1. 38
  1.  

  2. 33

    Wayland also does not solve any problems for most users. That’s the biggest reason adoption is so slow. People might put up with some breakage for some benfit, but for no (perceivable) benefit? Nah. I run X in all my devices including my phone. I recently had to walk my Mom through switching off wayland (her laptop came with it on) so her screen sharing could work for teaching classes. She hasn’t noticed the switch except that things are reportedly more stable now.

    1. 7

      That’s completely fair. It is hard to see the benefits of switching when ideally, at the user level, the systems should be indistinguishable.

      That being said, I’ve switched because under X screen tearing was driving me nuts, and it has vanished on Wayland.

      1. 2

        X has absolutely no support for per-screen DPI scaling (and almost certainly never will). It makes my current monitor setup almost completely unusable, so I’m either stuck with Windows or I use wayland..

        1. 9

          Have you tried xrandr’s –scale ?

          xrandr -d :0 --fb 6572x3696 --output DP1-2 --mode 3840x2160 --scale 1x1 --rate 60 --pos 0x0 --primary
          xrandr -d :0 --fb 6572x3696 --output eDP1  --mode 1366x768  --scale 2x2 --panning 2732x1536+3840+0
          
          1. 1

            I was under the impression that DPI scaling is usually done by the UI toolkit (such as GTK) in response to an environment variable that can be set per-process?

            That said, I’ve only playing with DPI scaling on my pinephone. My desktop is a single 4K monitor so no need for any scaling stuff there. I’m very open to believing your use case is one wayland is good at and X is not, in which case by all means :) To each their own.

            1. 1

              That may work for single displays. The issue is two displays (multi-head) with significantly different DPIs. GTK’s scaling works to a degree, but it’s still not per-monitor aware last time I checked, and it doesn’t elegantly handle font scaling.

              1. 1

                GTK’s under X is per-process. So unless windows from one process are on each monitor… then I guess you’re back to the same problem again if you need to scale on one of them.

                Like I said, I don’t use scaling usually. I just run things at their normal size.

                1. 2

                  Or if you drag windows between monitors. Also, if you’re using a 4k display on X, you’re probably using a 200% scaling factor (unless you’re on a huge monitor), either as a pixel scale or your desktop is scaling for you.

                  1. 1

                    Yup, huge monitor :) I wouldn’t bother with 4K on a smaller monitor.

        2. 21

          So, there are 2 separate rants here… one saying Wayland is bad because it breaks things, and one saying Wayland is fine so get over yourselves.

          Both of these viewpoints have valid points, and while I think Wayland is a step forward, I also think it’s not ready for everyone, specifically users who stream, care very much about input latency on Gnome (I can’t speak to users of other compositors, but I think this is mostly a Gnome issue), or use nvidia cards (with non-Gnome/KDE setups). Those are purposefully a very specific subset of users - for many people it will work well.

          From the article (pro-Wayland):

          Firstly, to Drew directly: who is this post for? Is it meant to be a cathartic rant or try to inform people? I have a hard time gauging the audience. I feel personally attacked because of how it tries to lump in all people who don’t/can’t use Wayland with conspiracy theorists (who I’ve had to deal with directly because family). It might be that your post wasn’t meant to respond to the gist also linked in this thread and I’m reading too much into this… but even if it isn’t, the tone of your post is just way off.

          What do anti-vaxxers, flat earthers, 9/11 truthers, and anti-Wayland activism all have in common? All of them are characterized by a blithe rejection of facts to embrace a narrative of victimization by a vague authority.

          This is one of the most aggressive and ridiculous ways I’ve ever seen to discount an argument. I get that Drew is frustrated with entitled people who complain that “Wayland sucks” without understanding how it works, but “people who don’t like Wayland”/“people who can’t run Wayland” and conspiracy theorists aren’t anywhere close to each other.

          “Wayland sucks!” is a conspiracy theory with no basis in truth, and its supporters have spent years harassing Wayland maintainers, contributors, and users. And it’s time for it to fucking stop.

          I’m sure that I see comments claiming this way less than Drew, especially with his direct involvement with Wayland-adjacent projects. I completely agree that harassment of Wayland maintainers, contributors, and users needs to stop - this sounds similar to the form of entitlement that pervades many open source software users, not just Wayland.

          Maybe Wayland doesn’t work for your precious use-case. More likely, it does work, and you swallowed some propaganda based on an assumption which might have been correct 7 years ago.

          Very few Wayland compositors actually work with nvidia. Yes, it’s because nvidia doesn’t implement GBM in their proprietary driver and try to push EGLStreams which, from what I understand, doesn’t fit well with how many compositors are designed, specifically wlroots-based ones… and the maintainers of wlroots don’t have the bandwidth or desire to implement a separate codepath just for nvidia. However, sarcastically naming the flag to attempt running sway on unsupported GPUs ––my–next–gpu–wont–be–nvidia and discounting an entire brand of GPUs as a “precious use-case” is just crazy to me.

          I went out of my way to try and get a graphics card that would work with Linux and would also work well for gaming in Windows. The GTX 1080 Ti is supposed to work with nouveau, but after wasting multiple days on it, I wasn’t able to get anything more than a blank screen. X11 with the proprietary driver is the only thing that I have been able to get working on this machine and that doesn’t seem to be changing soon - I wish I knew OpenGL well enough to contribute to wlroots, but I’m not even certain EGLStreams patches would be accepted.

          There are options though: both Gnome and KDE support Wayland on nvidia cards (as well as Intel/AMD). Unfortunately, I get tons more input lag in Wayland compared to X11 in Gnome. From what I understand, this is because both input and rendering happen on the same thread in Gnome with Wayland, rather than event-driven nature of X11 (and having clients talk to the X server rather than the compositor directly). It turns out when every single compositor has to implement the same interface with a lot of surface area, they are bound to make mistakes and regressions. I haven’t used KDE before and don’t really want to now, but I’ve been trying it out because that’s my only option if I want to use Wayland.

          This would be less of a slap in the face if nvidia hadn’t been the leader in performance on Windows for ages or if you could actually buy modern GPUs at the moment, but those are other issues. If I could upgrade to a 6800XT, I would in a heartbeat, but I haven’t seen one in stock long enough for me to buy one at a reasonable price.

