Nice. I think it makes sense to run Sway on OpenBSD, especially since Wayland/Sway aims to be more secure than X, and OpenBSD cares a lot about security.
Isn’t its “security model” basically isolation (as an end in itself)? It would match openbsd take on decreasing possible points of failure, however when you do need things to interoperate, it actually increases them (dbus+pipewire+portal) while the communication doesn’t seem really made for efficient nor secure data exchange.
Well, I guess it depends what you mean by configuration. But by default since all windows run as the same user, any window can snoop on key presses. Or are you thinking of some other configuration?
The X SECURITY extension can be used to isolate individual connections to the server from data held by other connections if you set it up (which is most commonly - but even there frequently disabled - by ssh’s x forwarding). There’s also one called XACE for “Access Control Extensions” that allow more fine grained things but I’ve never actually seen that used.
Fair, but this needs application support and is not enabled by default isn’t it ?
I was under the impression that Wayland enabled this by default, making the baseline more secure.
It is enabled, but not forced, for the most part (some distros just plain disable it though). But re application support… there’s some adaptations but a lot of programs can work without even a recompile (e.g. the ones compatible with ssh -X today, you just point them at a different DISPLAY), just even if it did take less work, it’d surely be less than porting the whole universe to Wayland!
(speaking of pointing at a different DISPLAY, another option is to run a nested X server for certain applications but yeah, again, you need to take the effort to set it up. I only do that if it is a program I think is going to do something naughty like try to change the display resolution lol)
A lot of this I think is just that some expectations have changed. Like I don’t even consider it a relevant threat model. If I’m running a program on my computer, it doesn’t have to keylog me and try to guess which of the random crap I type is a password vs a lobsters comment. It can just open the passwords.txt file or the cookies.sqlite file or whatever else directly and have its way with my session. So malware wouldn’t even care since if they can keylog or secretly screen share even on a wide open configuration, they likely wouldn’t want to, since they can use that existing access for easier angles of attack anyway.
And I think that’s true for the majority of people, or at least used to be. Now since there’s more push for containerization and whatnot, the situation has changed a little: it is no longer true that access to the display is almost always coupled with access to the user’s files (but let’s be honest it still is most the time). So now there’s a bit more interest in this, but it still seems to be more of just an old meme+ than a serious concern.
the “X lets anyone read other windows!” thing is old, i recall bringing this up to laugh at many years ago, iirc it was in the Unix Hater’s Handbook (edit: actually i checked that and can’t find it in there, so maybe not THAT old, but i know it has been around for a while), though part of why I push back on these is i tried it and found it didn’t always work, since the potential solutions are almost as old as the meme! (XSECURITY came out in 1996). It also used to be common to allow this - Windows, for example, also let top level windows hook other top level windows. They changed that with Vista and UAC… and then backed off a bit with Windows 7 since it was more annoying than useful. (Fun fact: the X Access Control Extension, which was meant to generalize and expand the simpler security model from ’96, comes from this same era; v1 was 2006, months apart from Windows Vista, v2.x 2008-2009, weeks away from Windows 7. But it never really took off, again, I think because if a program can access your X display it can probably access your user files too anyway so meh.
But again, times are changing a bit nowdays with containers and app stores and whatnot so it is fair to revisit the question. What irks me though is people seem to have completely forgotten about the work already done to answer the question in a rush to throw out the old and rewrite the new.
Yeah, unfortunately in general the concept of “user” as logical separation for users is quite outdated, though it’s getting better and better.
I understand why it’s there, since it’s quite an old program and requirements are much more advanced now than they used to be.
Its track record for security and its concepts irks me quite a bit though and hopefully with Wayland we get better things (although, still written in a memory unsafe language, and not completely at feature parity yet for normal user facing things).
From my understanding of what you said though, it means that activating those security extensions means breaking some applications that don’t support it though, is that right ? If that’s the case that’s quite a bad one, even for security concern to break existing things like that ~.
And yeah I know about those nested X and stuff, it’s just annoying to setup and you lose some things (not sure but on top of my head, the clipboard ?).
Desktop isolation needs quite a bit of work on linux to get better. Android / ChromeOS seems to fare much better on that aspect.
I used to use i3, then switched to Sway several years ago. In the beginning, there were many incompatible programs. Some did not start, some had menus pop up in the wrong place and some had font issues. Android Studio was especially troublesome. This is not the case anymore and I have not had a single Wayland-related problem that I can think of for the last 6-12 months at least. Firefox supporting Wayland directly helped a lot.
Finding equivalent tools from the ones you are used to from X is probably the biggest obstacle. For example using wl-copy and wl-paste instead of xsel/xclip/etc.
Oooooh, I had completely missed the memo that OpenBSD finally has viable non-X options (which for years has been my hard dealbreaker on why I couldn’t use OBSD on anything other than servers). Looks from the ports tree that this is a pretty recent addition. How’s the performance/acceleration story?
as I wrote looks “OK”, but if you need to do critical stuff I would stick a bit longer to X11, otherwise I think is very usable, personally I don’t like i3 and the supercomplex config and set up it has (in comparative with cwm), but it’s okay to use. The point of the article was to people try Wayland and friends.
Unrelated to the content, which I enjoyed, a:visited links have the same color/style as regular text, this makes it hard to find links one has already visited.
They have a different mouse-over behaviour so, if you’re not using a touch screen, you get the same experience as in a point-and-click adventure game, where you have to find the things in the scenery that you can click on.
My question is: does it make sense? I remember seeing a question about having a tiling manager in the base system (or configuring cwm to act as one?) and I’m wondering what the benefit would be of running Wayland on OpenBSD.
Wayland fans seem to think it’s better because it is Wayland and if pressed for technical reasons this boils down to because it is not X11.
Wayland does nothing I want and X11 works fine for me. The only Wayland desktops I’ve seen are terrible broken junk: the worst of X11 brought over to a new protocol, where when your window manager crashes you lose everything.
I have yet to find any intelligent technological arguments for it, and the tooling and the advocacy very definitely is not persuading me. Even the systemd fans can argue why it’s good, but not the Wayland fans.
Wayland fans seem to think it’s better because it is Wayland
The are a number of concrete technical benefits to Wayland in general but the one benefit which would be difficult to retrofit into Xorg is input/output isolation. The wayland model does not by default give clients the ability to listen to input going to other windows. It also does not by default give clients the ability to read on screen contents. To my knowledge it’s possible to fix this in X11 but it changes a fundamental assumption in the model and would cause breakage in many pre-existing applications.
Is that a real threat? Has anyone ever exploited it?
I am aware of many people saying that Wayland is better from a technical POV but I have yet to see a single analysis that persuades me it is true. I welcome pointers to such. In writing, please, life is much too short for video.
Is that a real threat? Has anyone ever exploited it?
It is a real threat. It makes keylogging trivial. Even if no one has ever exploited this in the past, that itself is not protection from someone exploiting it in the future.
I am aware of many people saying that Wayland is better from a technical POV
The one technical advantage that cannot be replicated in X11 (without changing what X11 is) is the minimum complexity of the codebase. A base-level wayland compositor can be simpler than a base-level X11 server since it does not have to support decades worth of obsolete standards.
There are other technical advantages in contemporary wayland compositor implementations over Xorg but they are more purely implementation advantages and not necessarily things which couldn’t be added to Xorg with more engineering investment.
To my knowledge it’s possible to fix this in X11 but it changes a fundamental assumption in the model and would cause breakage in many pre-existing applications.
eeeh, it is “just” flipping a switch. The implementation has been there for ages, it is just disabled by default (i’d say because it didn’t solve a real world problem…). If the feature is enabled, this is the difference between ssh -X and ssh -Y - -X enables that isolation, -Y disables it. There’s more fine-grained things in the code too, but they have even less real world use and support than this.
Of course, once you flip the switches, some applications are gonna break. …But fewer than rewriting the entire gui ecosystem to wayland lol.
I don’t think it’s quite that simple. From the ssh man page in Debian:
-X Enables X11 forwarding. This can also be specified on a per-host
basis in a configuration file.
...
(Debian-specific: X11 forwarding is not subjected to X11 SECURITY
extension restrictions by default, because too many programs cur‐
rently crash in this mode. Set the ForwardX11Trusted option to
“no” to restore the upstream behavior. This may change in
future depending on client-side improvements.)
Of course, once you flip the switches, some applications are gonna break. …But fewer than rewriting the entire gui ecosystem to wayland lol.
Perhaps. I’m not well-versed in all the issues nor the ecosystem so I can’t really say either way what would have been the right call. I’m trusting the relevant parties looked at all the pros and cons to both approaches and chose appropriately. Is it easy to run local clients with the security restrictions enabled without using ssh? I’m curious to see how many things break.
Well I tried Xorg (cwm) again because everyone kept talking about how there is no difference. I guess for me what I noticed was just that Xorg was slower, touchpad gestures didn’t work, font rendering was worse. Small things like that differed, Wayland felt more polished.
This is, I am afraid, almost a textbook example of the sort of response I mean.
To parody it:
“I was told that a Boeing 747 was not an environmentally friendly mode of transport, so I tried a dugout canoe instead. It was much worse.”
That is not a fair comparison. cwm is one of the oldest window managers in existence; it is extremely primitive by definition.
