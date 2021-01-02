KDE developer Nate Graham has penned a post detailing some of the things the KDE project is working on that should come to full fruition next year. There’s quite a few things here, but the biggest one is probably KDE’s maturing support for Wayland.
I’ll be honest: before 2020 the Plasma Wayland session felt like a mess to me. Nothing worked properly. But all of this changed in 2020: suddenly things started working properly. I expect the trend of serious, concentrated Wayland work to continue in 2021, and finally make Plasma Wayland session usable for an increasing number of people’s production workflows.
That’s good news, and I hope the move to Wayland fixes my biggest issue with Linux on laptops: playing video is a massive assault on your battery and fans.
Congrats to the KDE/Plasma team. I really like the humility and the pragmatic openness of quite a few influential members in their community.
I wouldn’t expect it to make any difference. The problem is most likely that the graphics driver can’t decode some video formats. (https://wiki.archlinux.org/index.php/Hardware_video_acceleration#Comparison_tables) In my experience my older laptops stay pretty cool with Youtube and VLC playing MP4, but they absolutely burn up with WebRTC video conferences and Zoom, which apparently use a video codec that my Intel graphics driver for Linux doesn’t support.
In general I can’t say I share your optimism for Wayland. After 20 years of running Linux on the desktop I’ve probably become a bit of a luddite, but Wayland really feals like it’s throwing out the baby with the bathwater. I don’t doubt it will be useable 99% of the time eventually, but that last 1% will be a bunch of nasty edge cases. It seems to be following the modern trend of protecting users from theoretical threats and security flaws while getting in the way of the user’s legitimate activities. Yes, I understand that spyware could *theoretically* be logging my keystrokes and copying the output of all my windows, but the hard fact is that I *don’t* have any spyware on my system, and I just want screensharing to work when I need it without jumping through any hoops.
My sense is Wayland is meddling in issues which should be decided by the OS and userland designers not some lower level interface. Things like absolute versus relative positioning should not be hardcoded into Wayland. On security: Wayland is the tail wagging the dog. Designing security in is a higher level task Wayland could contribute to but Wayland is certainly not the right thing to manage this. I personally think Wayland is jumping the gun on these issues and it needs “higher level management” to take responsibility for security and set up a working committe. In fact they may have to anyway because there isn’t a single mainstream OS designed with security in mind from the start.
On the codec issue: This can easily be solved by bundling new codecs to take priority over the supplied driver codecs. For a long time Windows had a mechanism where users could meddle with codec priority. Today almost nobody needs to do this (and I couldn’t find it now if I went looking for it) because of new driver models (which are generally very stable and backed by a good driver development kit which sometimes does the heavy lifting for IHVs) and general better support from IHVs but Linux tends to not have this due in part to the threat of breaking compatibility and some people refusing to sign NDAs.
I have no idea why people keep falling for propriatory communications software when things like WebRTC and SIP exist. There’s no need for walled gardens and different standards for the sake of different standards. But then there is always some bright spark wanting to reinvent the wheel or some hedge fund wanting to own the entire market with Microsoft or Uber style not to mention meddlers in NSA and GCHQ and backdoor deals with Microsoft to buy out and compromise things like Skype.
Ughh. yes, I totally agree that proprietary offerings like Zoom and Teams are pretty awful, and also unnecessary. I actually implemented Big Blue Button and Jitsi Meet for the group I work with at the start of COVID, but the majority eventually voted to move to Zoom… Oh well. At least Zoom has a Linux version. But on a completely pragmatic level, I have to say that on Linux I don’t notice any difference between the graphics/thermal performance with Zoom and the open source WebRTC apps. That is to say, they both run terribly hot (to say nothing of the battery life), because neither supports hardware video acceleration, at least not on my slightly older Intel processor gen. Teams for Linux actually does appear to support hardware video acceleration, so it’s noticeably better in that sense, but the overall product is an abomination that Microsoft just threw over the fence to make a show of it’s love for Linux. Apparently they don’t actually love Linux *users*, because Teams for Linux is not even close to feature parity with the Windows version. I honestly don’t understand how an Electron wrapped web app can be so drastically inferior and different from one platform to another, but of course Microsoft found a way to mess that up with Teams. It’s also a worrisome example of how Chrome is becoming the new Internet Explorer 6. The WebRTC features for Teams only work with Chromium based browsers, but not on Firefox, despite Firefox actually pioneering and championing the WebRTC standard.