          None of the Wayland detractors have a clue. They don’t understand Wayland, they don’t understand X11, they don’t understand Linux graphics or OpenGL or Vulkan or anything else in the stack. They don’t even understand what it’s like to use Wayland, because at most they might have spent 5 minutes installing it, realized that something was — gasp — different than X11, and then uninstalled it and wrote their angry Reddit comment.

          Again, as with a huge chunk of the rest of his post, this statement is a gross generalization.

          I’ve used Wayland on all my Linux boxes with Gnome for multiple years. I’ve written toy X11 WMs. I’ve used both i3 and Sway on multiple machines (usually with Intel integrated graphics). I’ve written some basic games using OpenGL directly. I understand the general difference between the architectures and at least from a user standpoint (though possibly not from a technological standpoint), I think Wayland is a step backwards.

          With X11, having the server meant that every WM didn’t need to directly implement input handling and configuration, as well as interfacing with hardware. With Wayland, from my understanding, every compositor needs to interface with hardware. There are libraries (like libinput) to make it easier and frameworks (like wlroots) to make writing a compositor easier, but they don’t have universal support and that doesn’t change the Wayland design choice. In any sense, I wouldn’t expect them to have universal support: they’re newer, are less battle-tested, and are created by volunteers.

          I’ve done a bit of research on this, but if I have any misconceptions about this, I’d be happy to be corrected.

          It has a real cost, you know, being a dick to maintainers. It’s not good for our mental health. We’re out here trying to make things better. Wayland fixes unfixable problems with X11, and might have invented some new, fixable problems in the process — most of which have been fucking fixed already, and years ago! We’ve sacrificed our spare time to build this for you for free. If you turn around and harass us based on some utterly nonsensical conspiracy theories, then you’re a fucking asshole.

          As someone who maintains other (admittedly smaller) open source projects, I agree with pretty much all of this.

          Most of the lies you’ve heard about ways that it’s broken are just that: lies. And if you insist on living in that fantasy, then keep it to yourself, asshole.

          I don’t know if the article was responding to the gist or something else, but the gist mentioned in this thread brought up a number of things that work in X11 and don’t work in Wayland. Those are not lies. They are very real regressions for users and to continue calling people who want features that previously worked “assholes” is a pretty negative way to treat people.

          In conclusion, I really do appreciate the people who have put their time and effort into improving the graphics situation on Linux and look forward to using Wayland when it’s an option on my hardware.

          From the gist (anti-wayland):

          Wayland solves no issues I have but breaks almost everything I need. And usually it stays broken, because the Wayland folks only seem to care about Gnome, and alienating everyone else in the process.

          From a user standpoint, I understand but also don’t completely agree. In general, when it works, Wayland is way easier to use out of the box. In particular around input handling, at least with Gnome, KDE, and Sway. Graphics support is generally comparable/better (at least for Gnome/KDE) out of the box as well.

          I do understand that it breaks existing workflows - and if you need those specific workflows I don’t think it’s ready, but claiming “Wayland breaks everything” is simply incorrect.

          The thing this gist ignores is all the reasons that X11 is broken or a horrible user experience for many users. Mixed DPIs between monitors aren’t really possible, X11 has a ton of server extensions which can complicate things, direct rendering isn’t always easy, and the X11 architecture is both 30-ish years old and more of a security concern.

          Wayland breaks feature X

          Yes, there are lots of things that need to be rethought when the architecture changes. Many things listed in this list would need to be supported by the compositors (redshift and screen recording are both supported in Gnome as far as I know). As far as I know they’re still coming, but it makes sense to do them right so people won’t want to move back to X11 - it simply isn’t maintainable. Until then, you have X11 and don’t need to resort to attacking a huge open source ecosystem of projects which is honestly trying to make things better.

          1. 5

            I’ve written a (simple) X11 window manager and I’ve worked with a bunch of display server systems and I’m not a fan of Wayland or X11, but I’m more negative about Wayland than X11 for one simple reason: X11 doesn’t solve the problems that I have because it was designed before most of those problems existed. I hold Wayland to a higher standard because it’s a once-every-few-decades chance to replace a core bit of infrastructure and so needs to solve problems properly.

            There’s a lot that I like about Wayland. The surface abstraction is more or less what exists in X11 if you ignore all of the legacy crap, but in X11 you can’t ignore the legacy crap. It doesn’t give everyone access to all events (and the ability to inject all events). The way that X11 does remote desktop kind-of works, but it’s definitely not the right way on modern systems and there’s no reason that you couldn’t implement a Wayland compositor that just talks RDP.

            I want a display server that fully respects the principle of least privilege. X11 gives me some fault isolation (if my WM crashes, I can restart it) but anything that connects to the X server has basically complete control over everything. There’s no special capability that you have to grant to a process to be a WM and all sorts of fun things happen when you try to start two processes that both want to be a WM on the same X server. I can imagine some incremental changes to X11 that would restrict these permissions and a new WM protocol that would allow a compositing WM to define where and how windows are composited but not extract their contents but the focus on Wayland means that we don’t get this. In this regard, Wayland is a step backwards because it’s putting the WM in the same process. In theory, you could build a compartmentalised Wayland compositor that ran as a family or processes, all with limited privileges, but I don’t see anyone doing that.

            Screen shots, screen grabs, and so on are a core part of any modern display server. X11 lets everyone do it, Wayland doesn’t provide a protocol for anyone to do it. The separation of display server and compositing manager makes it easier to design something nice in X11 because any application has the ability to take responsibility for how another client’s windows are displayed. The down side of this is that the security is terrible. A secure model for doing this should be one of the first requirements for any display server and should be part of the protocol’s core security model. It needs a capability mechanism with revocation: I should be able to dynamically grant the right for my favourite video conferencing application to capture the output of specific windows and then revoke that right at the end of the call. I forgive X11 for not thinking of this at the start, because the security landscape was very different back in the ’80s.

            I don’t know if this has been fixed, but last time I looked Wayland had a brain-dead protocol for drag-and-drop. OPENSTEP got this right over 30 years ago, so there’s no excuse for anyone getting it wrong now. Drag-and-drop needs to get any complex operations off the path to start a drag if you want a good user experience. The protocol used on OPENSTEP / macOS is a little bit complicated: the drag source advertises a set of types, the drop target picks one, the drag source then provides the data. Providing the data may be a complex operation (for example, involve video transcoding) and so may well have user-visible latency. The Wayland protocol requires that the drag source provides the data at the start of the drag operation. As a user, would you rather the UI paused for a second at the beginning or end of a drag-and-drop operation? The simplest way of fixing this is to not implement rich drag and drop in your applications and this is one of the reasons that macOS usability is often noticeably better than other platforms - direct manipulation works on most things.