I personally detest things like trackpad gestures and disable them wherever possible, but if you want to do a fair comparison, it should be a modern environment. GNOME or KDE, much as I dislike both, not some relic from the 1980s.
Hey I actually really like cwm and use the equivalent on Wayland (hikari), that’s why I went back to check cwm to see if it makes a difference… I’m still not sure why it’d perform bad because it’s older, the resource constraints were much higher in the past.
And I also love touchpad gestures like two finger swipe to browse search history, so we can agree to disagree? AFAIK that isn’t in Gnome for the xorg version at least when I tried the last time.
It’s fascinating that the differences you are pointing out are purely application level. Neither X11 or Wayland render fonts, and both of them leave gesture recognition up to programs.
As far as I can tell, X11 to Wayland doesn’t change much for users. The big thing to fix with X11 is the developer experience.
Unfortunately, it seems like Wayland started off promising here, but went off the rails early on. Trying to support all the Wayland conpositors involves s game of extension juggling and whack-a-mole as everyone does something incompatible for basic required functionality.
Yeah can be, like I am not married to either approach, I just noticed that everything I want to do works better on Wayland, and that’s why I prefer it and listed some of the reasons. I think that should be sufficient.
I am not saying there is anything wrong with CWM. I am sure it is fine if that is what you want.
What I am saying is 2 different things here.
CWM is 20 years old based on code that is 30 years old so if you want to compare the cosmetics of X11 with those of Wayland it is something close to the worst thing you could choose. It’s extremely primitive.
I am not talking about cosmetics. I don’t care much about cosmetics. I am arguing that X11 works fine, does all I need, works on Linux, macOS, FreeBSD, NetBSD, OpenBSD, DragonflyBSD, Minix, QNX, 9front – all of which I have had running and have written about this century – and dozens of other OSes both FOSS and proprietary. X.org is a vital piece of internet and computing infrastructure.
To say “meh, X11 is obsolete, Wayland is newer and the fonts look better” is to ignore its crucial, pivotal role in interconnecting xNix computers for something like 40 years now.
If you like trackpad gestures, enjoy. I turn my trackpads off and the main computer I’m writing on doesn’t have one. I don’t hate them but a decent mouse is a far better pointing device for me and if I can’t have one of them, I prefer a trackpoint, mainly because they have 3 physical buttons and I use my middle button hundreds and hundreds of times a day.
I have 2 separate 27” displays. I don’t want or need virtual desktops. I have real ones.
If you don’t want that, no problem. Good for you. Enjoy. I am not saying you are wrong. I am just saying I don’t want what you want.
Summary:
What I am saying here is “Wayland looks nicer” is a deeply inadequate argument.
My ill-informed take is that X11 is so complex that nobody work on it anymore. Thus Wayland.
I’m currently in the process of switching to Wayland and it fixes many small glitches I always had with X11 (such as flickering during some video, displaying my screen for one second when opening the lid, despite needing the password, scrolling being not smooth in lot of application, etc). Also, cool new applications are primary for wayland only (such as the “foot” terminal)
Could all of this be fixed in X11? Probably
Would it be better to fix this in X11? Probably.
Is anyone willing to fix that? It seems that nobody is willing to work on those 10 or 15 years old bug
I’m still unsure if it worth adopting Wayland but I must admit that I’m a sheep here.
Our suggestion for anyone who wants to see the X Window System live is to urgently start working out what must be retained, and revive the X12 initiative. Junk as much legacy as possible. X.org recently dropped byte-swapped clients, so make X12 little-endian only – the endianness holy war is over. Only allow true color, 24-bit (or higher) or nothing. No modern X environment uses a font server, drop them. Some of this was already being discussed [PDF] in 2005. Today, maybe render directly to OpenVG or Vulkan.
Why not just consider Wayland as X12? Applications written for X11 wouldn’t be compatible with an X12 server and vice-versa, so there is no essential difference to a user between “Wayland” and what “X12” would be.
Sarcasm does not translate, even to Americans, so for clarity, I am trying to show why this does not fly as an answer.
Why not just consider Notepad as the next version of Vim?
Notepad does all I want. It’s much easier to use, it has a much more attractive user interface – I hate that boring black-on-white text look, and the fonts aren’t even proportionally space, let alone anti-aliased! It’s so ugly! Notepad is clean and sharp, it has handy scrollbars, I love the drop-down menus which use the same keystrokes as all other Windows apps.
Vim is just ugly, and it has weird keystrokes, so I hate it. Notepad is much better, so I have got other Notepad fans together and we’re going to have Vim removed from all Linux distros. I did some research and the chap that wrote it is dead, so we have asked Github to mark the code repository as frozen as a memorial to him.
