[redox99]

So, basic functionality is still not there 15 years after release.

And I believe gnome still has that thing where if the UI lags, the cursor lags.

Windows DWM, WDDM architecture, and anything graphics related on Windows is superior in so many ways. They should have copied that instead of the mess that Wayland is, which was developed in a manner that is typical for so many free software: the developers think they know better than the users about what features they need or don't need

[JoshTriplett]

> So, basic functionality is still not there 15 years after release.

X11 didn't have what we currently consider "basic functionality" for decades after its release.

The design of X11 says that every application connected to your display is completely trusted, hence why it can grab any key (and thus be a keylogger if it wants to be). The design of Wayland starts with the premise that every application connecting to your display might not be completely trusted, and thus has to ask for a global key shortcut. That makes some things harder, requiring the design of a protocol for such requests. It also makes it possible to have sandboxed applications. That seems like a tradeoff worth making.

[enriquto]

> The design of Wayland starts with the premise that every application connecting to your display might not be completely trusted,

What a strange premise... Do the wayland people have keylocks on all the rooms, drawers and cupboards on their houses?

Unix programs by default have access to all files in the user home. That's the main point of running programs after all: to edit your files. Letting these programs see all pixels in you screen does not seem that bad, does it?

If for some reason you want to run an untrusted application, use a container. But building your whole house around the "untrusted" premise sounds ridiculous.

[linuxandrew]

> If for some reason you want to run an untrusted application, use a container. But building your whole house around the "untrusted" premise sounds ridiculous.

I guess we should do away with memory protection as well. Filesystem permissions? Bah, they can go too, after all, a computer is generally used by a single person right?

The reality is that many users use untrusted applications that don't have access to home, ergo Flatpak. There are plenty of reasons why the free for all security model for X11 isn't suitable. Besides, that ship has well and truly sailed - most of the X11 devs have been working on Wayland for the better part of a decade now.

[mcpackieh]

> The reality is that many users use untrusted applications that don't have access to home, ergo Flatpak.

I'd like to see this quantified. How many people using flatpack are afraid of their application reading their files, vs using flatpack simply because it's a convenient way to install programs? I don't mean "oh me me!" responses, are there any user surveys to support the premise that average users are afraid of their applications?

Quite frankly I don't believe this level of paranoia is the norm. On Windows and MacOS, applications installed in the normal way can read the files on your desktop. This is the way it as always been on Linux too, with few exceptions. Letting the most paranoid users set the norms is a recipe for irrelevance. How popular is Qubes? It's a pain in the ass.

[E1Q6Y57O]

This is incorrect, apps installed through the macOS App Store have required sandboxing since 2012. Since 2018, Microsoft is also attempting to get developers to sandbox more apps, see more about that here: https://news.ycombinator.com/item?id=36059982

[mcpackieh]

I'm pretty sure you're wrong. Looking over the part where you imply that the MacOS App Store is the standard way to install Applications on MacOS (opposed to dragging the application to the Applications folder), let's look at what the system you're referring to actually does:

https://developer.apple.com/documentation/xcode/configuring-...

Show me where it says a program installed from the MacOS appstore will be unable to read the user's files unless the user explicitly authorizes it. Here's how it actually works as far as I can determine: The application developer grants their app the entitlements to read user files. The user may see that entitlement before installing the application, but thinks nothing of it because of course the program operates on their files. This does not protect the user against a malicious program being shipped with those entitlements and a plausible pretext to justify it. Example: The user downloads a program to read some kind of unusual file for work, the program grants itself access to ~/Downloads because of course it needs that, then the program instead reads ~/Downloads/your-tax-documents

This system only protects the user if the application was legitimate, refrained from granting itself the relevant entitlements, then got compromised by an attacker.

[mongol]

It is not a strange premise. It is the security model that for example Android uses. Unix security model is dated, and it is good that steps are taken in this direction.

[sam_lowry_]

Android is different, it is built to run untrusted apps.

My Linux Desktop runs Chromium, xterm, IntelliJ and occasionally Gimp.

Do I need the Wayland security model? Hardly so.

Am I an outlier among Linux Desktop users? Hardly so.

[E1Q6Y57O]

Are you actually suggesting that most Linux desktop users only use the same 4 programs you do and will never use or install anything else? If that's the case then why bother with a display server or package managers? We can hardcode those 4 programs into the system, have them draw directly to the framebuffer and then we can remove the ability to install any other programs. Sound good to you?

[bzzzt]

The point is to reduce the attack surface, especially for browsers that run untrusted input. You don't want a local exploit in your browser (that hopefully is also configured not to have access to your entire filesystem) to screenshot other apps and websites. Maybe you disable all the warnings in IntelliJ too that prompt you to be careful when opening a new Git project from a remote source?

[sam_lowry_]

Browsers are already sandboxed.

[Shekelphile]

It has nothing to do with security and everything to do with hollowing out all generic functionality and passing it on to the compositor. In other words, the devs are lazy and went for a minimalist approach and now we all get to suffer.

[kingofpandora]

Wow calling FOSS developers lazy is pretty low.

[hifycycyv]

> X11 didn't have what we currently consider "basic functionality" for decades after its release.

What's the relevance of this? You're position is that we should give up features we have for software that doesn't have them after 15 years of knowing they needed them.

[JoshTriplett]

No, my premise is that it takes time to develop features, and what's considered "basic" both changes over time and varies by person.

For instance, I would argue that "basic functionality" today, established by browsers and phones more than 15 years ago, is the ability to sandbox applications and not treat them as all-powerful. X still doesn't have that today. Wayland had that as a basic design premise from the beginning.