If anyone wants to give an ELI5 or a link to a video that ELI5 I’d be incredibly thankful

I swear that all the stuff I find is like super in depth technical stuff that just loses me in no time flat

  • flying_sheep@lemmy.ml
    link
    fedilink
    arrow-up
    10
    ·
    edit-2
    8 months ago

    what exactly is the point of running wayland if you are going to run less secure X apps with 94% of the same vulnerabilities?

    When running Wayland, one X server is started per X application. So that application won’t be able to e.g. keylog others.

    I personally don’t care about security here, it’s all about a flicker free Multi-monitor experience with different refresh rates per monitor. X just can’t do that under any circumstances.

    • havokdj@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      8 months ago

      I run X in a multi monitor setup with different refreshrates AND resolutions and it is flicker free, I think that honestly is something that comes down more to your window manager or even your graphics rather than just X itself.

      That particular vulnerability is one of the 6% that Wayland doesn’t have.

      • ReveredOxygen@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        Do you have separate scaling factors on the two monitors? I need 100% scaling on one and 175% scaling on the other, which I’ve not been able to figure out under x11

        • havokdj@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          Yes, one is scaled 2x, I have a 4k60 and a FHD165. I’d recommend doing this with your autostart script using xrandr

          • ReveredOxygen@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            8 months ago

            Ah, right. That’s fine with integer scaling, but if you try to use fractional scaling with xrandr, it gets all blurry. I’ll consider 2x scaling though

      • Sethayy@sh.itjust.works
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        I mean I’d be happy to hear the other vulnerabilities then, cause I find it fairly unbelievable you can know how they’re handled on every single Wayland compositor

        • havokdj@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          You’re missing the point. When you run an x client in wayland, you are still running an x server. Every vulnerability an x server has, xwayland has. I don’t need to name anything specific because you can legitimately go and look this up yourself.

          Don’t think you are fully safe from keylogging in xwayland either, you are only safe from keylogging in wayland apps, xwayland clients can keylog other xwayland clients because x servers can see other x servers, in other words, they are all still very much running seperate PIDs on your system which means at the very least they can still touch each other. XWayland, by default, does not really sandbox clients because why exactly would it need to? Do you realize exactly how much of a feat that would take to truly isolate an x server from the rest of your system? That is an inherent flaw with X itself because X never set out to acheive those goals in the first place.

          If you are at the point where you have to be worried about protecting your xsession or wayland session, you need to make a fresh install and tighten your security accordingly. All that tightening down your window manager does is make an attacker go for a lower hanging fruit on your system, that’s why you should make your machine unfeasible to even attack in the first place. You can go run around and try to tighten every little nook and cranny, but if someone is determined to get into your system, they will eventually get in. The malicious parties we are trying to defend against with general security practices are not nation state hackers, they are skids and standard malware.