Translation:
X does lots of things Wayland can’t. X is a standard across many tens, maybe even over 100 different OSes, of which maybe 2 or 3 will ever get Wayland ports. It does not do what X does, and it never can and never will, because what X does is not important to the Wayland developers.
What Wayland fans talk about, like video tearing or screens blinking or refresh rates, does not matter to me. I don’t care. I don’t want it, I can’t see it, and my vision (20:20 with glasses, thanks) is not going to miraculously improve in my 60s and 70s, so I never will care.
To me, that stuff is trivial and unimportant cosmetic features, while I am talking about core functionality.
I care about rich driver support, smooth interop between different GPUs, OSes, and the dozens of desktops and things out there. I care about it working with 9front or QNX way more than I care about the latest spaceheater GPU. I care about a GUI that works on my 11-year-old Thinkpad whose GPU I can’t replace, and I do not care about new GPUs because I am not a gamer.
Wayland is not X12 because Wayland does not do the core functions that X 1-11 have been doing for 40 years. I don’t care about the fringe stuff Wayland does, but I care very much about the fact that it doesn’t support any desktop I would ever want to use, it doesn’t work on about 98% of the OSes that interest me, and it doesn’t work on the GPUs I actually own.
Wayland is not X12 because Wayland does not do the core functions that X 1-11 have been doing for 40 years.
My point is just that, if a serious X12 effort ever did get underway, it would likely be very similar to Wayland except with a different wire protocol. It would also have all of the drawbacks that you see with Wayland (less OS support, less GPU support, backwards incompatible).
Notepad is much better, so I have got other Notepad fans together and we’re going to have Vim removed from all Linux distros.
I appreciated the analogy but this part doesn’t seem quite right. There is no explicit effort to remove X from distros. The issue is that X has no developers aside from the ones working on Xwayland. As it looks now, Xwayland will be developed for the foreseeable future and will be available on all popular distros. Xwayland allows you to run local and remote X clients on Wayland with a high degree of compatibility. X isn’t going anywhere and will remain with us.
I care about rich driver support, smooth interop between different GPUs, OSes, and the dozens of desktops and things out there. I care about it working with 9front or QNX way more than I care about the latest spaceheater GPU. I care about a GUI that works on my 11-year-old Thinkpad whose GPU I can’t replace, and I do not care about new GPUs because I am not a gamer.
To be fair these are all implementation issues that can be fixed and in some cases are being fixed.
it would likely be very similar to Wayland except with a different wire protocol
I don’t think so, no. I tried to sketch out a few ideas in the article I linked to upthread. X.org recently dropped byte-swapped server support. In today’s x86-dominated world, where the only version of POWER that is supported by most distros is pp64cle – in other words, 64-bit little-endian – it’s easy to forget that lots of older CPU architectures were big-endian, including lots of xNix machines.
So, drop that. What I am urging is to ruthlessly prune the single modern FOSS implementation of X of all the legacy stuff that no modern computer still uses or that’s hard to support.
So, let’s say – with the disclaimer that I do not understand X deeply – 32-bit only (no monochrome or low-colour-depth clients), no font servers as I believe nothing uses them any more, maybe even IPv6 only.
Something that is enough like X <= 11 that old code could be adapted or even put through some form of convertor gateway, but that can drop large chunks of the API and the codebase, while still remaining recognisably X.
Or, failing that, something that is more Unixy, something resembling Rio – windows as entities in the filesystem.
Or, replace the entire conceptual stack with something altogether more powerful and capable, such as @crazyloglad’s Arcan. I barely understand that at all but what I dimly grasp I like.
But all I have read about and seen of Wayland strikes me as both completely failing to understand the thing that it seeks to replace – a dismally common problem in the 21st century Unix world – and also profoundly lacking in vision and ambition. It’s trying to do a crappy little subset of what X.org does and embed it into window managers. It’s a bad idea, badly imagined, crappily described and crappily implemented.
But its fans coo over its superficial shininess without understanding what a sad broken little thing it is.
I want a lot more than that, if its developers propose throwing forty years of R&D in the bin.
Well if Xorg does what you need, I don’t see the need to change either. But you argue that everyone who uses Wayland are doing it only because it’s new and “not X”, and I don’t think that’s fair. I gave my reasons why Wayland worked better for me, and I don’t think the reasons are “pure cosmetics”. Even if they were pure cosmetics, I think that’d be a perfectly valid reason too for end users to pick Wayland.
It can be that there are no technical merits, and everything done in Wayland can be done in Xorg, then I am happy to try Xorg again when things render as nicely and gestures work (it can be that they already do on Gnome etc., I just like the cwm workflow).
Again, you are missing the point. Fedora 39 dropped KDE on X11. Fedora 40 dropped GNOME on X11. Soon it will drop X11 completely.
Ubuntu has defaulted to Wayland for years now.
