It's an obvious thing for NSA et al to do (and in line with their previous behavior). The more annoying thing is Google et al playing along (though it helps Google's stock with how much they've invested in quantum shit that doesn't work).
I suppose now might be a good time to take out a life insurance policy on Bernstein.
The NSA rarely does anything that crude. They prefer to spy on you, find out your peccadillos, and then engage in a public smear campaign via proxies and cutouts.
Yeah, exactly. The FSF's stated goals for the GPL of propagating free modifiable software is really important, but the only way we can achieve that objective is by passing laws that regulate proprietary software, like the push on right to repair and whatever Calfiornia and the EU will end up doing wrt protecting consumers who buy live service games.
Yeah but Xorg is insecure! Don't you know that an attacker can just see what the windows are?! Just forget that if they're accessing your computer they can do that with Wayland, and forget that you need a bunch of hacks to get not even feature parity with Xorg.
I said it in some thread on here before but the funny thing is that this argument isn't even true. X11 always had a security extension and can differentiate between trusted and untrusted programs. As you might guess, untrusted programs are not allowed to see the screen contents of trusted programs or the clipboard. It's kinda poorly documented but I had that set up for a while, security wise it works best if you also can sandbox the untrusted applications in other ways so they have no chance to access the magic cookie.
Imagine replacing something for the sake of being a controlling cunt about it. I could never imagine that happening in the open source software world.
That's what they're trying to streamline with xnamespace now. There's been steady progress and a big push to actually get them functional, but as of ~2 months ago they are still busted and crash if you assign a program to any namespace but root. Obviously this isn't their primary concern right now, but given time, I'm sure they'll get it done.
Okay but Wayland is the future CHUD
The security extension has actually been implemented through another extension called XACE for the last 26 years, which allows for more fine-grained control. It was implemented by NSA for use with selinux on rhel systems where they had a GUI to control the permission of every application for every allowed operation (mandatory access control). Kinda like android permissions, but long before android did it. It also has things like censoring, so if a screenshot application tried to take a screenshot of the screen, privacy sensitive applications could be blacked out. You can technically still run this but I have never seen anyone do that.
Yeah I'm blurry on the details, I just remember it didn't work well because many programs assumed access to things they didn't have access to. It's good that xlibre has picked up expanding on it. I always felt though for the average user it's one of these things where you have other problems if a process became compromised to this degree, even though I guess I can still think of situations where it's a good defense-in-depth to have.
I agree. In my opinion it's a psyop. Nobody has got their security or privacy compromised through x11 in the 40 years that it has existed. If it was really an issue then people would have solved those rather easy issues in xorg that makes program crash when xace is used and distros would have had added options to enable it.
I also think the brokenness from enforcing security boundaries in X11 has been significantly overblown by some poorly written X11 clients.
The history of exploitation in the 20th century is harder to explore, but here’s an attack tool that lets you escalate privileges up to root on Solaris. It was written in 2006.
The entire X11 vs Wayland shit bugs me because Wayland has the makings of greatness but a team too fucking retarded to do anything with it. Literally, what is the downside of proclaiming that wlroots is an official WAYLAND TM LIBRARY and slowing the release cadence to like, one major patch every 4 months? Would literally fix 90% of the issues in the entire ecosystem imo. Hevel is comfy as hell if you like mouse oriented movement by the by.
That's unrelated. That's an exploitation of a bug in the xorg server, not the x11 protocol. That exploitation would be possible even if x11 had wayland-level sandboxing. Of course such vulnerabilities have existed in all software (that have large enough user base and runs as root), and that exploit still hasn't affected anybody as the vulnerability got fixed. Every distro runs the xorg server as the user rather than root now, so its not anymore more vulnerable than any wayland compositor, or simply modifying ~/.bashrc / ~/.zshrc
You didn’t make that caveat before, it’s only when you’re shown to be talking out of your ass that you make up new rules.
You have no way of knowing that. You don’t know if the folks listed as discovering the bug kept it private for a while before disclosing it. You don’t know if other folks also knew about the bug and kept their mouths shut.