It’s frustrating how Microsoft of all companies don’t get portability layers. It should just be a hash include. Yes I know things can be a bit more complicated which is why you use abstraction layers too. Boom. Done. Then there are people who only test on their narrowly defined system so it only works with one product not a range of products following a standard. None of this is new. They should be deeply embrassed with themselves.
It’s not just developers like Microsoft who hate other developers or user bases but goevernment and other service providers who seem to hate their clients/customers. One thing I have noticed is some people with a job title always insist on you using their chosen protocol no matter what usability or security implications there are. Or the other thing is administrative defaults (like in Teams) set so neither they nor you cannot invite additional none corporate guests into the conference even to fulfill a safeguarding role which in some cases may be a legal requirement. Then there are people using Zoom just because that was the last big thing they heard in the media.
This is exactly the reason for almost all “normal” computer users. I try to do my part and inform people that alternatives exist and invite them to meetings on the open WebRTC platforms whenever it depends on me to do so. But there’s still a tendency toward defaulting to a commercial offering and assuming it must be better because it costs money.
@rahim123
Very true. To make sense of a complex and changing world peoples behaviour can be “sticky”. People can also take mental shortcuts when assessing authority and reliability and value – this is recognised as underpinning areas of interest within contract law. But the you also have marketing. Commercial companies spend a lot on mindshare and basically flood everywhere with adverts or give journalists something to talk about. They also spend money on reducing friction at the point of sale.
Back to KDE and Wayland. I think Wayland has some developer and end user friction issues and they are not listening. Fix this and any desktop on top of Wayland becomes more of a proposition.
rahim123,
Yeah, this seems to be happening everywhere. As an industry we are replacing free P2P options to centralized services that rely on 3rd parties service providers like Webex, zoom, etc. I’m reminded of MS netmeeting back in the late 90s that did video conferencing and desktop sharing over a modem or basic DSL. Granted it was a proprietary windows program, but nevertheless it was a good example of P2P working without the need for subscriptions and it worked very well. The software industry has turned it’s back on P2P, which despite the great potential is overlooked in favor of centralized subscription models.
There are those of us who push alternatives but alas network effects often strip us of the element of choice. 🙁
Yes, I agree. That’s one of the many problems with Wayland. There’s no reason why a window system can’t have per-program privileges and only allow certain clients to manipulate global state. The window system in the OS I’m writing will do exactly that (since my OS will have a radical file-oriented architecture, all security will reduce to file security, and the window system itself won’t have to do anything other than split up its interfaces into different files). Leaving out such functionality is inexcusable in my opinion. Even Linux hasn’t been immune to the trend of creeping architectural authoritarianism despite being free in terms of licensing.
It would be nice if an authorative expert on security (by expertise not vested interest job title or bias) spoke up on the architectural issues versus Wayland. I think the Wayland people are pulling a Gnome 3 and only listening to the people they want to hear and cherrypicking. Not only that but their view needs to be articulated in a readable way not buried in “herd memory” scattered across a bazillion different youtubes and blogs only familiar to the people running the Wayland show. As things stand I think Waylands approach on these issues is more office politics than science.
andreww591,
Yeah, there needs to be a permission for these sort of things. The problem is, by rejecting such capabilities up front, it makes wayland unusable for certain use cases and it poses barriers to adoption. We’ve already seen this quite explicitly:
https://ubuntu.com/blog/bionic-beaver-18-04-lts-to-use-xorg-by-default
So as I see it they’ll eventually have to add this whether they want to or not, so I suspect it will get there. But unfortunately it may end up getting hacked in when it should have been planned for from the start. Oh well.
Yes, for better or worse linux development is extremely authoritarian. From the kernel down through many (but not all) distros there’s little pretense of democracy there. People can and do fork it of course, but distros have their own agendas and don’t ask or care about user needs. The CentOS debacle is a good example.
What is the reason for manipulating global state? Xwindows used that in the past to do things like making screen savers work and remote desktops/ screen sharing. I understand it was frustrating that many wayland compositors lacked those features, but they’ve been added back using apis that allow for finer grained permissions rather than the free for all that previously existed. I think that’s progress rather than an architectural failing.
For video conferences, the issue could be the screen overlays and all those fancy gadgets that are transposed over the video chats.
Unlike plain old video streaming, there are a lot of things that are done locally. Previously you would at most have some subtitles, and ad links (the controls were usually on a separate div). Now many video streams are combined, and all those effects are added in prost processing. And that does not scale well to older laptops. (Mine can start cooking breakfast after a 30 mins meeting).
