The way X11 developers ended up fixing this is by creating Wayland. This way privileged operations (like keylogging, screen capture, etc) require the cooperation and authentication through the display server.
That sort of solution is cancer if you want to do anything the display server authors didn't think of. I've got a script that I invoke with a global hotkey that determines the window title of the currently focused window and fuzzy matches it against pipewire audio stream names so I can mute the focused window with a single keypress. If I want that to work in Wayland I'm pretty much up shit creek because somebody with their head in the clouds thinks that my needs are super dangerous or something.
Wayland devs for the longest time thought implementing what was needed for accessibility (mainly, global keyboard hooks for Orca to work) was a security problem. Nevermind the fact that nobody hacks X servers, or your wayland compositor, because if I wanted to hook your keyboard with a keylogger, I'd hook it through evdev. And then you wouldn't even know let alone be able to do much about it if I did it properly.
Wayland doesn't say "this is impossible", it says "this is out of scope of the core display protocol, implement this somewhere else".
Which, well, we do. Practically all the X usecases are covered on Wayland systems now. Screen sharing, screen clipping, global hotkeys, file pickers, getting the window title like you said... I can do all of that on KDE, right now, under Wayland.
If you change to another DE that has less capabilities than KDE, of course you can't do it. Emacs and LibreOffice Writer will have vastly different capabilities and people can choose what they want based on the capabilities they desire.
And that is exactly the problem. Now things like accessibility (or, really, any feature that the maintainers of the core protocol didn't think were "necessary" because they like minimalism) have to be implemented by each and every compositor. If the compositor doesn't implement it, your screwed unless either you convince them to add it or you add it yourself. Talk about causing huge amounts of fragmentation for absolutely no reason.
The proper thing Wayland should've done is waited until Wayland had reached feature parity with X, then released it to the world and started acting like it's the future.
Wayland was specifically built to support things that aren't desktops, so feature parity with X was never a design goal of Wayland. The idea was that Wayland would be a super-flexible "you give me a window and events, I give you rendered bitmaps" kind of protocol, and then desktop functionality would be layered on top for people who wanted a desktop. Not everything needs to be a desktop (e.g. car infotainment displays, KDE Plasma widgets, etc), and some protocols would be super limited if they had to fit in a desktop mold (e.g. VR displays[0] with apps in non-planar windows).
The main mistake FD.o made is that they didn't get consensus on a "Desktop Profile" extension, so all the DEs wound up implementing their own thing. This is still fixable, just very annoying until we have agreement on this shit. I think that's what you meant by "feature parity with X".
[0] Currently, every desktop VR setup has to have two layers of compositors. VR applications have to communicate with a special VR compositor that then draws normal desktop windows with the contents of what should be hitting each eye of the VR display, all so it can pretend to be two normal displays.
I could say the exact same thing about X, A lot of the problems people had with X historically was that developments goal was to "create mechanisms not policy" and people just wanted a desktop environment that worked.
An antidote on non desktop use of X: the other day I wanted to show a program on my phone, there are many good ways to do this, but I picked none of them. Instead I had just installed a terminal on the phone and noticed they had an X11 package, So A few minutes later I was the proud owner of an X server on a phone. And you know what... It was pretty great. My gaming system load and temps dashboard were displaying just fine.
Despite using X for many, many years, I had never just sat down and played with a bare X server, I had only dealt with it through the lens of a locked down, encumbered desktop system. It was like having a network attached monitor. From whatever system I was using as a desktop system I could just go "display this on that monitor", in this case a phone. Based on that experience I put a raspberry pi on my TV running a bare unprotected X server because having a network attached monitor rocks.
Yeah, pretty much. I would be less disagreeable about Wayland if they had solved this problem early (and yes, they should've thought about this early during Wayland because the most prominent target is desktop environments). But they didn't, and I don't even know if they'll come up with some unified solution that all DEs/WMs can agree on or whether they'll just keep allowing DEs/WMs to do their own thing. Either way, fragmentation is never a good idea on what, I think, many would consider critical functionality. At least, I consider the requirements to implement accessibility to be rather critical, which is the primary reason I still use Xorg.
If I have a kiosk terminal, why would I want the overhead of, say, screensharing? Also, isn't this the point of libraries, so that you only have to implement stuff once, and you can reuse it in different projects? Like you can build on top of wlroots just fine.
> The proper thing Wayland should've done is waited until Wayland had reached feature parity with X
How on Earth would you expect a fundamental protocol to be developed behind closed doors?! Wtf even.
> If I have a kiosk terminal, why would I want the overhead of, say, screensharing? Also, isn't this the point of libraries, so that you only have to implement stuff once, and you can reuse it in different projects? Like you can build on top of wlroots just fine.
Yeah but again this fragments the ecosystem massively. If people really wanted flexibility they could've just made it a configure option or something equivalent?
> How on Earth would you expect a fundamental protocol to be developed behind closed doors?! Wtf even.