The point is that soon I will not have a choice. The thing I want and like is being taken away from me against my will because people who use tools I can’t stand (like GNOME, and KDE, and tiling WMs) don’t see the need for what I like. Just as they took away my menu bars, and standarised keyboard UIs, and much else besides.
The attitude is “if we don’t need this stuff, nobody needs it” and that is bad and wrong.
But you argue that everyone who uses Wayland are doing it only because it’s new and “not X”
Yes, that is my perception. No effort is being given to seeing what and why the existing perfectly good tools are preferred by tens of thousands of people and dozens of different (i.e. non-Linux) OSes.
It violates a basic rule of reasoning called Chesterton’s Fence:
Nice. I think it makes sense to run Sway on OpenBSD, especially since Wayland/Sway aims to be more secure than X, and OpenBSD cares a lot about security.
Isn’t its “security model” basically isolation (as an end in itself)? It would match openbsd take on decreasing possible points of failure, however when you do need things to interoperate, it actually increases them (dbus+pipewire+portal) while the communication doesn’t seem really made for efficient nor secure data exchange.
I guess the question is: Is Wayland/Sway what it aims to be?
I’m still on FreeBSD and i3/X. I really would like to know, from the experienced folks here, whether Wayland/Sway is as secure and stable.
Well, on X any window can snoop on your clipboard / keyboard presses. Too bad for your passwords.
This is not true in general; it depends on your configuration.
Well, I guess it depends what you mean by configuration. But by default since all windows run as the same user, any window can snoop on key presses. Or are you thinking of some other configuration?
The X SECURITY extension can be used to isolate individual connections to the server from data held by other connections if you set it up (which is most commonly - but even there frequently disabled - by ssh’s x forwarding). There’s also one called XACE for “Access Control Extensions” that allow more fine grained things but I’ve never actually seen that used.
Fair, but this needs application support and is not enabled by default isn’t it ? I was under the impression that Wayland enabled this by default, making the baseline more secure.
It is enabled, but not forced, for the most part (some distros just plain disable it though). But re application support… there’s some adaptations but a lot of programs can work without even a recompile (e.g. the ones compatible with ssh -X today, you just point them at a different DISPLAY), just even if it did take less work, it’d surely be less than porting the whole universe to Wayland!
(speaking of pointing at a different DISPLAY, another option is to run a nested X server for certain applications but yeah, again, you need to take the effort to set it up. I only do that if it is a program I think is going to do something naughty like try to change the display resolution lol)
A lot of this I think is just that some expectations have changed. Like I don’t even consider it a relevant threat model. If I’m running a program on my computer, it doesn’t have to keylog me and try to guess which of the random crap I type is a password vs a lobsters comment. It can just open the passwords.txt file or the cookies.sqlite file or whatever else directly and have its way with my session. So malware wouldn’t even care since if they can keylog or secretly screen share even on a wide open configuration, they likely wouldn’t want to, since they can use that existing access for easier angles of attack anyway.
And I think that’s true for the majority of people, or at least used to be. Now since there’s more push for containerization and whatnot, the situation has changed a little: it is no longer true that access to the display is almost always coupled with access to the user’s files (but let’s be honest it still is most the time). So now there’s a bit more interest in this, but it still seems to be more of just an old meme+ than a serious concern.
But again, times are changing a bit nowdays with containers and app stores and whatnot so it is fair to revisit the question. What irks me though is people seem to have completely forgotten about the work already done to answer the question in a rush to throw out the old and rewrite the new.
Okay, thanks I learned quite a bit from that!
Yeah, unfortunately in general the concept of “user” as logical separation for users is quite outdated, though it’s getting better and better.
I understand why it’s there, since it’s quite an old program and requirements are much more advanced now than they used to be.
Its track record for security and its concepts irks me quite a bit though and hopefully with Wayland we get better things (although, still written in a memory unsafe language, and not completely at feature parity yet for normal user facing things).
From my understanding of what you said though, it means that activating those security extensions means breaking some applications that don’t support it though, is that right ? If that’s the case that’s quite a bad one, even for security concern to break existing things like that ~.
And yeah I know about those nested X and stuff, it’s just annoying to setup and you lose some things (not sure but on top of my head, the clipboard ?).
Desktop isolation needs quite a bit of work on linux to get better. Android / ChromeOS seems to fare much better on that aspect.
I used to use i3, then switched to Sway several years ago. In the beginning, there were many incompatible programs. Some did not start, some had menus pop up in the wrong place and some had font issues. Android Studio was especially troublesome. This is not the case anymore and I have not had a single Wayland-related problem that I can think of for the last 6-12 months at least. Firefox supporting Wayland directly helped a lot.