            Still no sound integration. X11 had MAS, but I never got it to work. It’s annoying for remote desktop that you can stream video but not get the accompanying audio. Remote desktop with RDP on Windows works because the display server is responsible for the synchronisation of audio and video. I’ve not seen anything in Wayland for synchronising audio and video streams, but the display server is the only thing that knows about latency from things like HDCP and so knows the skew that you need to apply to audio to make it line up with video.

            I may be completely wrong about this one, but it looks as if the Wayland protocol has a load of state that is stored only in the server. One of the big problems with X11 is that a crash in the X server kills all of the clients. Windows is able to recover from the display server crashing and reattach all clients. Wayland makes crashes more likely by moving more stuff into the compositor. This is also really important if you want to add remote desktop later. One of the most annoying things about remote X11 is that there is no way of moving applications between displays (at least, not one that doesn’t add a fragile and flaky proxy). If all of the state is in the client, it’s trivial to detach from the local-GPU-powered Wayland compositor and attach to an RDP compositor, which would allow you to move applications between local and remote displays easily.

            I’m also somewhat sad that the Wayland ecosystem is gradually moving to less permissive licenses. X11 is MIT licensed, a load of Wayland bits are LGPL. That’s probably a battle that’s already lost, given that all of the popular X11 toolkits are LGPL’d and depend on other LGPL’d things such as Cairo and Pango.

          2. 18

            TL,DR - some of these complaints are inaccurate.

            This rant came up 3 months ago and I spent some time checking it out. The rest of this post is derived from that post.

            • Some screen sharing and screen recording apps aren’t yet/won’t be ported to Wayland.
              This was equally true for other windowing system transitions - some apps weren’t ported from NeWS or SunView either. It doesn’t mean that Wayland is unsuitable for general use.
            • Wayland GTK4 breaks global menus in Gnome.
              This is a GTK issue. GTK4 removed support for a feature that is required by global menus. Wayland isn’t responsible for the development practices of the GNOME project.
            • Wayland broke global menus with KDE platformplugin.
              This issue has been resolved.
            • Wayland breaks global menus with non-KDE Qt platformplugins.
              This may have been fixed in 5.11.
            • Wayland breaks AppImages that don’t ship a special Wayland Qt plugin.
              This is another 5.11 issue, it may have been fixed.
            • A Youtube video from someone who prefers X11.
            1. 16

              Linux has a long history of NIH syndrome and a long history of abandoning the thing that has been working for years to adopt the new hotness. By Linux, here, I mean the distros more than the kernel, but my favorite example is from the kernel.

              I started with Linux in 2000, and at the time the in-kernel sound system was OSS. The drivers were missing features; IIRC they were lacking mixing and full duplex. So, you couldn’t record and play audio simultaneously with the same card. People complain about Linux audio today, but in 2000, things were far worse.

              There were fully featured drivers for OSS, but they were closed. ALSA was the new hotness, the answer to OSS. I remember downloading and compiling ALSA drivers, because I wanted to use a VOIP program at the time.

              But instead of improving the existing OSS drivers, the ALSA people went and did their own thing. New drivers, new API, and everything. And whoa, is ALSA complicated. Fast forward a few years, and there’s yet another new hotness, PulseAudio.

              Contrast this with FreeBSD. FreeBSD essentially reimplemented the OSS API and drivers, improving along the way. They even have in-kernel software mixing. Linux doesn’t and never will; it’s either done in a sound server like pulse, or it’s done in an ALSA plugin like dmix. You’d have to work awfully hard to convince me that OSS is irredeemably broken, considering that both FreeBSD audio and OSSv4 evolved out of it.

              I suspect the X/Wayland case is a lot different than the OSS/ALSA situation, but I really don’t know. I try to know as little about graphics as I can get away with, as I don’t even use a display.

              My point? This has all happened before, and it will all happen again. Quite a few of us old-timers are distrustful, because we’ve been through a few of these reinvention cycles.

              My advice? Keep an open mind. Sometimes the new hotness is really an improvement over the old thing you’ve been using for umpteen years. Finally, it goes without saying that being a douche to free software maintainers is never, ever acceptable.

              1. 4

                I feel this! I believe it boils down to maintainers. Who maintains open source ?

                1. Teens / Undergrads
                2. Academics / PhDs
                3. Paid Employees / Startups / Govt Employees
                4. Hobbyists / Self-employed

                3 works for big / successful projects. 1, 2, 4 are the norm … so that means novelty is preferred over stability and the end user is screwed.

                I am using Ubuntu Linux again after a long time and normal day-to-day usage is still icky. I think the issue is too many dependencies. I wonder how Plan9 solved this.

                1. 4

                  I honestly think that a system that replaces X11 and tries to approach parity with a windowing system like Windows or macOS is beyond the capabilities of the current FLOSS community.

                  Why? Because there’s too much stuff that has to be coordinated:

                  • security
                  • performance
                  • stuff like audio
                  • sharing parts of the screen(!)
                  • a11y and i18n
                  • the list goes on…

                  A single company can do this, because it has the resources to employ people who can coordinate all these things. A gaggle of J. Random Hackers doesn’t.

                  Part of the strength of the FLOSS community is the openness and the (kinda) low barrier of entry. X11, by doing the bare minimum, enabled a huge flourishing of projects large and small, that enabled subcultures like people who enjoy tiling WMs for example to flourish. But it’s also its weakness, as any attempt to replace X11 will run headlong into a huge number of opinionated users who simply will not accept that their workflow is now broken.

                  Maybe the best way forward is some very low-level hacking that “inverts” the X server so it’s not longer designed to be hosted in the network , but that retains the backwards compatibility of all the clients. I have no idea whether this is even feasible though.

                  1. 1

                    I’ll take 1, 2, 4 over 3 all day long.

                    If 3 stopped existing, it would be a fundamental improvement for free software.

                  2. 2

                    You forgot about Pirewire, the latest hot/new/another layer on top of pulseaudio and JACK :-)

                  3. 12

                    It’s an interesting exercise to replace “Wayland” with “systemd” and “Xorg” with “sysv-init” in this article.

