this post was submitted on 23 Mar 2024
227 points (96.7% liked)
Linux
48181 readers
1503 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I keep seeing people say this, and nobody ever gives any sensible reasons for why they believe this.
Do you honestly think X11 has a better design than wayland? Do you think every single app should have permissions to screen record without you knowing, to keylog without you knowing? That mixed refresh rates (without hacks) should be impossible, that mixed display scaling should be impossible, etc? X11 just seems fundamentally broken from the ground up, I have no idea what of x11's design is better in any way.
I'll grant you there's some implementation issues right now, but design is absolutely not a place where x11 wins. There is not a single X11 developer who would agree with you that the design of X11 is better than wayland, not even one.
Can you point me to a single notable breach that happened because of this?
Classical security thinking is that if you have a compromised app running, it's all over anyway, and it's time to wipe and reinstall. Luckily, this isn't a problem on Linux because packages are vetted by distributions maintainers... unless...
Unless the new plan is to transition from that to flatpak proprietary stores packaged by unknown developers, giving us trashware app stores like on Android and Windows.
Sure, if you expect to run proprietary malware on Linux then some protection might be useful. But then you're just running a shitty version of Windows, and not getting the historical cultural benefits of Linux anyway. Might as well run Windows.
That is NOT classical security thinking AT ALL, and anybody who told you that is lying to you. Classic security thinking says minimize the surface area of attack...
...I'm sorry but your core argument seems to be "it's okay that clients can do literally whatever they want because if you run anything proprietary you should be using windows" and I don't understand this all-or-nothing stance. Do you expect me to vet every line of code that runs on my PC to make sure it's safe? Do you think everyone should do that? Do you think the operating system should be designed so that grandmas are required to read code before they install software?
I'm sorry but this is just so obviously terrible design, I don't know how you think gatekeeping solves anything, and that seems to be all you're doing. Shitty clients shouldn't be able to wreck peoples lives/computers, and we should minimize the amount of damage shitty clients can do. You also seem to believe that everyone is cognizant of the fact that they've been infected with something, in reality, you will go months or even decades without knowing you've been hit in some cases, we should minimize the amount of damage that can cause, not give them full access to everything on the entire pc because you think we should check every piece of software that runs.
There aren't newsworthy breaches involving x.org because it's widely regarded as not to be trusted, and has been for so long that nobody uses it for anything that needs security.
Flatpak is great and has a verification system so you know when the app is by the developer... It's sandboxed so the clients can't do as much damage, this is significantly easier for users to manage and prevents terrible things while not limiting anybodies usecase and allowing apps to be packaged for every distro at once. That's pretty awesome, actually, and you can use different repos if you don't trust flathub, i'm sure once flathub does something bad there will be alternate "more secure" ones.
Either way, I don't want to live in the world where you make the choices for software, it seems like you want a world where everyone needs a license to use their computer.
What the fuck are you smoking dude, X11 is used all over the place
Can't have global shortcuts or share my screen but at least my system is secure from these non-existent threats snort
Why don't I just smash my computer with a sledgehammer for the ultimate protection from flatpak malware.
Global shortcuts and screenshare are supported fully...
also the places where a newsworthy leak would happen do not use x11 and/or carefully vet their software. The average user should not need to do that, it would be bad design to make them