Finding equivalent tools from the ones you are used to from X is probably the biggest obstacle. For example using wl-copy and wl-paste instead of xsel/xclip/etc.
This page has a nice overview: https://arewewaylandyet.com/
[Comment removed by author]
What’s the story on the adorable miniature server rack, @gonzalo?
https://tarlin-capsule.jp/product/299
I think it’s from a capsule toy machine. I found some more infomation on reddit
Oooooh, I had completely missed the memo that OpenBSD finally has viable non-X options (which for years has been my hard dealbreaker on why I couldn’t use OBSD on anything other than servers). Looks from the ports tree that this is a pretty recent addition. How’s the performance/acceleration story?
as I wrote looks “OK”, but if you need to do critical stuff I would stick a bit longer to X11, otherwise I think is very usable, personally I don’t like i3 and the supercomplex config and set up it has (in comparative with cwm), but it’s okay to use. The point of the article was to people try Wayland and friends.
Unrelated to the content, which I enjoyed,
a:visitedlinks have the same color/style as regular text, this makes it hard to find links one has already visited.They have a different mouse-over behaviour so, if you’re not using a touch screen, you get the same experience as in a point-and-click adventure game, where you have to find the things in the scenery that you can click on.
yeah, kinda like a kinder surprise link :D
My question is: does it make sense? I remember seeing a question about having a tiling manager in the base system (or configuring cwm to act as one?) and I’m wondering what the benefit would be of running Wayland on OpenBSD.
Agreed.
Wayland fans seem to think it’s better because it is Wayland and if pressed for technical reasons this boils down to because it is not X11.
Wayland does nothing I want and X11 works fine for me. The only Wayland desktops I’ve seen are terrible broken junk: the worst of X11 brought over to a new protocol, where when your window manager crashes you lose everything.
I have yet to find any intelligent technological arguments for it, and the tooling and the advocacy very definitely is not persuading me. Even the systemd fans can argue why it’s good, but not the Wayland fans.
The are a number of concrete technical benefits to Wayland in general but the one benefit which would be difficult to retrofit into Xorg is input/output isolation. The wayland model does not by default give clients the ability to listen to input going to other windows. It also does not by default give clients the ability to read on screen contents. To my knowledge it’s possible to fix this in X11 but it changes a fundamental assumption in the model and would cause breakage in many pre-existing applications.
Is that a real threat? Has anyone ever exploited it?
I am aware of many people saying that Wayland is better from a technical POV but I have yet to see a single analysis that persuades me it is true. I welcome pointers to such. In writing, please, life is much too short for video.
It is a real threat. It makes keylogging trivial. Even if no one has ever exploited this in the past, that itself is not protection from someone exploiting it in the future.
The one technical advantage that cannot be replicated in X11 (without changing what X11 is) is the minimum complexity of the codebase. A base-level wayland compositor can be simpler than a base-level X11 server since it does not have to support decades worth of obsolete standards.
There are other technical advantages in contemporary wayland compositor implementations over Xorg but they are more purely implementation advantages and not necessarily things which couldn’t be added to Xorg with more engineering investment.
eeeh, it is “just” flipping a switch. The implementation has been there for ages, it is just disabled by default (i’d say because it didn’t solve a real world problem…). If the feature is enabled, this is the difference between
ssh -Xandssh -Y--Xenables that isolation,-Ydisables it. There’s more fine-grained things in the code too, but they have even less real world use and support than this.Of course, once you flip the switches, some applications are gonna break. …But fewer than rewriting the entire gui ecosystem to wayland lol.
I don’t think it’s quite that simple. From the ssh man page in Debian:
Perhaps. I’m not well-versed in all the issues nor the ecosystem so I can’t really say either way what would have been the right call. I’m trusting the relevant parties looked at all the pros and cons to both approaches and chose appropriately. Is it easy to run local clients with the security restrictions enabled without using ssh? I’m curious to see how many things break.
Oh good grief, time to adjust my .ssh/config sigh.
Well I tried Xorg (cwm) again because everyone kept talking about how there is no difference. I guess for me what I noticed was just that Xorg was slower, touchpad gestures didn’t work, font rendering was worse. Small things like that differed, Wayland felt more polished.
This is, I am afraid, almost a textbook example of the sort of response I mean.
To parody it:
“I was told that a Boeing 747 was not an environmentally friendly mode of transport, so I tried a dugout canoe instead. It was much worse.”
That is not a fair comparison. cwm is one of the oldest window managers in existence; it is extremely primitive by definition.
I personally detest things like trackpad gestures and disable them wherever possible, but if you want to do a fair comparison, it should be a modern environment. GNOME or KDE, much as I dislike both, not some relic from the 1980s.