                    1. 10

                      That is an interesting exercise indeed. There are at least two valid complaints about systemd which don’t apply to Wayland: scope and portability. systemd has its fingers in too many pies, and explicitly uncares about non-Linux platforms. Wayland has a pretty small, mostly closed scope, and runs on BSDs in practice, and more platforms are hypothetically possible if someone put a little bit of work in (no more work than, say, porting X11 requires).

                      1. 11

                        Can I agree with both of you on this? I think systemd gets a lot of “NEW==BAD” hate, and I think the proponents of sysvinit are definitely overstating it’s relevance to computers today.

                        However, it seems like whenever the systemd devs hit any kind of problem, they’re like “I know, we’ll just write our own systemd version and tie it into this giant opaque blob that does everything”

                        Though the systemd devs will say “It’s all a modular buffet, you can take what you want and use your old tools for stuff you don’t”, unfortunately, nobody’s interested in taking the good bits of systemd, which is basically just the init system, and packaging that up with tried and tested utilities that have worked for the past 20 years, and continue to work today.

                      2. 13

                        Disliking Wayland and disliking systemd are orthogonal.

                        1. 6

                          I think that some amount of rejection may come from the shared feeling that “newer” hardly means “better” these days. (Gnome, Firefox, Flatpak, Go …)

                        2. 10

                          I have had a nice experience with swaywm + Wayland. The only reason I’m using bspwm on X11 right now is because I chose to get an RTX 3090.

                          The points in the article don’t really affect me:

                          • OBS works fine with the wlrobs plugin for wlroots capture
                          • Screen sharing with multiple monitors on X11 is almost broken anyway, so I use a v4l2loopback virtual camera to share my screen instead.
                          • On Linux, I can do most of my automation through the shell, instead of by programatically clicking on GUI.
                          • I don’t use GNOME, KDE, or XFCE.
                          • gammastep is flag-compatible with redshift.
                          • Most programs run just fine under Xwayland.

                          And, using Wayland, you get to have:

                          • Almost zero screen-tearing (whereas in my experience X11 desktops have poor screen tearing even with a vsync-ed picom configuration)
                          • Multi-seat desktops (this is really gimmicky, but I find it quite fun)
                          • Headless displays (meaning you can turn a multi-device setup into a psuedo multi-screen setup with a VNC client)
                          • Proper HiDPI with per-monitor fractional scaling.
                          • The Wayland-native software I have found is really nice: I much prefer greetd with greetd-gtk-greeter running under cage to any Display Manager, wdisplays works much nicer than lxrandr or arandr, mako is a great replacement for dunst, et cetera.

                          As for support for nvidia GPUs, hopefully we see some progress that can branch out of wlroots’ Vulkan allocator efforts (I’m pretty sure there will still be a need for some driver-specific allocation code for the proprietary drivers, though.)

                          1. 9

                            I’m a long time desktop linux user, but I haven’t tried using Wayland yet on any system I run (and consequently don’t have strong opinions about it one way or the other). I happened to click the link and read “ I’m tired of this anti-Wayland horseshit” first, noting that the author was fairly angry at Wayland detractors, and specifically comparing them to “flat earthers” and “9-11 truthers”, i.e. people who are widely agreed to profess a wilfully broken model of reality.

                            Then I clicked the link to “Think Twice Before Abandoning Xorg - Wayland Breaks Everything “ and noted the links to the Github issues for Jitsi, OBS Studio, and Zoom, all stating something along the lines of “we don’t support Wayland because there’s no screen capture API”. Those are all pieces of software I use (Zoom unwillingly), and sometimes use to capture video of my own screen. If these are all broken because Wayland doesn’t provide a way for these kinds of applications to take screen captures - even if there are good security reasons for this - then Wayland in fact does not work for my use case, which I think is a reasonable use case that many people have. I wouldn’t go so far as to claim that this makes Wayland “suck”, generically; but I am in fact less inclined to try it out now on my own system than I was 10 minutes ago.

                            There’s some irony in learning this immediately after reading a claim that Wayland detractors “live in your propagandized world of Wayland lies”. Like I said, I haven’t looked into Wayland all that much so far, and I had no idea that screen capture didn’t work on it until I read the above article. And there’s maybe a broader point to be made about how one should evaluate the veracity of a claim, that someone writing an angry article online labels a conspiracy theory.

                            1. 2

                              even if there are good security reasons for this

                              I’d love to see someone try to retrofit a capability model to X11 such that these things can be dynamically allowed and disallowed on a per-client, per-time-interval, basis. I strongly suspect that it would be less difficult than moving to an entirely new display server.

                            2. 18

                              What this rant does not focus on: It’s a good thing that these usecases are broken. Wayland prohibits your desktop applications from capturing keystrokes or recording other apps’ screens by default. X’s security model (and low level graphics APIs) is/are severely outdated, and Wayland promises not only to be more secure, but also expose cleaner APIs at the lower level (rendering, etc.)

                              These usecases are/will still be supported though, but this time via standardized interfaces, many of which already exist and are implemented in today’s clients.

                              X is based on a 30 year old code base and an outdated model (who runs server-side display servers these days?). Of course, switching from X to Wayland will break applications, and until they are rewritten with proper Wayland support they will stay that way. For most X11 apps there even is Xwayland, which allows you to run X11 apps in Wayland if you must.

                              1. 25

                                What this rant does not focus on: It’s a good thing that these usecases are broken

                                You should have more compassion for users and developers who have applications that have worked for decades, are fully featured, and are being asked to throw all of that away. For replacements that are generally very subpar. With no roadmap when party will be reached. For a system that does not offer any improvements they care about (you may care about this form of security, not everyone does).

                                I could care less about whether when I run ps I see Xorg or wayland. And I doubt that most of the people who are complaining really care about x vs wayland. They just don’t want their entire world broken for what looks to them like no reason at all.

                                1. 5

                                  I’m not saying that those apps should be thrown away immediately. Some of these work under XWayland (I sometimes stream using OBS and it records games just fine).

                                  If your application really does not run under XWayland, then run an X server! X is not going to go away tomorrow, rather it is being gradually replaced.

                                  I’m simply explaining that there are good reasons some applications don’t work on Wayland. I’m a bit sore of hearing “I switched to Wayland and everything broke” posts: Look behind the curtain and understand why they broke.

                                2. 17

                                  I’m kind of torn on the issue.

