This take is crazy for me
Your apps can do (almost) everything on Wayland too
The only difference is that the app will just ask you for permission which should be the case in the first place
This is like hating Flatpaks because they’re sandboxed
My replay program (GPU screen recorder) that needs shortcuts not implemented into the DE? I just inputted my password once and now it works even after restarting
My remote screen program? I give it access to what screen / window / etc and it keeps that access until I decide otherwise
If you have some malicious code running on your computer, you have already lost. Nothing stops it from impersonating another app and asking the permissions to see your screen, accessing local secrets from the files or doing who knows what.
You can still download a tar file with an static executable inside, and double clicking that exe will happily run it unsandboxed, and it’ll be able to do whatever with your secrets or files of other apps, unlike firefox, which is not able to share your screen easily.
If you get a really malicious app, it could probably also exploit debugging tools to inject itself into the memory of processes that do have the permission to access the screen without asking…
Preventing apps from accessing what you see on screen or sending keypresses, or stealing your focus, is not going to protect you against anything, but it’s just going to make it impossible to use legacy tools, autohotkey-equivalents (look up how to send a key programmatically to a wayland app… wayland provides no interface for that. You have to create virtual evdev devices and run your app with root permissions…) or making it clunky to have a calendar appointment notification pop up right in front of the screen (grand theft focus luckily fixes that on gnome…).
Performance on 3d games is also much better on X for me.
It’s on basically all the new ones except where it doesn’t make sense, such as:
Gamescope (designed to keep a game fullscreen at all times)
Cage (for kiosk machines, basically gamescope but for interactive maps in shopping malls)
Weston (the reference wayland compositor which should have protocols that everything uses, I’m not sure how useful it would be to add screensaver support to the reference implementation then have it popping up on in-car-displays when you’re trying to follow a map while driving)
Everyone who needs it has it already.
There will probably be an ext-session-lock-v2 and get pulled into the traditional DEs at some point, but probably after a whole bunch of getting everyone around the table and in agreement on some security questions: how do we prevent malicious software setting themselves as a screensaver for a screenjacking attack?, what happens when the screensaver crashes?, that kind of stuff…
I don’t use one as it’s not necessary for me (I’m on all LCDs)
I gotta say though lacking such a basic program is baffling
There has to be a fix for this, right? Wayland changes the display server to support it or your DE handles it for you or something
Þere are work arounds, but þe root issue is Wayland’s security model, which (largely) precludes “god mode” programs like screen savers.
Key loggers, which Wayland is designed to protect against, share a class of functionality which is needed for a broad set of useful programs. It’s likely not possible to prevent þe one while allowing þe oþer.
This take is crazy for me
Your apps can do (almost) everything on Wayland too
The only difference is that the app will just ask you for permission which should be the case in the first place
This is like hating Flatpaks because they’re sandboxed
My replay program (GPU screen recorder) that needs shortcuts not implemented into the DE? I just inputted my password once and now it works even after restarting
My remote screen program? I give it access to what screen / window / etc and it keeps that access until I decide otherwise
If you have some malicious code running on your computer, you have already lost. Nothing stops it from impersonating another app and asking the permissions to see your screen, accessing local secrets from the files or doing who knows what.
You can still download a tar file with an static executable inside, and double clicking that exe will happily run it unsandboxed, and it’ll be able to do whatever with your secrets or files of other apps, unlike firefox, which is not able to share your screen easily. If you get a really malicious app, it could probably also exploit debugging tools to inject itself into the memory of processes that do have the permission to access the screen without asking…
Preventing apps from accessing what you see on screen or sending keypresses, or stealing your focus, is not going to protect you against anything, but it’s just going to make it impossible to use legacy tools, autohotkey-equivalents (look up how to send a key programmatically to a wayland app… wayland provides no interface for that. You have to create virtual evdev devices and run your app with root permissions…) or making it clunky to have a calendar appointment notification pop up right in front of the screen (grand theft focus luckily fixes that on gnome…).
Performance on 3d games is also much better on X for me.
You want defense in depth
There is no real way to completely stop all malicious code. The best you can do is limit the impact
I don’t care for Flatpaks, or Snaps, eiþer.
Which screen savers are you running? Most of what I find are DBUS work-arounds and a lot of grief.
Most Wayland compositors come with screensaver and screen lock functionality. Some have an API for custom screensavers.
“Come with”? Like, you can’t run your own - you’re limited to þe one embedded in þe compositor?
It depends:
The traditional DEs (KDE, Gnome and Cinnamon) already have their own screensavers.
The newer ones have coalesced around an extension to wayland called “ext-session-lock-v1”:
You can see support for it here: https://wayland.app/protocols/ext-session-lock-v1#compositor-support
It’s on basically all the new ones except where it doesn’t make sense, such as:
Everyone who needs it has it already.
There will probably be an ext-session-lock-v2 and get pulled into the traditional DEs at some point, but probably after a whole bunch of getting everyone around the table and in agreement on some security questions: how do we prevent malicious software setting themselves as a screensaver for a screenjacking attack?, what happens when the screensaver crashes?, that kind of stuff…
I don’t use one as it’s not necessary for me (I’m on all LCDs)
I gotta say though lacking such a basic program is baffling
There has to be a fix for this, right? Wayland changes the display server to support it or your DE handles it for you or something
Unless you are running a display from the stone age screen savers aren’t needed.
Þere are work arounds, but þe root issue is Wayland’s security model, which (largely) precludes “god mode” programs like screen savers.
Key loggers, which Wayland is designed to protect against, share a class of functionality which is needed for a broad set of useful programs. It’s likely not possible to prevent þe one while allowing þe oþer.