Hey I actually really like cwm and use the equivalent on Wayland (hikari), that’s why I went back to check cwm to see if it makes a difference… I’m still not sure why it’d perform bad because it’s older, the resource constraints were much higher in the past.
And I also love touchpad gestures like two finger swipe to browse search history, so we can agree to disagree? AFAIK that isn’t in Gnome for the xorg version at least when I tried the last time.
It’s fascinating that the differences you are pointing out are purely application level. Neither X11 or Wayland render fonts, and both of them leave gesture recognition up to programs.
As far as I can tell, X11 to Wayland doesn’t change much for users. The big thing to fix with X11 is the developer experience.
Unfortunately, it seems like Wayland started off promising here, but went off the rails early on. Trying to support all the Wayland conpositors involves s game of extension juggling and whack-a-mole as everyone does something incompatible for basic required functionality.
Yeah can be, like I am not married to either approach, I just noticed that everything I want to do works better on Wayland, and that’s why I prefer it and listed some of the reasons. I think that should be sufficient.
You’re missing my point.
I am not saying there is anything wrong with CWM. I am sure it is fine if that is what you want.
What I am saying is 2 different things here.
CWM is 20 years old based on code that is 30 years old so if you want to compare the cosmetics of X11 with those of Wayland it is something close to the worst thing you could choose. It’s extremely primitive.
I am not talking about cosmetics. I don’t care much about cosmetics. I am arguing that X11 works fine, does all I need, works on Linux, macOS, FreeBSD, NetBSD, OpenBSD, DragonflyBSD, Minix, QNX, 9front – all of which I have had running and have written about this century – and dozens of other OSes both FOSS and proprietary. X.org is a vital piece of internet and computing infrastructure.
To say “meh, X11 is obsolete, Wayland is newer and the fonts look better” is to ignore its crucial, pivotal role in interconnecting xNix computers for something like 40 years now.
I have 2 separate 27” displays. I don’t want or need virtual desktops. I have real ones.
If you don’t want that, no problem. Good for you. Enjoy. I am not saying you are wrong. I am just saying I don’t want what you want.
Summary:
What I am saying here is “Wayland looks nicer” is a deeply inadequate argument.
My ill-informed take is that X11 is so complex that nobody work on it anymore. Thus Wayland.
I’m currently in the process of switching to Wayland and it fixes many small glitches I always had with X11 (such as flickering during some video, displaying my screen for one second when opening the lid, despite needing the password, scrolling being not smooth in lot of application, etc). Also, cool new applications are primary for wayland only (such as the “foot” terminal)
Could all of this be fixed in X11? Probably Would it be better to fix this in X11? Probably. Is anyone willing to fix that? It seems that nobody is willing to work on those 10 or 15 years old bug
I’m still unsure if it worth adopting Wayland but I must admit that I’m a sheep here.
Yes, that is my impression. But AFAICS nobody has seriously looked at just simplifying X instead.
There is an extremely loose sketch of an idea for X12 on X.org.
I made some suggestions in this article:
Why not just consider Wayland as X12? Applications written for X11 wouldn’t be compatible with an X12 server and vice-versa, so there is no essential difference to a user between “Wayland” and what “X12” would be.
Sarcasm does not translate, even to Americans, so for clarity, I am trying to show why this does not fly as an answer.
Why not just consider Notepad as the next version of Vim?
Notepad does all I want. It’s much easier to use, it has a much more attractive user interface – I hate that boring black-on-white text look, and the fonts aren’t even proportionally space, let alone anti-aliased! It’s so ugly! Notepad is clean and sharp, it has handy scrollbars, I love the drop-down menus which use the same keystrokes as all other Windows apps.
Vim is just ugly, and it has weird keystrokes, so I hate it. Notepad is much better, so I have got other Notepad fans together and we’re going to have Vim removed from all Linux distros. I did some research and the chap that wrote it is dead, so we have asked Github to mark the code repository as frozen as a memorial to him.
Translation:
X does lots of things Wayland can’t. X is a standard across many tens, maybe even over 100 different OSes, of which maybe 2 or 3 will ever get Wayland ports. It does not do what X does, and it never can and never will, because what X does is not important to the Wayland developers.
What Wayland fans talk about, like video tearing or screens blinking or refresh rates, does not matter to me. I don’t care. I don’t want it, I can’t see it, and my vision (20:20 with glasses, thanks) is not going to miraculously improve in my 60s and 70s, so I never will care.
To me, that stuff is trivial and unimportant cosmetic features, while I am talking about core functionality.
I care about rich driver support, smooth interop between different GPUs, OSes, and the dozens of desktops and things out there. I care about it working with 9front or QNX way more than I care about the latest spaceheater GPU. I care about a GUI that works on my 11-year-old Thinkpad whose GPU I can’t replace, and I do not care about new GPUs because I am not a gamer.
