this post was submitted on 29 Apr 2024
476 points (96.5% liked)
linuxmemes
20880 readers
6 users here now
I use Arch btw
Sister communities:
- LemmyMemes: Memes
- LemmyShitpost: Anything and everything goes.
- RISA: Star Trek memes and shitposts
Community rules
- Follow the site-wide rules and code of conduct
- Be civil
- Post Linux-related content
- No recent reposts
Please report posts and comments that break these rules!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
XOrg and Wayland are two different programs that serve the same purpose, which is to act as a sort of middleman between the graphics driver, the window manager(s), and the many programs you're running.
XOrg is ancient. Early 80s ancient. It's been added to since those days as need arose, and is therefore full of weird messy legacy stuff and jury-rigs. But it is also what Linux has used for a very, very long time, and is therefore like. Ol' Reliable workhorse, yanno?
Wayland is a new and bold step that rewrites the entire system from the ground up to address the shortcomings of XOrg (don't ask me to specify, I actually don't know), it has, however, been criticised for not having (and devs downright not wanting it to have) certain features that XOrg has. But it can also run applications that expect XOrg with a thing (jargon escapes me) called XWayland.
Personally I've used both. And... Uh...
Wayland was a bit faster and smoother maybe? But it also caused some specific applications to misbehave and get all crashy-buggy. But that was a personal experience and may well have been my fault.
Wayland is not a single program. It’s specification and set of basic client/server libraries that can be used to implement a compositor. Compositor are implementations of the Wayland protocol and there are multiple such programs that are different one from another, but generally serve the same purpose and are compatible with the same clients. General idea behind Wayland compositor is that it blends images from different clients into single frame that is then sent to kernel
Wayland is a lot more secure and the way it handles clients is a lot more sane in todays age, but thing is, it is a hell of a lot more complicated if you come from a window manager background, and your choice of applications is incredibly small. Sure you can run a lot of your stuff in XWayland, but what exactly is the point of running wayland if you are going to run less secure X apps with 94% of the same vulnerabilities?
X is less secure, but the security of your system from the outside is far *faaar more important than the security on the inside. Only when an intruder actually infiltrates your system do you have a real concern, and that's only talking about remote access. Physical access given enough time is root access.
A lot of people tout X as being considerably more bloated than wayland which is why the project is basically in maintenance mode, wayland is definitely a lot quicker than X, but X has many reasons including support from literally every single linux application out there, something wayland is very likely never going to acheive even with XWayland.
When running Wayland, one X server is started per X application. So that application won't be able to e.g. keylog others.
I personally don't care about security here, it's all about a flicker free Multi-monitor experience with different refresh rates per monitor. X just can't do that under any circumstances.
I run X in a multi monitor setup with different refreshrates AND resolutions and it is flicker free, I think that honestly is something that comes down more to your window manager or even your graphics rather than just X itself.
That particular vulnerability is one of the 6% that Wayland doesn't have.
Do you have separate scaling factors on the two monitors? I need 100% scaling on one and 175% scaling on the other, which I've not been able to figure out under x11
Yes, one is scaled 2x, I have a 4k60 and a FHD165. I'd recommend doing this with your autostart script using xrandr
Ah, right. That's fine with integer scaling, but if you try to use fractional scaling with xrandr, it gets all blurry. I'll consider 2x scaling though
1.5 scaling works too, I've done it with my laptop with qhd and fhd
I mean I'd be happy to hear the other vulnerabilities then, cause I find it fairly unbelievable you can know how they're handled on every single Wayland compositor
You're missing the point. When you run an x client in wayland, you are still running an x server. Every vulnerability an x server has, xwayland has. I don't need to name anything specific because you can legitimately go and look this up yourself.
Don't think you are fully safe from keylogging in xwayland either, you are only safe from keylogging in wayland apps, xwayland clients can keylog other xwayland clients because x servers can see other x servers, in other words, they are all still very much running seperate PIDs on your system which means at the very least they can still touch each other. XWayland, by default, does not really sandbox clients because why exactly would it need to? Do you realize exactly how much of a feat that would take to truly isolate an x server from the rest of your system? That is an inherent flaw with X itself because X never set out to acheive those goals in the first place.
If you are at the point where you have to be worried about protecting your xsession or wayland session, you need to make a fresh install and tighten your security accordingly. All that tightening down your window manager does is make an attacker go for a lower hanging fruit on your system, that's why you should make your machine unfeasible to even attack in the first place. You can go run around and try to tighten every little nook and cranny, but if someone is determined to get into your system, they will eventually get in. The malicious parties we are trying to defend against with general security practices are not nation state hackers, they are skids and standard malware.
Almost all my apps are Wayland native
This is false. X is not less secure than Wayland. It does have a different security model, which can become insecure if you misuse it. I don't think people really care about situations where multiple user accounts access the same display.
In my opinion, the benefits of xdotool far outweigh any benefits gained by Wayland's security model. It's impossible to make xdotool in Wayland, because of its security model.
X is inherently less secure due to the fact alone that, given enough time, new vulnerabilities will come out that will not be patched because X11 is EOL. Yes it has a different security model, but that security model is not very well implemented because X has an enormous code base that, at the end of the day is still not bug free (nothing is). There is a lot of legacy code contained in X that legitimately does not even have a function because there is nothing around today to use it.
Larger codebase = more moving parts = more code to exploit. That's the benefit to wayland aside from active support by the X/Wayland devs.
Wayland is not a program, it is a protocol. The implementation is in the desktop or Window manager.
cursor.