                                  On the one hand, the X security model is clearly broken. Like the UNIX security model, it assumes that every single application the user wants to run is 100% trusted. It’s good that Wayland allows for sandboxing, and “supporting the use cases, but this time via standardized interfaces” which allow for a permission system sounds good.

                                  On the other hand, there’s clearly no fucking collaboration between GNOME and the rest of the Wayland ecosystem. There’s a very clear rift between the GNOME approach which uses dbus for everything and the everything-else approach which builds wayland protocol extensions for everything. There doesn’t seem to be any collaboration, and as a result, application authors have to choose between supporting only GNOME, supporting everything other than GNOME, or doing twice the work.

                                  GNOME also has no intention of ever supporting applications which can’t draw their own decorations. I’m not opposed to the idea of client-side decorations, they’re nice enough in GTK applications, but it’s ridiculous to force all the smaller graphics libraries which just exist to get a window on the screen with a GL context - like SDL, GLFW, GLUT, Allegro, SFML, etc - to basically reimplement GTK just to show decorations on GNOME on Wayland. The proposed solution is libdecorations, but that seems to be at least a decade away from providing a good, native-feeling experience.

                                  This isn’t a hate post. I like Wayland and use Sway every day on my laptop. I like GNOME and use it every day on my desktop (though with X because nvidia). I have written a lot of wayland-specific software for wlroots-based compositors. But there’s a very clear rift in the wayland ecosystem which I’m not sure if we’ll ever solve. Just in my own projects, I use the layer-shell protocol, which is a use-case GNOME probably won’t ever support, and the screencopy protocol, which GNOME doesn’t support but provides an incompatible dbus-based alternative to. I’m also working on a game which uses SDL, which won’t properly support GNOME on Wayland due to the decorations situation.

                                  1. 13

                                    the X security model is clearly broken

                                    To be honest I feel the “brokenness” of the security model is vastly overstated. How many actual exploits have been found with this?

                                    Keyloggers are a thing, but it’s not like Wayland really prevents that. If I have a malicious application then I can probably override firefox to launch something that you didn’t intend (via shell alias, desktop files) or use some other side-channel like installing an extension in ~/.mozilla/firefox, malicious code in ~/.bashrc to capture ssh passwords, etc. Only if you sandbox the entire application is it useful, and almost no one does that.

                                    1. 10

                                      This isn’t a security vulnerability which can be “exploited”, it’s just a weird threat model. Every single time a user runs a program and it does something to their system which they didn’t want, that’s the security model being “exploited”.

                                      You might argue that users should never run untrusted programs, but I think that’s unfair. I run untrusted programs; I play games, those games exist in the shape of closed-source programs from corporations I have no reason to trust. Ideally, I should be able to know that due to the technical design of the system, those closed source programs can’t listen to me through my microphone, can’t see me through my webcam, can’t read my keyboard inputs to other windows, and can’t see the content in other windows, and can’t rummage through my filesystem, without my expressed permission. That simply requires a different security model than what X and the traditional UNIX model does.

                                      Obviously Wayland isn’t enough on its own, for the reasons you cite. A complete solution does require sandboxing the entire application, including limiting what parts of the filesystem it can access, which daemons it can talk to, and what hardware it can access. But that’s exactly what Flatpak and Snaps attempts to do, and we can imagine sandboxing programs like Steam as well to sandbox all the closed source games. However, all those efforts are impossible as long as we stick with X11.

                                      1. 3

                                        Every single time a user runs a program and it does something to their system which they didn’t want, that’s the security model being “exploited”.

                                        If you think a permission system is going to solve that, I going to wish you good luck with that.

                                        Ideally, I should be able to know that due to the technical design of the system, those closed source programs can’t listen to me through my microphone, can’t see me through my webcam, can’t read my keyboard inputs to other windows, and can’t see the content in other windows, and can’t rummage through my filesystem, without my expressed permission.

                                        Ah yes, and those closed-source companies will care about this … why exactly?

                                        They will just ask for every permission and won’t run otherwise, leaving you just as insecure as before.

                                        But hey, at least you made the life of “trustworthy” applications worse. Good job!

                                        But that’s exactly what Flatpak and Snaps attempts to do […]

                                        Yes, letting software vendors circumvent whatever little amount of scrutiny software packagers add, that will surely improve security!

                                        1. 7

                                          If you think a permission system is going to solve that, I going to wish you good luck with that.

                                          It… will though. It’s not perfect, but it will prevent software from doing things without the consent of the user. That’s the goal, right?

                                          You may be right that some proprietary software vendors will just ask for every permission and refuse to launch unless given those permissions. Good. That lets me decide between using a piece of software with the knowledge that it’ll basically be malware, or not using that piece of software.

                                          In reality though, we don’t see a lot of software which takes this route from other platforms which already have permission systems. I’m not sure I have ever encountered a website, Android app or iOS app which A) asked for permissions to do stuff it obviously didn’t need, B) refused to run unless given those permissions, and C) wasn’t obviously garbage.

                                          What we do see though is that most apps on the iOS App Store and websites on the web, include analytics packages which will gather as much info on you as possible and send it back home as telemetry data. When Apple, for example, put the contacts database behind a permission wall, the effect wasn’t that every app suddenly started asking to see your contacts. The effect was that apps stopped snooping on users’ contacts.

                                          I won’t pretend that a capability/permission system is perfect, because it isn’t. But in the cases where it has already been implemented, the result clearly seems to be improved privacy. I would personally love to be asked for permission if a game tried to read through my ~/.ssh, access my webcam or record my screen, even if just to uninstall the game and get a refund.

                                          Yes, letting software vendors circumvent whatever little amount of scrutiny software packagers add, that will surely improve security!

                                          I mean, if you wanna complain about distros which use snaps and flatpaks for FOSS software, go right ahead. I’m not a huge fan of that myself. I’m talking about this from the perspective of running closed source software or software otherwise not in the repos, where there’s already no scrutiny from software packagers.

                                          1. 3

                                            There’s probably evidence from existing app stores on whether users prefer to use software that asks for fewer permissions. There certainly seems to be a market for that (witness all the people moving to Signal).

                                            1. 3

                                              But hey, at least you made the life of “trustworthy” applications worse. Good job!

                                              “Trustworthy software” is mostly a lie. Every application is untrustworthy after it gets remotely exploited via a security bug, and they all have security bugs. If we lived in a world without so much memory-unsafe C, then maybe that wouldn’t be true. But we don’t live in that world so it’s moot.