Wayland is not X12 because Wayland does not do the core functions that X 1-11 have been doing for 40 years. I don’t care about the fringe stuff Wayland does, but I care very much about the fact that it doesn’t support any desktop I would ever want to use, it doesn’t work on about 98% of the OSes that interest me, and it doesn’t work on the GPUs I actually own.
My point is just that, if a serious X12 effort ever did get underway, it would likely be very similar to Wayland except with a different wire protocol. It would also have all of the drawbacks that you see with Wayland (less OS support, less GPU support, backwards incompatible).
I appreciated the analogy but this part doesn’t seem quite right. There is no explicit effort to remove X from distros. The issue is that X has no developers aside from the ones working on Xwayland. As it looks now, Xwayland will be developed for the foreseeable future and will be available on all popular distros. Xwayland allows you to run local and remote X clients on Wayland with a high degree of compatibility. X isn’t going anywhere and will remain with us.
To be fair these are all implementation issues that can be fixed and in some cases are being fixed.
I don’t think so, no. I tried to sketch out a few ideas in the article I linked to upthread. X.org recently dropped byte-swapped server support. In today’s x86-dominated world, where the only version of POWER that is supported by most distros is
pp64cle– in other words, 64-bit little-endian – it’s easy to forget that lots of older CPU architectures were big-endian, including lots of xNix machines.So, drop that. What I am urging is to ruthlessly prune the single modern FOSS implementation of X of all the legacy stuff that no modern computer still uses or that’s hard to support.
So, let’s say – with the disclaimer that I do not understand X deeply – 32-bit only (no monochrome or low-colour-depth clients), no font servers as I believe nothing uses them any more, maybe even IPv6 only.
Something that is enough like X <= 11 that old code could be adapted or even put through some form of convertor gateway, but that can drop large chunks of the API and the codebase, while still remaining recognisably X.
Or, failing that, something that is more Unixy, something resembling Rio – windows as entities in the filesystem.
Or, replace the entire conceptual stack with something altogether more powerful and capable, such as @crazyloglad’s Arcan. I barely understand that at all but what I dimly grasp I like.
But all I have read about and seen of Wayland strikes me as both completely failing to understand the thing that it seeks to replace – a dismally common problem in the 21st century Unix world – and also profoundly lacking in vision and ambition. It’s trying to do a crappy little subset of what X.org does and embed it into window managers. It’s a bad idea, badly imagined, crappily described and crappily implemented.
But its fans coo over its superficial shininess without understanding what a sad broken little thing it is.
I want a lot more than that, if its developers propose throwing forty years of R&D in the bin.
Well if Xorg does what you need, I don’t see the need to change either. But you argue that everyone who uses Wayland are doing it only because it’s new and “not X”, and I don’t think that’s fair. I gave my reasons why Wayland worked better for me, and I don’t think the reasons are “pure cosmetics”. Even if they were pure cosmetics, I think that’d be a perfectly valid reason too for end users to pick Wayland.
It can be that there are no technical merits, and everything done in Wayland can be done in Xorg, then I am happy to try Xorg again when things render as nicely and gestures work (it can be that they already do on Gnome etc., I just like the cwm workflow).
Again, you are missing the point. Fedora 39 dropped KDE on X11. Fedora 40 dropped GNOME on X11. Soon it will drop X11 completely.
Ubuntu has defaulted to Wayland for years now.
The point is that soon I will not have a choice. The thing I want and like is being taken away from me against my will because people who use tools I can’t stand (like GNOME, and KDE, and tiling WMs) don’t see the need for what I like. Just as they took away my menu bars, and standarised keyboard UIs, and much else besides.
The attitude is “if we don’t need this stuff, nobody needs it” and that is bad and wrong.
Yes, that is my perception. No effort is being given to seeing what and why the existing perfectly good tools are preferred by tens of thousands of people and dozens of different (i.e. non-Linux) OSes.
It violates a basic rule of reasoning called Chesterton’s Fence:
https://fs.blog/chestertons-fence/
You don’t?
Huh. They sounded like it to me, yes, very much so.
Trackpad gestures work on lots of OSes, desktops and display servers. There’s nothing Waylandish about them.
Again, you miss the core point here.
A perfectly valid reason for some people to pick Tool B is not a good enough reason to abolish Tool A.
Does anyone have experience with OpenSSH X11 forwarding on Wayland? Sometimes convenient to have a “no-setup, just quickly let me do this” option.
I don’t believe this is supported at all.
the wayland way of accomplishing this is waypipe i believe (https://gitlab.freedesktop.org/mstoeckl/waypipe).
its still rough around the edges IMHO, maybe once more people are forced off X it’ll get some better documentation and tooling.