I’ll extend your RHEL corpo parents with the other children in the family. The majority of their revenue comes from completely legal oxycodone sales, any (alleged) trafficking is just a side hustle.

Rocky: The rich corpo parent’s least favorite child. Chill dude. Gives hugs to his parents victims. Still intends to take over the family business and run an oxycodone-empire - but ethically.

Alma: The other reasonable estranged child. Wants to take over the family business, but considers high quality ”herbal remedies” the only pain medication anyone would ever need.

Oracle: Wants to pivot the family business into more potent opioids and possibly world domination. While it’s obvious he has access to ”stuff”, you suspect he has ties to multiple cartels and possibly the yakuza. For some reason has direct numbers to several heads-of-state in his phone.

# echo ”SELINUX=enforcing” > /etc/selinux/conf
# echo ”SELINUXTYPE=mls >> /etc/selinux/conf
# reboot

Come on, it will be fun!

Be real fukin careful now. You’ll tear my enacs from my cold dead hands

(But yeah, I use evil-mode. Also I edit files on remote servers with vim. I’m a traitor…)

Sure, I’ll do another mini-rant.

I have no idea what real world threat model and threat actor the Wayland people are going for. A threat actor with code execution on a Linux desktop immediately has access to the filesystem and can do whatever anyway, in practice (see also: Steam deleting home directories). Privilege Escalation is a thing and namespaces in Linux are kinda meh. Run your untrusted code in an ephemeral VM.

My point is just that once you have a threat actor running code on your system, it’s game over regardless of whatever your desktop tries to do. (I’ll run with the Maginot Line comparison here, but Wayland is more like a locked door without walls.)

The security issues with X were the X-Forwarding-stuff being kinda bad, not the ”full access to everything”-stuff. I want my applications to access my things, otherwise I wouldn’t run the application.

If your threat model seriously needs sandboxing, you’ll wanna go the Qubes-route. Anyways, Arcan seems to have a more reasonable threat model than Wayland if you wanna go that route.

Thanks for reading my yearly mini rant on why Wayland’s security don’t matter and only gets in the way of the user and application developer.

So this is my big issue with Wayland - nothing is a ”Wayland problem”. Everything lands on the compositors. Features that existed for the past few decades in X and are deeply integrated into the ecosystem were relegated to second class citizens or just ignored. (Can we share our screens with Zoom yet?)

I won’t argue that X is flawless or should live forever. X should die. However, X actually solved problems instead of just providing a bunch of (IMHO) half baked ”protocols” so that someone else can solve the problem. From the perspective of a user or application developer, that’s just hot potatoes being passed around. And there have been plenty of hot potatoes the past decade.

Thank you for reading my yearly Wayland rant. I’ll now disappear into my XMonad-fueled bliss, fully software rendered.