                                              Mozilla has its faults, but I trust them enough to trust that Firefox won’t turn on my webcam and start phoning home with the images. I could even look at the source code if I wanted. But I’d still like Firefox sandboxed away from my webcam because Firefox has memory bugs all the time, and they’re probably exploitable. (As does every other browser, of course, but I trust those even less.)

                                            2. 1

                                              A complete solution does require sandboxing the entire application, including limiting what parts of the filesystem it can access, which daemons it can talk to, and what hardware it can access. But that’s exactly what Flatpak and Snaps attempts to do

                                              But that’s quite limited sandboxing, I think? To be honest I’m not fully up-to-speed with what they’re doing exactly, but there’s a big UX conundrum here because write access to $HOME allows side-channels, but you also really want your applications to do $useful_stuff, which almost always means accessing much (or all of) $HOME.

                                              Attempts to limit this go back a long way (e.g. SELinux), and while this works fairly well for server applications, for desktop applications it’s a lot harder. I don’t really fancy frobbing with my config just to save/access a file to a non-standard directory, and for non-technical users this is even more of an issue.

                                              So essentially I don’t really disagree with:

                                              I should be able to know that due to the technical design of the system, those closed source programs can’t listen to me through my microphone, can’t see me through my webcam, can’t read my keyboard inputs to other windows, and can’t see the content in other windows, and can’t rummage through my filesystem, without my expressed permission. That simply requires a different security model than what X and the traditional UNIX model does.

                                              and I’m not saying that the Wayland model isn’t better in theory (aside from some pragmatical implementation problems, which should not be so casually dismissed as some do IMHO), but the actual practical security benefit that it gives you right now is quite limited, and I think that will remain the case for the foreseeable future as it really needs quite a paradigm shift in various areas, which I don’t really seeing that happening on Linux any time soon.

                                              1. 2

                                                I don’t really fancy frobbing with my config just to save/access a file to a non-standard directory

                                                If a standard file-picker dialog were used, it could be granted elevated access & automatically grant the calling application access to the selected path(s).

                                                1. 1

                                                  there’s a big UX conundrum here because write access to $HOME allows side-channels, but you also really want your applications to do $useful_stuff, which almost always means accessing much (or all of) $HOME.

                                                  This is solved on macOS with powerboxes. The Open and Save file dialogs actually run as a separate process and update the application’s security policy dynamically to allow it to access files that the user has selected, but nothing else. Capsicum was designed explicitly to support this kind of use case, it’s a shame that NIH prevented Linux from adopting it.

                                                  1. 1

                                                    This sounds like a good idea! I’d love to see that in the X11/Wayland/Unix ecosystem, even just because I hate that awful GTK file dialog for so many reasons and swapping it out with something better would make my life better.

                                                    Still; the practical security benefit I – and most users – would get from Wayland today would be very little.

                                              2. 5

                                                I think “broken” is too loaded; “no longer fit for purpose” might be better.

                                                1. 2

                                                  Well, the security model is simply broken.

                                                  I agree that a lot of focus is put on security improvements compared to Wayland’s other advantages (tear-free rendering being the one most important to me). But it’s still an advantage over X, and I like software which is secure-by-default.

                                                  1. 1

                                                    How many actual exploits have been found with this?

                                                    They were very common in the ‘90s, when folks ran xhost +. Even now, it’s impossible to write a secure password entry box in X11, so remember that any time you type your password into the graphical sudo equivalents that anything that’s currently connected to your X server could capture it. The reason it’s not exploited in the wild is more down to the fact that *NIX distros don’t really do much application sandboxing and so an application that has convinced a user to run it already has pretty much all of the access that it needs for anything malicious that it wants to do. It’s also helped by the fact that most *NIX users only install things from trusted repositories where it’s less likely that you’ll find malware but expect that to change if installing random snap packages from web sites becomes common.

                                                  2. 4

                                                    It’s good that Wayland allows for sandboxing

                                                    If I wanted to sandbox an X application, I’d run it on a separate X server. Maybe even an Xnest kind of thing.

                                                    I’ve never cared to do this (if I run xnest it is to test network transparency or new window managers or something, not security), so I haven’t tried, but it seems to me it could be done fairly easily if someone really wanted to.

                                                    1. 2

                                                      Whoa, I’ve never heard about the GNOME issues (mostly because I’m in a bubble including sway and emersion, and what they do looks sensible to me). That sucks though, I hope they somehow reconcile.

                                                      Regarding Nvidia I think Simon mentioned something that hinted at them supporting something that has to do with Wayland, but I could just as easily have misunderstood.

                                                    2. 8

                                                      Wayland prohibits your desktop applications from capturing keystrokes or recording other apps’ screens by default

                                                      No, it doesn’t. Theoretically it might enable doing this by modifying the rest of the system too, but in practice (and certainly the default environment) it is still trivial for malware to keylog and record screen on current Wayland desktop *nix installs.

                                                      1. 3

                                                        it is still trivial for malware to keylog and record screen on current Wayland desktop *nix installs.

                                                        I don’t think that’s true. The linked article says recording screens and global hotkeys is “broken” by Wayland. How can it be so trivial for “malware” to do something, and absolutely impossible for anyone else?

                                                        Or is this malware that requires I run it under sudo?

                                                        1. 10

                                                          It’s the difference between doing something properly and just doing it. Malware is happy with the latter while most non malware users are only happy with the former.

                                                          There are numerous tricks you can use if you are malware, from using LD_PRELOAD to inject code and read events first (since everyone uses libwayland this is really easy), to directing clients to connect to your mitm Wayland server, to just using a debugger, and so on and so forth. None of these are really Wayland’s fault, but the existence of them means there is no meaningful security difference on current desktops.

                                                          1. 2

                                                            I don’t know if I agree that the ability to insert LD_PRELOAD in front of another application is equivalent to sending a bytestring to a socket that is already open, but at least I understand what you meant now.

                                                        2. 5

                                                          I’m sick of this keylogger nonsense.

                                                          X11 has a feature which allows you to use the X11 protocol to snoop on keys being sent to other applications. Wayland does not have an equivalent feature.

                                                          Using LD_PRELOAD requires being on the other side of an airtight hatch. It straight-up requires having arbitrary code execution, which you can use to compromise literally anything. This is not Wayland’s fault. Wayland is a better lock for your front door. If you leave your window open, it’s not Wayland’ fault when you get robbed.

