Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Thursday July 04 2019, @03:41PM   Printer-friendly
from the should've-had-an-X12 dept.

Chris Siebenmann, a UNIX herder at the University of Toronto CS Lab, asserts that the death watch for the X Window System (aka X11) has probably started:

I was recently reading Christian F.K. Schaller's On the Road to Fedora Workstation 31 (via both Fedora Planet and Planet Gnome). In it, Schaller says in one section (about Gnome and their move to fully work on Wayland):

Once we are done with this we expect X.org to go into hard maintenance mode fairly quickly. The reality is that X.org is basically maintained by us and thus once we stop paying attention to it there is unlikely to be any major new releases coming out and there might even be some bitrot setting in over time. We will keep an eye on it as we will want to ensure X.org stays supportable until the end of the RHEL8 lifecycle at a minimum, but let this be a friendly notice for everyone who rely the work we do maintaining the Linux graphics stack, get onto Wayland, that is where the future is.

X11, for all its advantages, also has several incurable design flaws relating to security. However, the major distros have not yet been in any hurry to replace it. Wayland is touted as the next step in graphical interfaces. What are Soylentils thoughts on Wayland or the demise of X11?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday July 04 2019, @06:03PM (10 children)

    by Anonymous Coward on Thursday July 04 2019, @06:03PM (#863183)

    "Secure keyboard" is merely security theater. A keylogger will still be able to steal your keyboard input using XInput and there is nothing you can do to stop it.

  • (Score: 0) by Anonymous Coward on Thursday July 04 2019, @06:22PM (4 children)

    by Anonymous Coward on Thursday July 04 2019, @06:22PM (#863189)

    and do not be an idiot in public

    • (Score: 0) by Anonymous Coward on Thursday July 04 2019, @10:43PM (3 children)

      by Anonymous Coward on Thursday July 04 2019, @10:43PM (#863267)

      Keylogger malware runs under your account privileges and will not be stopped this way because it has access to xauth information.

      • (Score: 0) by Anonymous Coward on Friday July 05 2019, @01:15AM (1 child)

        by Anonymous Coward on Friday July 05 2019, @01:15AM (#863304)

        And do not blame tools for your idiocy when you do.
        Same as you do not try and "secure" your arse from your left or right hand, and instead just refrain from improper use of root vegetables, household tools, lighting implements, small animals and the like: http://www.well.com/~cynsa/newbutt.html [well.com]

        BTW, the ways to run suspect software with limited privileges on a GNU/Linux system are many and quite powerful, while none of them involves breaking every thing GUI presently in existence and hobbling everything else. No one prevents you from learning them.

        • (Score: 0) by Anonymous Coward on Friday July 05 2019, @09:02AM

          by Anonymous Coward on Friday July 05 2019, @09:02AM (#863413)

          I don't know what that new butt page is all about, except that I'm not going to go there.

      • (Score: 0) by Anonymous Coward on Friday July 05 2019, @11:32AM

        by Anonymous Coward on Friday July 05 2019, @11:32AM (#863446)

        Anybody serious about keylogging will use a hardware keylogger, intercepting hardware in transit is more likely than you think.

  • (Score: 0) by Anonymous Coward on Thursday July 04 2019, @08:48PM (2 children)

    by Anonymous Coward on Thursday July 04 2019, @08:48PM (#863234)

    A person could insert a hardware keylogger between your keyboard and the computer and what would you do about that?

    • (Score: 1, Interesting) by Anonymous Coward on Friday July 05 2019, @02:45AM

      by Anonymous Coward on Friday July 05 2019, @02:45AM (#863328)

      If you negotiate the minefield in the drive
      And beat the dogs and cheat the cold electronic eyes
      And if you make it past the shotguns in the hall
      Dial the combination, open the priesthole
      And if I'm in I'll tell you where to stick your hardware.

    • (Score: 2) by tangomargarine on Saturday July 06 2019, @04:08AM

      by tangomargarine (667) on Saturday July 06 2019, @04:08AM (#863743)

      Understand that virtually all security is circumventable with physical access?

      This is a long-standing rule of computer security.

      --
      "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
  • (Score: 0) by Anonymous Coward on Thursday July 04 2019, @09:46PM (1 child)

    by Anonymous Coward on Thursday July 04 2019, @09:46PM (#863249)

    xinput is a debug tool, naturally it will lead to problems.

    That said, there are ways to defend against it. But it is a but convoluted right now for casual use, as it involves routing windows through something like xpra.

    • (Score: 0) by Anonymous Coward on Thursday July 04 2019, @10:49PM

      by Anonymous Coward on Thursday July 04 2019, @10:49PM (#863272)

      XInput is not a debug tool, it is an X extension providing a generic interface to input devices. It is entirely separate from the core keyboard and mouse API and does not respect keyboard or server grabs, which is what "secure keyboard" features use to pretend they are keeping input only to themselves. XInput keeps accumulating events during the server grab and sends them on to the keylogger once the grab is released. If XInput code were to respect grabs, this last key event leak could be plugged and it would once again be possible to implement the "secure keyboard". XInput developers, however, are not interested in doing that, presumably because they are all working on Wayland first and are assuming that X will die.