Xorg development effort slowing in favour of Wayland
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Why specifically disallow root access? Granted it might be a bit better if while running Dolphin as User and seeking to edit a protected file a login screen would pop up for permission, but frankly I don't see much difference between that and allowing su or sudo in a terminal within X or Wayland. So what's the big deal?
I was once told that you can use sudo in a terminal on a simple desktop but not (safely) in a DE, because it exposes your environment to root, including XDG variable names for some essential authorisation files. If those files accidentally get transferred to root's ownership, you won't be able to use X as yourself any more unless you hunt down the errant files and delete them. istr that actually happened to me once.
Apparently gksudo and kdesudo contain specific code to prevent that from happening. They are not just sudo with pretty graphics.
I beg to differ. Racing on narrow, congested streets is a guaranteed high risk open for numerous instances of Chance and Happenstance, not to mention law enforcement, but running X as root with networking disabled poses no serious risk for such an isolated PC. Furthermore I have yet to see how having that option places anyone who doesn't use it at risk. QED - no risk.
What you miss here is very well written in the story of nuclear program of Iran, called stuxnet. Those nuclear centrifuges were much more protected than anything you have, they were permanently disconnected from the "outside" net, but they were still destroyed.
That happened more than 10 years ago, believe me, they have much better tools now (to collect your sensitive data).
What you miss here is very well written in the story of nuclear program of Iran, called stuxnet. Those nuclear centrifuges were much more protected than anything you have, they were permanently disconnected from the "outside" net, but they were still destroyed.
That happened more than 10 years ago, believe me, they have much better tools now (to collect your sensitive data).
Stuxnet's introduction into Iran's nuclear facility is uncertain but the 2 most commonly considered sources, are firmware in servos and insider penetration via a flash drive. In short, I'm not missing this at all. I am dead certain considerable of my data is mined. I am almost equally certain nobody is taking control of my PCs... my phone, maybe, but I go to great lengths to isolate my phone from my PCs.
There was some software like spss for linux that required a gui and root access for installation.
Wayland seems to offer little and take away much.
The fact that root sometimes might benefit from running a graphical X application does not necessarily mean that root has to run the X server. It is possible to login as a normal user and start X, then in a terminal window like xterm do "su" or "ssh root@localhost" and then start some graphical X application as root.
Geez! I surely didn't want to open such a can of worms over simple root permissions in X, so here goes:
OK I want to see it. Did Wayland devs have ANY evidence of the number of documented cases of security breaches due to running X as root, or did it just suit their workflow preferences/prejudices and figured nobody would mind?
Geez! I surely didn't want to open such a can of worms over simple root permissions in X, so here goes:
OK I want to see it. Did Wayland devs have ANY evidence of the number of documented cases of security breaches due to running X as root, or did it just suit their workflow preferences/prejudices and figured nobody would mind?
why do you think it can be documented. Most of the cases are simply not detected at all, just your email, money, whatever is stolen and you have no any idea how did it happen.
Closing potential security gaps reduces the risk. It is that simple. Ignore it at your own risk.
Since I only looked for 1 second to find this 2018 trivial to exploit issue, obviously a serious review of the historical and current CVEs will result in a complete answer to the question.
Unfortunately, there's a reality that when the core primary dev stops working at all on the project, which is what happened when the main X.org dev moved to only working on Xwayland, no magical code events occur. Slow, gradual degradation of the codebase, possibly new exploits that required a serious refactor to resolve, begin to go unresolved since there are simply no competent devs who are doing that work anymore.
So it's not like X.org is going to remain static and fine through the future, it's going to drift into what is called 'code rot', a term I used to reject totally since my view was code can't rot, until I started seeing it happen on my own large codebases.
Those are small errors that appear when you innocently are working on some other feature, and simply don't realize you also accidentally impacted some other part, without realizing you did it at all, or underlying bits and pieces hitting issues with Linux kernel drivers changing subtly or not so subtly, thus breaking X.org display drivers.
I'm 100% in the camp that wishes this were not the case, and as with many, Wayland compositors do not solve any problem I have ever had, and also fail to be noticeably better in any area, for me, they are worse, in VirtualBox, wayland compositors are radically more unstable than X.org display server driven desktops and window managers, which for me matters a lot re testing and development, so I'm not a fanboy for wayland, just someone who is trying to be realistic about what to expect as dev hours decline, and more important, as dev talent and experience starts to vanish.
I have always been struck by just how much damage an unskilled / inexperienced dev can do to a codebase in such a short time, and thinking that X.org will be exempted from that issue is not realistic.
I won't name names, but I've been watching this bit rot and dev skill drain in a well known distribution for many years now, and it's gotten to the point where I no longer actually support it, unless its' an easy fix. As with future X.org users unsure why bugs don't get fixed, etc, this distribution's users seem unaware of what happens when you suffer this long term degradation. The actual name of it doesn't matter, it's just a demonstration that bit rot is real, dev talent drain is real, and once a project hits a critical level these issues start to get quite serious.
As an aside, for a few months now, with new kernels (Liquorix) and fairly current desktops (Xfce) I've been starting to see display corruptions in Thunderbird and one or two other programs, which I believe means GTK corruption, and that's the kind of issue you'll be seeing more and more of.
As Qt and Gtk move increasingly to Wayland compositor support primarily, the dev manhours/eyeballs will shrink for the x11 compositor/window managers, and you'll see more and more "won't fix" in valid bug reports because there's no devs who want to do that work, or who get paid to do it.
I was somewhat, for example, shocked, when mrmazda, who does a lot of display and desktop support here on linuxquestions, told me that fedora isn't even shipping X.org 1.21, they are shipping... 1.20, which means, they don't even care to get the latest bug fixes at all, they aren't allocating any resources to X.org at all, not even to the point of packaging the current release. I had a hard time believing this was the case, but mrmazda showed me, Fedora 40 has 1.20, I think, I know 39 does, and that X.org is I think over 2 years old now.
