Hacker News new | past | comments | ask | show | jobs | submit login

> right as the replacemeant for Xorg starts to take off though

It has been "taking off" for 13 years at this point. It seems like it doesn't have much thrust behind it.




Fedora, Ubuntu, OpenSUSE, RHEL/Rocky, and Debian all have their default desktops on Wayland. Both GNOME and KDE have already switched and will keep legacy X around for compatibility purposes for another few years.

On the more minimal side to compete with X-based window managers: Sway is very mature and River is turning out nicely. All that's left is an Openbox alternative. I believe there are a few, but I'm not familiar.

Wayland has already taken off; once we get XFCE to switch we should be able to move on.


This is not an organic transition. Major organizations seems to "push" it but there is not much "pull". Compare this to the "transition" from CVS/SVN to git. There was no need to even advertise git. People saw it and wanted it.

The X11 ecosystem is more than just GNOME, KDE and i3 and porting XFCE will not be enough to "move on" (For me it is the small things like Xdotool, Xsel, Xcalib, etc. that are holding me back). Maybe X11 needs to be replaced but Wayland is not the answer. It's just not good enough and because of fundamental flaws of its philosophical concepts it will never be.


Xdotool and xsel have had Wayland equivalents for years: see ydotool/wtype and wl-clipboard.

The reason why major orgs have had to push for Wayland is the same as the reasons they had to push for HTTPS and TLSv1.2, unique passwords, keeping software up to date, etc: using outdated and insecure software with significant attack surface has real costs even if it's convenient.


All "equivalents" you mention have less functionality than their originals and some only work on specific compositors like wlroots/sway. Like all things Wayland it's a mess with zero benefits for the user.

HTTPS vs HTTP is a false equivalent. HTTP works just fine like before. X11 can be made fully secure (e.g. QubesOS does it) but nobody uses it because there is really no need on a FOSS system where 100% of clients you run are trusted.


Qubes devs are in my experience the most vocal X detractors. They had to work around X's inherent lack of isolation by using a Xen mechanism. The equivalent would be putting a wooden chest in a safe to show that wooden chests are secure on their own.

HTTP also doesn't work as well as it did before: Chromium and Firefox have begun rolling out an HTTPS-Only mode that warns when visiting HTTP pages. The landscape has also gotten more hostile: many telecoms have been caught modifying unencrypted traffic. Vodafone was also caught HTTP CSP headers for ad injection.

Firefox devs have expressed interest in removing HTTP-specific logic from FF in the distant future too, with the HTTPS-only mode being the first step. All current browsers have also disabled obsolete TLS/SSL versions, which broke several sites during the initial rollout.

There is no such thing as a trusted client; plenty of FOSS has exploitable vulnerabilities. Rather than "trusted and untrusted" software, the cybersecurity crowd has shifted to thinking in terms of "untrusted and untrusted+malicious".

There's also a reason why software audits typically have their moment of truth during binary analysis, whether or not source code is available: source code is only part of the puzzle. Runtime behavior is influenced by the toolchain behavior, host OS behavior, shared libs, and a ton of other variables that are collectively harder to audit than a black box binary. FOSS' reasons for existing should be primarily related to freedom rather than security. I don't copyleft my work because it improves security, but because it protects users from further infringements upon their freedoms.

I'd suggest chatting up a security researcher or reading some material on modern approaches to exploit mitigations (source availability is not a replacement for exploit mitigation); I could give you some starting points when I wake up if you're interested.


Thanks, X can be made secure by goddamn running n virtual machines.

Also, this is just patently false: “Like all things Wayland it's a mess with zero benefits for the user.”


When your solution to "make something secure" is to isolate instances of it in airtight sandboxes, IT IS NOT SECURE.

Theoretically Xorg can be made fully secure: just isolate clients so they can only receive events and bitmap information from windows created on the same client connection. It would be relatively straightforward, if quite involved, to implement.

But nobody wants to implement it because everyone qualified to do so has jumped ship to Wayland. The X architecture is so fatally flawed that the most straightforward way to fix it is to start from scratch, and that's what Wayland is.

X is like global warming: one hundred percent of the people who are in the least wise knowledgeable agree that it is a problem. Unlike global warming, however, that problem has a fix: Wayland.

So just... shut up with the irrelevant bullshit and use Wayland, like all the Linux graphics maintainers and distro maintainers want you to do and have been telling you to do for years now... or find your shit unsupported.


>So just... shut up with the irrelevant bullshit and use Wayland

There are still, to this day, tons of features which end consumers rely on that are still unsupported out of the box with wayland. If you're writing a replacement for x, it had damned well better have feature parity with x. Saying 'shut up and switch' is not an argument for switching.

Also, this sort of attitude is precisely why linux never took off on the desktop. Such arrogance.


I don't agree with the GP comment's attitude but if you could mention those features then maybe someone can help you, they probably exist in some form.


Bazaar style development can’t really transition in such a fast way as cathedrals can. While in case of apple, simply declaring that this framework will be the default from the next release on is enough, linux doesn’t work like that. It is a slow transition, but it already has enough momentum behind it.


There are a lot of smaller projects that lack the resources for the Wayland transition.

I'm a happy Mate user and while there is ongoing work to move towards Wayland, it will likely take several years to complete.

So for the time being I keep X11 dear to my heart, and to be honest I'm not sure what I'm missing with Wayland (expert apparently problems with screen sharing applications that have not been updated to Wayland yet …). X11 + Compiz work fine for me.


I think most smaller project will transition automatically once their widget toolkit is ported. For the cases where this does not happens, xwayland is working well enough.


I wasn't aware that MATE was still on X; that's good info to know.


FWIW, that's much less time than Perl 6 has been taking off for!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: