tcaudilllg wrote: ↑2022-07-31, 12:51
I see "security theater" as the meme that for example, you should never use FOSS that has not been maintained. There is a very real stigma around this which contributes to a certain nastiness in the field, and is a problem. Also the tendency to patch every little security "hole" regardless of the likelihood of it actually being abused. For example two popular emulators over the last several years got patches for such, despite the vanishing chances of such exploits actually being leveraged.
It's because a minority of programmers have made a niche for themselves in exposing niche vulnerabilities. It's become a specialty in itself and they just dare you to deny their patches. If you do, they go on 4chan or some place and announce it to the world, get you doxed and try to ruin your career.
The lion's share of "security hotfixes" are for circumstances in which there are no proven capacities for actually mounting attacks in practical situations. Years ago enablePrivilege, a vehicle for obtaining direct access to the file system with user consent, was stripped from Mozilla not because it was a proven hazard, but because it was a theoretical one which the legal dept. didn't like. Google was the cheerleader in this effort to destroy the existing add-on/browser-as-server regime in the name of "security" which created an artificial problem that they exploited through leveraging WebKit as a server container (birthing NWJS and Electron to take over the niche that Mozilla was formerly suited to).
More recently Hyper-V had its 3-D capabilities significantly stripped because of a "vulnerability" that 99.999% of users would never open themselves to because they don't run arbitrary stuff on their GPU. (or in theory they wouldn't... arbitrary access to the GPU by way of canvas and webgl makes it more probable that some exploit will make its way over the net...) And there's the thing: the people screaming the loudest about security are the same people forcing these vulnerabilities on us in the first place so they can get more data on this to which they are not entitled and to use our hardware resources for god knows what that they contrived would make them richer. Security hypocrites.
I quoted your whole post. Not because I know what to reply, but because you hit the nail on the head. Today "security" is used as a hammer to destroy projects, functionality and basically anything the big players don't like.
Despite not being a dev I have thought about the scenario where your "reputation" is destroyed because you don't patch niche/made up "vulnerabilities".
A good example is X.org display server. According to Wikipedia the size of X.org is 3.7 MiB. I have checked my own system and I would say that the installed size of X.org is around 15 MiB. So this is a display server that has been maintained since the 1980s* and works well for common tasks like a desktop system. They say it is bloated and contains spaghetti code that no one understands. "The last people that understand X.org are basically dying." Something must be done!!!!!!!
So Red Hat/IBM has decided X.org must die. It isn't secure... The main problem is that is runs as root apparently. To me it seems logical that a display server runs with high privilege. Anyway, it is possible to run X.org as user as long as your display manager (login window) supports it. This should be a relatively trivial fix for maintainers. Maybe it's a week of work, but not 14 years like developing Wayland.
So you read Linux blogs and people being terrified of X.org bugs that have yet to be found (since the 80s). They cheer the coming age of Wayland which doesn't allow compositors to run as root. There are a lot of things Wayland doesn't allow so there are an equal number of workarounds to allow copy/paste between apps, screenshots, screen recording etc.
Wayland has a more limited scope since it's just a protocol and the bulk of the work has to be done by individual Wayland compositors. This means each Wayland compositor will have unique spaghetti code to replace the functionality that was earlier handled by X.org for all X.org compositors.
So some people (certainly the influential ones) want to move desktop Linux to a model more suited to smartphones, infotainment centers etc. They say it's because of security. Now comes the bizarre. The same people who seem concerned about security are silent about proprietary software. Proprietary software? - surely there can be no security flaws in proprietary software - after all it is made by powerful corporations with plenty of resources.
So the same people who scream about 15 MiB of installed X.org server will gladly download a 250 MiB blob from Nvidia and install it. What's the installed size? I haven't installed it, but let's say at least 750 MiB installed size. This code runs with full root privilege of course. It doesn't matter if it runs on X.org or Wayland - it has root access no matter what. How many people look at this code? Not many - because it's proprietary. And still, Wayland supporters are silent. Not running as root is super important, but gaming is more important. So let's give Nvidia root access 24/7. Proprietary wifi is also necessary - as root. And the kernel and proprietary firmware modules that are loaded with the kernel. But not X.org, because running X.org as root is super dangerous and everyone knows that. Even running X.org as non-root is super dangerous, because it's technology from the 70s and all that.
Nvidia is a good shepherd, so is Red Hat. Point finger at something you don't want to maintain anymore. It's OK, the message has been received. I just wish there was more honesty about true motivation/intent behind Wayland. Basically I think "the industry" wanted Wayland for Digital Signage displays (ads), infotainment systems in cars, kiosk systems like ticket systems and different embedded use cases. Wayland might be pretty good for smartphones and is already in use by most Linux based smartphone OSes (but not Android). Let's use it for the desktop too!!! OK, I actually understand that part. Red Hat doesn't want to maintain two different display systems for Linux. The moneymaker for Red Hat is servers and Wayland is more than enough for that use case.
I don't understand everything, not much one could say. However, I do have the ability to compare: 15 MiB vs 750 MiB. FOSS vs proprietary code. Shared functionality in X.org vs custom solutions in Wayland compositors.
What disturbs me is that the same people who scream about X.org vulnerabilities ultimately don't believe in the FOSS model. They think Android and iOS are safe because there are permission toggles for apps. I don't deny that the current Linux desktop is wide open. If you install something bad it might eat your system. I don't agree with the solution to that problem.
I think the solution is that the "sysadmin" decides what a user can do, not the OS/distro builder. Despite Windows being everywhere and in the hands of people better suited to smartphones, we haven't seen widespread malware attacks in a long time. Ransomware might be the most talked about and I think there was a hospital in the UK that had to shut down for a while a few years ago.
Microsoft did try to turn Windows into a smartphone - Windows 10S - but failed. So instead, they polish security a little bit here and a little bit there. That's a much better approach than the "everything must be a smartphone" approach.
Maybe I understand Wayland a little bit better after writing this. The "industry" creates things that it needs and spin doctors proclaim that a wonderful new world awaits. There are plenty of sheeple - they don't need to be stupid, but they rather move with the herd. I don't have a problem with the Wayland FOSS evangelist. But when the Wayland supporter installs proprietary drivers (with root access) I think we are looking at a contradiction. Then there are a number of Wayland supporters that simply think that "it's modern" and in some cases "it works better for me". As far as I know the Wayland protocol has no connection to fractional scaling, but it's popular to claim there is a connection. Qt can do fractional scaling anywhere, it's just gtk that decided to only implement it for Wayland. Since Red Hat employs the gtk devs this decision comes as no surprise.
*The history of X Server and the specific implementation known as X.org is a bit unclear to me at this point. I believe the 80s could be seen as the first decade for X Server technology. The first release named X.org actually happened in 2004 according to Wikipedia.