Your making a pretty big assumption here, aren't you? I never said it had to be developed behind closed doors. It's the "lets just obsolete X11 even though Wayland can't even replicate a quarter of it's functionality right now now now because of security security security" that irritates me. If they had worked on Wayland and obsoleted it once they had reached feature parity, that would be releasing it to the world. Then they would've had far less friction and the transition would've been a lot smoother. Would it have delayed Wayland by maybe a decade? Sure, but I see little issue with that. IMO that probably would've made Wayland even better.
Who is the supposed agent mastermind singlehandedly developing Wayland and deprecating X11? You do realize there are multiple people working (having worked) on both in their free time and each have agency and their own incentives. Separate people have had enough of maintaining X, while another group of people enjoyed working on Wayland. Some indeed moved from one to another but there were no coordinated attempt at hijacking the Linux graphic stack or whatever..
3. Shortly after all distros finished switching to X.org, declaring it obsolete and announcing wayland
4. stopping any major development on X.org immediately even though it's was the one and only option at the time
5. and channeling all development resources (not only on the display server, but also downstream users like toolkits, DEs etc.) to rewrite their code for a protocol that wasn't even gonna be usable until a 10+ years later
6. Depraving Linux desktop users from 10-15 years of improvements and making Linux graphis stack stuck in 2000s
wasn't hijacking the Linux graphic stack?
I mean had Steve Balmer
wanted to sabotage Linux in desktop he couldn't do better
That's the issue. Because wayland punts on so much functionality that used to be available with standard interfaces in X11, it fragments the ecosystem to such a degree that all these useful little utilities just don't really have a means to grow.
> Practically all the X usecases are covered on Wayland systems now. ... global hotkeys ...
Are you sure? I looked at that earlier this year for a personal tool I wanted to create and found no way to do it on Wayland (On X, I did it just fine).
I had a long back and forth about this very thing with both Claude and ChatGPT, and neither conversation was fruitful: every option had some dependency (like switching to KDE, or similar).
I know some blind people who tolerate it but yeah, I find it completely unusable at the moment. I haven't tried Gnome recently but last time I tried it I had apps like Bitwarden malfunctioning in some very, very weird ways that just... Never happened on Xorg. If I remember right, it was things like forms not being read properly or something, can't remember off the top of my head now. But it certainly didn't leave me with a good impression; it made me think this Wayland thing was just half-baked. Also, Orca modifiers were passed-through directly to the compositor and Orca wasn't allowed to intercept them either, which made just using my computer feel awkward since I'd always need to remember to turn off caps lock every time I wanted to do something even remotely complicated. I've heard that Gnome has solved this but as I said above, I think this may be a Gnome (and at most KDE) thing, and not something that everybody has decided to just do.
For some weird reason I can't access it, it just redirects me to this image about hacker news. Did he just configure his webserver to just universally display that image? Even if I manually enter the address into my address bar it does that so I assume that that's what he did...
Good. Disallowing software to position its own windows has been a major usability improvement over the X11 days of software making stupid positioning decisions and having to patch it out everywhere...
Yeah, assuming all users and all software should work the same idea is a great way to get people moving to a new platform.
Maybe, just maybe, some people know what they want, and if they want applications that can put themselves in specific corners, why shouldn't the desktop let the applications do that, if the user is OK with it?
Fixing X11's security would of broken window positioning as well. Since that is a security issue.
The deal here is that the only way to fix X11's security issues is by breaking all those types of workflows and forcing application rewrites to implement them in authenticated ways.
So if you are going have to go and break all that stuff, why not fix a crapload of other problems while you are at it?
Calling Wayland "X13" may have avoided a lot of misunderstandings, but it probably would of caused others.
Maybe it's both? There are applications with good reason that need to chose their location themselves, and users who want that type of behavior, so it's definitively not just a security issue.
Microsoft is also guilty of reading the market and keeping up compatibility to make their products remain relevant. Prof. Green makes sweeping statements about how Microsoft should break compatibility to remove these vulnerabilities, but he doesn't have the market pressures that Microsoft does.
Could Microsoft work harder on this? Sure. Do they have to worry about keeping their Customers happy? Absolutely.
The corporate IT market moves at a glacial pace. Hopefully the rise of IT security issues having actual business consequences will change that, but that's not Microsoft's problem. That's the ecosystem they live in.
Were bad protocol / design decisions made in the past? For sure. Microsoft has been working on this (see Managed Service Accounts and Group Managed Service Accounts). It takes time for corporate customers to adopt these new versions.
Corporate IT won't forklift out old systems without business justification. Maybe the pressure from the insurance industry will help. Pressure from the ransomware industry is a certainly helping, too.
Corporate IT just forklifted out tons and tons of workstations and laptops for the windows 10 to 11 migration.
Active Directory is just not developed anymore, its basically abandonware that everyone still uses. The new hot stuff is the Azure AD/Entra ID bastardization of Web Auth plus AD that they try to upsell people to.
> Kerberos changes for Algorithms used for Ticket Granting Tickets: The Kerberos Distribution Center will no longer issue Ticket Granting Tickets using RC4 encryption, such as RC4-HMAC(NT).
Kerberoasting specifically targets service tickets, not TGTs. I wonder if the change really only applies to TGTs or if they simply neglected to mention service tickets.