                                                          1. 7

                                                            Indeed, it’s not waylands fault, and I said as much in response to the only reply above yours, an hour and 20 minutes before you posted this reply. You’re arguing against a straw man.

                                                            What is the case is that that “airtight hatch” between things that can interact with wayland and things that can do “giant set of evil activities” has been propped wide open pretty much everywhere on desktop linux, and isn’t reasonably easy to close given the rest of desktop software.

                                                            If you were pushing “here’s this new desktop environment that runs everything in secure sandboxes” and it happened to use wayland there would be the possibility of a compelling security argument here. Instead what I see is people making this security argument in a way that could give people the impression it secures things when it doesn’t actually close the barn doors, which is outright dangerous.

                                                            In fact, as far as I know the only desktop *nix OS that does sandbox everything thing is QubesOS, and it looks like they currently run a custom protocol on top of an X server…

                                                            1. 3

                                                              Quoting you:

                                                              Wayland prohibits your desktop applications from capturing keystrokes or recording other apps’ screens by default

                                                              No, it doesn’t.

                                                              Yes, it does. Wayland prohibits Wayland clients from using Wayland to snoop on other Wayland clients. X11 does allow X11 clients to use X11 to snoop on other X11 clients.

                                                              Other features of Linux allow you to circumvent this within the typical use-case, but that’s a criticism of those features moreso than of Wayland, and I’m really tired of it being trotted out in Wayland discussions. Wayland has addressed its part of the problem. Now it’s on the rest of the ecosystem to address their parts. Why do you keep dragging it into the Wayland dicsussion when we’ve already addressed it?

                                                              1. 7

                                                                This

                                                                Wayland prohibits your desktop applications from capturing keystrokes or recording other apps’ screens by default

                                                                And this

                                                                Wayland prohibits Wayland clients from using Wayland to snoop on other Wayland clients.

                                                                Are two very different statements. The latter partially specifies the method of snooping, the former does not.

                                                                Why do you keep dragging it into the Wayland dicsussion when we’ve already addressed it?

                                                                I do not, I merely reply to incorrect claims brought up in support of wayland claiming that it solves a problem that it does not. It might one day become part of a solution to that problem. It might not. It certainly doesn’t solve it by itself, and it isn’t even part of a solution to that problem today.

                                                        3. 4

                                                          X’s design has many flaws, but those flaws are well known and documented, and workarounds and extensions exist to cover a wide range of use cases. Wayland may have a better design regarding modern requirements, but has a hard time catching up with all the work that was invested into making X11 work for everyone over the last decades.

                                                          1. 3

                                                            X’s design has many flaws, but those flaws are well known and documented, and workarounds and extensions exist to cover a wide range of use cases.

                                                            Once mere flaws become security issues it’s a different matter though.

                                                            [Wayland] has a hard time catching up with all the work that was invested into making X11 work for everyone over the last decades.

                                                            This may be true now, but Wayland is maturing as we speak. New tools are being developed, and there isn’t much missing in the realm of protocol extensions to cover the existing most-wanted X features. I see Wayland surpassing X in the next two, three years.

                                                            1. 2

                                                              Yeah, I started to use sway on my private laptop and am really happy with it. Everything works flawlessly, in particular connecting an external HiDPI display and setting different scaling factors (which does not work in X). However, for work I need to be able to share my screen in video calls occasionally and record screencasts with OBS, so I’m still using X there.

                                                          2. 4

                                                            I wonder if X’s security model being “outdated” is partly due to the inexorable slide away from user control. If all your programs are downloaded from a free repo that you trust, you don’t need to isolate every application as if it’s out to get you. Spotify and Zoom on the other hand are out to get you, so a higher level of isolation makes sense, but I would still prefer this to be the exception rather than the rule.

                                                            In practice 99.9% of malicious code that is run on our systems is done via the web browser, which has already solved this problem, albeit imperfectly, and only after causing it in the first place.

                                                            1. 4

                                                              If all your programs are downloaded from a free repo that you trust, you don’t need to isolate every application as if it’s out to get you

                                                              I completely agree, as long as all of my programs are completely isolated from the network and any other source of untrusted data, or are formally verified. Otherwise, I have to assume that they contain bugs that an attacker could exploit and I want to limit the damage that they can do. There is no difference between a malicious application and a benign application that is exploited by a malicious actor.

                                                              1. 1

                                                                all of your programs are completely isolated from the network?

                                                                how are you posting here?

                                                                1. 2

                                                                  They’re not, that’s my point and that’s why I’m happy that my browser runs sandboxed. Just because I trust my browser doesn’t mean that I trust everyone who might be able to compromise it.

                                                                  1. 1

                                                                    that makes sense for a browser, which is both designed to run malicious code and too complex to have any confidence in its security. but like i said i would prefer cases like this to be the exception. if the rest of your programs are relatively simple and well-tested, isolation may not be worth the complexity and risk of vulnerabilities it introduces. especially if the idea that your programs are securely sandboxed leads you to install less trustworthy programs (as appears to be the trend with desktop linux).

                                                                    1. 2

                                                                      Okay, what applications do you run that never consume input from untrusted sources (i.e. do not connect to the network or open files that might come from another application)?

                                                                      1. 1

                                                                        I don’t think you are looking at this right. The isolation mechanism can’t be 100% guaranteed free of bugs any more than an application can. Your rhetorical question is pretty far from what I thought we were discussing so maybe you could rephrase your argument.

                                                            2. 1

                                                              This argument seems similar to what happened with cinnamon-screensaver a few weeks ago:

                                                              https://github.com/linuxmint/cinnamon-screensaver/issues/354#issuecomment-762261555 (responding to https://www.jwz.org/blog/2021/01/i-told-you-so-2021-edition/)

                                                              It’s a good thing for security (and maybe for users in the long term once they work again) that these usecases are broken, but it is not a good thing for users in the short term that these usecases don’t work on Wayland.

                                                            3. 6

                                                              Thank you to the people building Rust. It is the best language I’ve ever used.

                                                              1. 6

                                                                I think most of the frustration with Wayland doesn’t come from Wayland itself per-se, but its authors and the software related to it. People (myself included) dislike the freedesktop/GNOME/systemd/Flatpak centralization of the Linux desktop propagated by Red Hat, and Wayland is an easy target because it’s “coming for your workflow!!”, so to speak. And to be fair, I also dislike the forcing of Wayland with new versions of Fedora (and I think Ubuntu as well, correct me if I’m wrong) because programs that people are used to no longer work. It’s frustrating when your workflow breaks because of things outside your control, and Wayland is the scapegoat in this situation.

