.

@Ullebe1

[–] Ullebe1@lemmy.ml 1 points 8 months ago (1 children)

The X11 connection is generally an enormous hole in such containment, but yes. Such containment definitely helps. That is why I run as many applications as possible as Flatpaks, as they employ similar countermeasures, and why they're playing an increasingly big role in modern distros.

And it's great that you're risk averse and able to avoid untrusted scripts to that degree. It's just not feasible for the general user, which is why things need to be secure even if a malicious script is mistakenly allowed to execute.

I'm not saying that that specific annoyance is a security measure. I'm saying that the whole paradigm shift that Wayland is is partially motivated by improving security. Such paradigm shifts come with paper cuts, especially in the beginning. But the rough edges are being filed down one by one. That's not to say that Wayland is the answer for everyone yet, nor that it will ever be. There'll always be exceptions. But for the vast majority of users it is, and it helps keep their systems safer than they are without it.

[–] yianiris@kafeneio.social 1 points 8 months ago (1 children)

> and why they’re playing an increasingly big role in modern distros.

My modern distros, are you implying if a distro adopts flatpak use it is modern, if not it is antiquated?

Those are dangerous doctrines when foss is meant to provide choice, and it can be a choice to reject certain groups of software.

@Ullebe1

[–] Ullebe1@lemmy.ml 1 points 8 months ago (1 children)

Not at all, seems like you're reading things into it that aren't there.

By modern distros I mean that for the newer variants of multiple large distros (Like Fedora Silverblue and its cousins, openSUSE MicroOS, etc.), even ordinary Ubuntu, Fedora and their derivatives and cousins, across the major DEs like Gnome and KDE, for all of them apps packaged like Flatpaks and Snaps have an increasingly large role.

I'm specifically not saying it's the only way to be modern or that other approaches can't have merit, I'm saying there is a clear trend among some of the largest players in the game.

I think it's dangerous to put words in other peoples mouths and then argue against those imaginary statements, and I think it's sad that you seemingly feel it's the best way to argue for what you believe in. You can do better.

[–] yianiris@kafeneio.social 0 points 8 months ago (1 children)

You have a very narrow perception of what a linux distribution/system should be, and that is a heavily commercial windows/macos alternative for people who deny reading.
That audience makes total crap popular!

Is that better now?

@Ullebe1

[–] Ullebe1@lemmy.ml 1 points 8 months ago

Not even close, you're even more off base than you were before. I mean what do you even base your ridiculous statements about my opinions and perceptions on?

X11 doesn't have to allow any app unrestricted access to any other app.

[–] LainTrain@lemmy.dbzer0.com 1 points 8 months ago (1 children)

I'm a cybersec MSc and the security model you're describing is that of the clipboard.

Apps interacting with each other is also how just about anything works on a computer since multi tasking OSes.

Flatpaks and Snaps are also DOA along with Wayland lol.

[–] Ullebe1@lemmy.ml -1 points 8 months ago (1 children)

Nice appeal to authority. Are you referring to a formalised security model (of which I'd love to read more, if you have a link?), or the actual clipboard on your PC?

But not all interaction is equal. Access control and granularity of permissions is something X11 is sorely lacking in, which Wayland has built in. Which is why X11 is a bad fit for common treat models and Wayland is not.

Ohh, @LainTrain@lemmy.dbzer0.com said so, so it must be true! I'll let you keep believing that while I enjoy them and watch them grow in popularity and usage, just like Wayland.

[–] LainTrain@lemmy.dbzer0.com 1 points 8 months ago* (last edited 8 months ago)

I'm referring to the actual clipboard on your PC, yes.

Don't get me wrong ofc X is not without issues at all, but Wayland is like chopping off your arm at the elbow because you messed up some nail polish, and you arguing for it is like saying that now since you don't have that arm anymore no one can break it, while all the other OSes watch on in horror and embarrassment as they allow all access to screen elements to any random app like god intended.

If you got malware installed it's all over anyway. Why bother with weird screen access when you can just ransom the home partition and all personal files instead?

Without OBS, Discord, Steam, Guake, proper screenshot tools, etc. it's not really a functional OS anymore for general use and that's what you get with Wayland.

If Wayland fixes all the issues with it I'd happily switch, but it likely won't since they are fundamental to it's design and if so then the only way it will secure Linux desktops is by making no one ever use one again.

[–] ray@lemmy.ml 8 points 8 months ago

Yeah it's kinda the opposite of "New interface, old implementation."

Which I learned from https://henrikwarne.com/2024/01/10/tidy-first/

[–] ProtonBadger@kbin.social 3 points 8 months ago (1 children)

But it was the X protocol that needed to be replaced.

[–] LainTrain@lemmy.dbzer0.com 2 points 8 months ago* (last edited 8 months ago)

And it hasn't done that because no one is going to replace it a good but old pipe with a few issues with a pipe with a massive hole in it "by design"

[–] sadreality@kbin.social 1 points 8 months ago (2 children)

it’s strange restrictions on behavior and overlays

Ain't this is good for security and privacy?

[–] nintendiator@feddit.cl 4 points 8 months ago (1 children)

A "security" that interrupts the user or prevents them from doing their work is bad, because it incentivizes the user to skip or disable it, and the use of a Linux system already can get most of the ways to do either of those via ${packagemanager} install. Thus it's more like security theatre.

From what I gather, the wayland model of things is so ridiculous that it can't even provide for global hotkeys - which are, like, the guaranteed way to setup an interface the user can trust because it'll always mean that when the user users it. I doubt wayland would even be Magic SysRq keys-compatible.

[–] LainTrain@lemmy.dbzer0.com 2 points 8 months ago* (last edited 8 months ago)

What the other person said. I didn't even think magic sysrq keys I was thinking like some steam like overlay lmao