Interesting, that makes sense. What OS are you running on the older laptop that gets hot?
@sukru
All of those operations should be cheap even on a modest GPU. You’ve basically got a load of bits being blitted across the bus then a few basic operations to scale and position them on the screen which are culled where necessary to avoid overdraw. As long as the PCI bus doesn’t get saturated I don’t know what the problem is.
Can you check your GPU and CPU loads next time you run that app just to narrow down where the issue is?
You can also trace what graphics API calls or code calls are hogging resources. it could be a dud driver but driver issues are actually pretty rare. It’s usually bad code causing problems.
FWIW, Thom mentioned on twitter it fixed the issue. Poor Wayland support is the reason why I’ve abandoned KDE and moved to Gnome/Sway. Screen sharing works pretty well in gnome Wayland these days. I have no reason to use anything non wayland these days, its faster, smoother, more secure. I don’t have any spyware on my system either, but dear god solar winds didn’t have any either, until they did. You don’t wait until your house is on fire to buy a smoke detector do you?
I understand your point. It’s definitely a calculated risk. It’s one of the reasons why I exclusively use Linux, because of the very real risk of spyware on Windows. And I don’t use my Android devices for anything important or access any important accounts with them. But the architecture of Xorg is still nothing more than a theoretical risk (after all it’s been around for how many decades?), whereas the probability of not being able to get my work done due to screensharing and clipboard issues with Wayland is much more real.
But to your point, does pretty much any kind of screensharing app just work under Wayland? WebRTC, proprietary Electron apps, proprietary remote desktop access? Do they actually share the contents of all windows, including Xwayland? What about screenshot apps, does pretty much any one work, and do they capture 100% of the screen content? And what about clipboard manager apps?
https://www.giac.org/paper/gcih/571/x11-forwarding-ssh-considered-harmful/104780
“But the architecture of Xorg is still nothing more than a theoretical risk”
rahim123 No X11 not a theoretical risk but a true blown risk with write up after write up on how different exploits were done taking advantage of X11 weaknesses. X11 was not a theoretical risk in 2004 and it still not a theoretical risk. XWayland by default has a stack of feature off that all historically cause major X11 security problems. Yes two of the things you have to turn off to fix X11 protocol the section X11 WM interface with and section X11 compositors interface with.
rahim123 it surprises most people that there are Linux worm viruses out there that do exploit X11 forwarding to get from system to system. X11 need to be treated as security flawed and its a serous risk using X11 that should not be taken lightly.
Yes Xorg has been around for decades and before Xorg existed worms exploiting X11 forwarding existed. X11 security faults are old well documented and regularly exploited against anyone who is overly trusting with X11 on network.
@rahim123
Please give a citation for a genine security expert (not a Wayland job title or fanboi) on the security issues and a genuine reason to justify Waylands “tail wagging the dog” policies. Quoting badly designed systems as examples does not count.
Sorry to be blunt but I’ve only ever read handwaving or snakeoil when looking for an answer.
HollyB the answer is simpler than what you think.
https://en.wikipedia.org/wiki/Evaluation_Assurance_Level
Does the X11 protocol technically pass the EAL4 level requirements.
Lot of what wayland is doing is a tail of a very big dog.
https://en.wikipedia.org/wiki/Multilevel_security
This is a big point you cannot properly implement Multilevel security in X11. Windows and OS X can in fact. Wayland design it is possible.
What I’m looking for is the architectural security case for Wayland hardcoding things it shouldn’t have any business hardcoding. Any faults with X.11 doesn’t justify this. That’s the problem.
Yes with Wayland better security models may be implemeted than X.11 Swiss cheese but this doesn’t mean Wayland should butt its nose into bigger architectural decisions. In any case even assuming Waylands hardcoding is correct there’s still the lack of architectural context. Hardcoding a kludge for issues which should be managed elsewhere is shifting a problem at the cost of causing another problem. So now you have two problems not just one problem when you should have zero problems.
I think Wayland is guilty of overreach and the left hand not knowing what the right hand is doing. That’s why the issue needs an independent security perspective not a job title on the Wayland project to look into this. Then you have toe treading responses with “We know we’re wrong but it’s our decision and we’re defending it” mentalities. Now we need an expert on psychology and organisations to pipe up. Then that will set the security expert off which means we will need a third expert in systems theory to explain how organisations have their own integrity issues which need fixing because of these conflicts.