                                                                That being said, GNOME people are hardly the easiest people to negotiate with (lol no thumbnails in file picker), and that only stokes the fire.

                                                                1. 4

                                                                  If you don’t want your workflow to be broken, Fedora is the wrong distro for you. It’s very experimental and jumping all the new hotness on principle.

                                                                2. 6

                                                                  Wayland is one of the reasons I moved from Linux to Mac. Anti-systemd horseshit was another. I miss i3 and the technical superiority of the kernel, but it’s difficult to understate how little I miss this drama.

                                                                  1. 4

                                                                    macs still have web browsers that can access hackernews

                                                                    1. 1

                                                                      No, I’m doing this from inside virtualbox so I can browse the web.

                                                                      1. 2

                                                                        then you’re still exposed

                                                                  2. 5

                                                                    The author has suggested that this is not to be taken seriously

                                                                    (it’s an excellent parody, for what it’s worth, and raises some interesting questions)

                                                                    1. 5

                                                                      There are a lot of people in between the two camps not complaining either way. I want to like Wayland really I do, i3 and thus Sway looked realy slick and I was interested enough to try a few times, but came to the conclusion I don’t want a tiling window mangager (regardless of the stack underneath it - why are almost all compositors tiling?!?).

                                                                      Heres my point of view (all .02 worth of it): Wayland doesn’t do anything that is particlarily better for me. The issues with the X11 code base/protocol are not an issue for me so why shouid I switch? Somethings seem like a step backwards for modularity too eg, every compositor needs to implement XYZ so there’s a lot of duplicated effort (I know… wlroots).

                                                                      But then again, I’m just a 50something curmudgeon that’s been running X11 for over 25 years with a cobbled together workflow using WindowChef, sxhkd and some shell scripts. But Hikari is at least a little intriguing and if it gets (more?) scriptable ala windowchef I would give it another go.

                                                                      1. 4

                                                                        Forgive my apparent tone-blindness, but what makes this satire?

                                                                        1. 11

                                                                          This is a parody of this blog post, likely in response to this one.

                                                                        2. 4

                                                                          It seems a bit unfair to post this here after Drew was banned from this forum in my opinion.

                                                                          1. 4

                                                                            Why? Their blog posts are shared often enough here as it is, and authors rarely get right-of-reply here anyway.

                                                                            1. 2

                                                                              The blog posts aren’t going to be shared here anymore (the domain was banned too). I generally don’t think it would be appropriate to have a story on this site whose primary intent is to criticize someone who can’t respond.

                                                                              The point about authors not getting a right to reply is a fair one, but I’d counter that someone would generally extend an invitation to someone being criticized who wanted a chance to respond.

                                                                            2. 4

                                                                              Drew was banned? What happened?

                                                                              1. 6

                                                                                29 hours ago by pushcx: Please go be loudly disappointed in the entire world (and promote sourcehut) somewhere else.

                                                                                I didn’t know this either! I’m going to miss his commentary on a lot of topics (and not miss his commentary on others). @pushcx would you care to elaborate on this? He seemed to have a pretty positive score on a lot of his comments, even though I didn’t personally agree with many of his opinions. Quickly ctrl-f’ing his comment page, I can only see one comment with a score of 0.

                                                                                1. 7

                                                                                  When someone’s account is deleted (by themself or banning), their negative-score comments are deleted. There were a lot with @drewdevault over a long time.

                                                                                  1. 2

                                                                                    Is there a particular reason his domain was banned? There’s plenty of cranky open source folks there with questionable use of language in their rants, and I don’t think he was any worse than, say, ESR.

                                                                                    1. 7

                                                                                      The reason for the domain ban is in the mod log:

                                                                                      Reason: I’m tired of merging hot takes, or cleaning up after the results of his trolling and sourcehut promotion.

                                                                                      1. 2

                                                                                        Ouch. I had read the mod log earlier and was hoping for some clarification, but okay then.

                                                                            3. 4

                                                                              The fact that 2 words can be replaced in this and it being indistinguishable shows how much substance there was in the original

                                                                              1. 10

                                                                                Just going to link this and leave. I’ve spent enough time trying to argue about this.

                                                                                https://drewdevault.com/2021/02/02/Anti-Wayland-horseshit.html

                                                                                1. 23

                                                                                  I wish that rant didn’t get merged into this thread. It doesn’t add anything to the conversation. It’s just yelling and name calling. He also adds the subclass of all the things he hates at the top and throws people who have trouble with Wayland into that circle. I don’t want to attack the person, but DeVault has a long history of acting like this and it’s childish. I feel like that post by itself would be qualified to be flagged.

                                                                                  1. 9

                                                                                    I hope you’re not getting discouraged. The people who complain are always louder than the ones that are grateful, but the ones who are grateful usually outnumber those who complain. I’ve been using Sway for about a year now and am very happy with it (in fact, happier than I am with i3, especially in the area of output handling). Thanks a lot for all the time you (and other contributors) have spent on making Sway/Wayland as great as they are today!

                                                                                  2. 3

                                                                                    This is kind of a cheap shot.

                                                                                    I don’t think Wayland is actually even claiming to be a drop in replacement for Xorg. My understanding is that it’s a radical redesign of the way graphics are handled on *NIX which just happens to have fairly good Xorg compatability shims that work for a bunch of use cases.

                                                                                    It’s also a perfect example of how Linux distributions offer choice to people so they can make informed decisions about which display stack they want to be running.

                                                                                    I’d guess operating systems like *BSD that aren’t married to one or the other offer even more flexibility for their users.

                                                                                    Ubuntu is still shipping stock Xorg, Fedora has moved to Wayland. Pick the distro and environment that works for you, make good educated decisions, and avoid partisan rants like this that don’t actually add much value to the overall conversation. That’s my take.

                                                                                    1. 1

                                                                                      To those in the know - is the input lag an X thing? This wins my vote.

                                                                                      1. 1

                                                                                        As far as I know, this has been clear from the beginning. It’s going to be an inconvenience for a lot of people, it’s going to break things, but we’re getting it anyway because you’ve got to build bypasses.