So unless a serious organized effort rises to fork/maintain X.org, it's not going to happen. As someone noted, the X devs put out a call to get volunteers for 1 or 2 years to maintain X.org, and got zero, no, results. Which is I think when they decided probably to let it die, and start working on the wayland protocol full time.
I'm writing this partially for myself, since I, like Garth of Wayne's world, fear change, and in particular, I fear breaking changes that do nothing to improve my actual workflow.
If I were to be objective however, I'd guess the biggest complaint users have, losing network transparency, and thus, losing x11 over network, client / server situations, is probably the least realworld important of all the objections, and the easiest to adapt ones workflow around.
I worry much more about stuff just not working, or being buggy, breaking, failing, in normal use.
But the more of your programs that use current Gtk and Qt, the fewer issues you should see I believe.
If I were to be objective however, I'd guess the biggest complaint users have, losing network transparency, and thus, losing x11 over network, client / server situations, is probably the least realworld important of all the objections, and the easiest to adapt ones workflow around.
I worry much more about stuff just not working, or being buggy, breaking, failing, in normal use.
But the more of your programs that use curernt Gtk and Qt, the fewer issues you should see I believe.
So far that has been the only mantra about not letting go of xorg. I personally just do not care about it - it is at best in my view a niche thing, and having a network-aware display has never come up. I again can just point to RDP or VNC if you need something similar, but again like that retrobytes video also pointed out, the days of running a display like the days of VAX is over. If Wayland is more secure for not having this feature, then I am all for it - and again it is not like any distro that I have seen is going to pull an OpenBSD and try to fork xorg a.k.a xenocara with least privileges for xorg.
I also have wanted to dabble into a rootless xorg; but it seemed more of a PITA to try to accomplish and would end up breaking DRI/DRM with NVIDIA. The writing is on the wall for xorg as you pointed out, nobody is working on it anymore and not even for security updates - so fedora being bleeding edge makes sense for it to ditch it - so in a way im glad we have fedora, let them bite the bullet first , so we can benefit later on - joking aside though, while I can sympathize with Garth, I also don't like change - but I also never ran into a usecase where I needed the 'advantages' of xorg and having network aware display. Chances are most here probably don't either; and I am going to stubbornly point to RDP or VNC, we have that - sure it might not be like xorg, but oh well it is what it is.
Geez! I surely didn't want to open such a can of worms over simple root permissions in X, so here goes:
OK I want to see it. Did Wayland devs have ANY evidence of the number of documented cases of security breaches due to running X as root, or did it just suit their workflow preferences/prejudices and figured nobody would mind?
Actually, despite Xorg being root capable, there are very few serious issues such as that, at least known issues, which pretty much means the internal Xorg security model was quite well functional.
Don Hopkin's account of the X-Windows horror show is an interesting read...
"Marus J. Ranum" of DEC. Guess what DEC shipped as a GUI for VMS? DECwindows, which was based on ... (you guessed it). X11R4 is old, and X has updated much since then while still keeping it interoperable with older versions. As I stated previously, I'd be OK to switch, but Wayland takes my tool box, turns it upside down, and dumps everything out. Neither Xv nor ImageMagick work properly anymore, so I had to set up grim (which curiously requires slurp, a separate utility, to find a window region) for screen shots. x3270's keyboard window keeps overlapping the main window when you move it, even if you move it away. 50/50 whether an application works correctly with Xwayland. A large around of applications are going to have to be re-written. Do people realize this? If there's already a lack of devs, who is going to rewrite all that?
One thing I like most about Xwindow, and Linux in general, is the user gets the power to do what he wants. If I want to get a GUI login from a Sun SPARC box over the network, I can. You're not getting ssh, let alone RDP/VNC to work on that. Now, it looks (figuratively and literally) like Linux is becoming Mac OSX. Did you notice how fast they drop stuff deemed to be old? Try to find a command line ftp client. A family member's machine didn't even have an ethernet port (only wireless) nor an optical drive on a desktop PC.
If we are to follow the "that's old no one needs that anymore" argument to its logical conclusion, we could rip out 80% of Linux and we'd all be using LinuxQuestions app on our lastest Apple iPhone.
"Marus J. Ranum" of DEC. Guess what DEC shipped as a GUI for VMS? DECwindows, which was based on ... (you guessed it). X11R4 is old, and X has updated much since then while still keeping it interoperable with older versions. As I stated previously, I'd be OK to switch, but Wayland takes my tool box, turns it upside down, and dumps everything out. Neither Xv nor ImageMagick work properly anymore, so I had to set up grim (which curiously requires slurp, a separate utility, to find a window region) for screen shots. x3270's keyboard window keeps overlapping the main window when you move it, even if you move it away. 50/50 whether an application works correctly with Xwayland. A large around of applications are going to have to be re-written. Do people realize this? If there's already a lack of devs, who is going to rewrite all that?
One thing I like most about Xwindow, and Linux in general, is the user gets the power to do what he wants. If I want to get a GUI login from a Sun SPARC box over the network, I can. You're not getting ssh, let alone RDP/VNC to work on that. Now, it looks (figuratively and literally) like Linux is becoming Mac OSX. Did you notice how fast they drop stuff deemed to be old? Try to find a command line ftp client. A family member's machine didn't even have an ethernet port (only wireless) nor an optical drive on a desktop PC.
If we are to follow the "that's old no one needs that anymore" argument to its logical conclusion, we could rip out 80% of Linux and we'd all be using LinuxQuestions app on our lastest Apple iPhone.
All those apps are pulling users away from Windows and Mac, so they must be Exterminated!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.