> Corporate IT just forklifted out tons and tons of workstations and laptops for the windows 10 to 11 migration.
That's just client computer replacement, though. That's a known quantity and is on most IT orgs. roadmaps. We've been replacing computers regularly since we got PCs.
Moving to new AD functional levels, even when the actual risk is minimal, is something I've seen IT orgs. drag their feet on out of fear.
Modern science is derived from Christian Scholasticism from the middle ages so this way of talking and thinking about science as being divinely originated is only unusual in the past couple centuries or so.
It is from that era that they developed systems of rigorous debate, formal logic, and things like peered reviewed papers that we call "the scientific method".
As far as the history of these sorts of mathematical discussions the concept of negative numbers didn't exist until the 15 century. I am sure that each new concept was faced with some resistance and debate on its true nature before it became widely accepted.
So I am sure that somebody looking through the historical record could find all sorts of wild quotes from different theologians trying to grasp new concepts and reconcile them with existing mathmatical standards.
> Modern science is derived from Christian Scholasticism from the middle ages
No, I don't think so. It seems much more based on ancient Greek geometry and logic, the Indian numeral system and Arabic algebra. Modern science really took off after Galileo, at the time when the ancient Greek works were recovered in Europe and could be synthesized with the arithmetic and algebra of these other cultures. Galileo himself credits the "divus" Archimedes as his main inspiration.
What aspects of Christian scholasticism do you think developed into modern science?
I think that using the term 'application containers' to reference docker and 'system containers' to reference LXC is a bit of a meaningless distinction.
You can 100% host "systems containers" on Docker and you can host "applications" on LXC.
Like if I want a entire OS with it's own init system and users and so on and so forth I can do it it OCI images.
In fact I use it every single day with distrobox on top of Podman using OCI container images.
And it works a hell of a lot better then if I tried to do it on LXC.
yeah, the system/application distinction feels somewhat superficial. The “multiple user space” inside a container thing sounds interesting (not sure what that means exactly), but maybe more similar to a Kubernetes pod, except maybe instead of different rootfs there’s another isolation mechanism?
"Systems containers" are almost certainly isn't more secure since 'root' means things, even in a container.
Containers just leverage existing Linux namespace isolation techniques to isolate applications.
A good way to think about it is that they act like blinders on a horse. If applications can't "see stuff" or reference items outside of the container then they don't know it exists and don't know how to interact with it.
"application containers" can take advantage of more then just namespaces to isolate applications, such as running them as unprivileged users inside the container's context and thus limiting them from the sort of kernel features that get exposed inside the containers. Or cgroups to limit resource usage and other smaller things like that.
Regardless "Security" and "Containers" really shouldn't be written about in the same paragraph without MAC framework like SELinux in place or additional isolation techniques like VMs.
Although VMs are a lot more like containers then people realize.
If anything you could argue that copyright has shifted in that direction but it was certainly created originally to foster the development of art and science by protecting creators, not publishers.
Generally speaking the cells that are welded on are designed to be welded on in the areas were you do the welding. Doing something other then welding on them properly is going to be more unsafe then welding.
The proper tools to do this are not that expensive anymore in the greater scheme of things. It is just a question of whether or not it is worth to do it at the scale you are doing it or pay somebody else to do it.
Of course if you buy cells that are designed to be bolted together then bolt them together.
Of course the bolts, or whatever else provides the threads, on those cells are welded on.
> Generally speaking the cells that are welded on are designed to be welded on in the areas were you do the welding.
... by automated spot welder programmed to the specified timing and temperature control from the cell spec sheet, in a controlled environment with suitable protection and fire suppression for a battery manufacturing line. Not by a hobbyist's first try with a homemade spot welder and a safety squint.
I have made such spot welder and done such spot welding. Sure it's fun to do stupid things, but it remains stupid and unnecessary. For a homebrew battery bank, this is the wrong tool, wrong cell and wrong chemistry.
Buy premade, or if you must, buy boltable prismatic lifepo cells. They can dump a lot of power if your short them, but you can drill straight through them and they'll remain stable. The random 18650 li-ion cells... Not so much.
Seconding that advice to just use prismatic lifepo cells. Those have become really cheap, too: You can order brandnew 1kWh cells for $60ish + shipping even if you only need single digit quantities (those want to be squished a bit for longevity, so you might have to design a suitable enclosure).
Energy autarky has never been so affordable, progress on batteries and solar panels was awesome over the last decade.
Replace well known, fast, and efficient image to text algorithms that can happily run on my ancient Kindle with a gigantic black box of ML mush that requires tens of thousands of dollars of GPU to run?
Sign me up!
Might as well claim that computer science is obsolete now since LLMs exist while you are at it.
I'm not disagreeing with you at all, but unfortunately this is nothing new - pretty much every software gets rewritten all the time. They reach about 80% of the features of the obsoleted originals before they would be abandoned for something shinier.
There was even some expression coined a few years ago, but the exact wording escapes me... "attention-deficit-teenager-developer-syndrome"? Something like that...
