182600+ entries in 0.116s
mircea_popescu: but consider eulora. it has a ... login desktop, which is not only shared between sessions, but users also! being
the same
a111: Logged on 2017-06-17 03:45 mircea_popescu:
the cogent objection
to x is
that "design irrespective, something
this fucking long can never be good."
the redditard objection
to x is "omaygerd, black chix code!"
a111: Logged on 2017-06-17 04:05 phf: since applications (and
that includes window managers)
tend
to send around lots of different messages as
the focus is
traveling around your window hierarchy, i wouldn't be surprised if gtk/qt does a very specific grab when you put a cursor inside your app's password box, and do a release whenever focus
travels away
mircea_popescu: but obviously,
they don't even know it's a matter of "the", smoking own cock as per usual with
the ustards.
mircea_popescu: momentarily read "the", was "wtf are
these people smoking"
sina: Circle Medical is seeking an Ethereum hacker
to build dApps for healthcare
phf: since applications (and
that includes window managers)
tend
to send around lots of different messages as
the focus is
traveling around your window hierarchy, i wouldn't be surprised if gtk/qt does a very specific grab when you put a cursor inside your app's password box, and do a release whenever focus
travels away
☟︎ phf: they might be relying on gtk/kde password input boxes
to do
the right
thing
mircea_popescu: i read
that as you proposing random
third party
to be
the root for
the discussion somehow.
sina: oh, yeah, I read
through
that, and wanted
to see if
the password manager I use was utilising it ala gpg pinentry
that phf mentioned
a111: Logged on 2017-06-17 03:36 phf: see architecturally wayland and x11 couldn't be more different. x11 supports a special network protocol
that lets clients from different sources connect
to
the same instance of x. for example you can have a client from a different user on
the same machine or a client from a network source (like over ssh)
sina: phf: finished?
the discussion about server grab is appreciated. links
to docs or examples appreciated also
sina: if you
trust
the software you can mitigate with whatever sandbox and if you don't
then you need hw compartments, different issue
sina: sure, as can any application in
the dac model
mircea_popescu: phf's capacity
to scale an explanation is well impressive.
phf: so any wayland app
that has access
to your wayland session by
the obvious implications can do
the obvious
thing: gpg encrypt all your files, steal all your passwords, and send compromising emails
to all your friends, because as should be obvious
that app has access
to everything else you have access
too oh my fucking god
the level of retardation i can't even.
phf: and
this is where we come
to wayland
phf: so you could,
theoretically connect
to a compromised ssh box, with your x11
tunneling enabled, and get a silent agent snooping your keyboard
phf: those clients are isolated, in one case by machine, in
the other case by unix isolation, and can't do
the obvious
thing,
that is read
the memory of your password requesting process directly
phf: but anyway, all of
this is at all relevant why? because of
the first
things i said, i.e. x11 lets clients ~from network~ or ~from other users~
to connect
to your session
sina: phf: ok
that is pretty interesting and I didn't know
phf: never
the less ~xterm~ specifically supports server grab for people who know what
they are doing (i.e. not
the lunix on desktop crowd)
mircea_popescu: the cogent objection
to x is
that "design irrespective, something
this fucking long can never be good."
the redditard objection
to x is "omaygerd, black chix code!"
☟︎ phf: it still works
though when xterm is asking you for password because xterm doesn't know it's a password entry, and doesn't do a grab
☟︎ phf: but if you were
to actually repeat
that same exercise when gnupg pinentry is asking you for password you'll see
that it doesn't work
☟︎ phf: if you simply load an x app, attach it
to root, and start grabbing all
the events
then you can come
to same conclusion as any random chick with a blog "omg all
teh events"
☟︎ phf: (there's a handful of other extensions
that might potentially be used
to subvert
that mechanism, but likewise
they are not mandatory and can be disabled like XTEST)
phf: so now it doesn't matter who's registered for what,
the only windows
that will be receiving events are
those in
the server grab hierarchy, i.e. your chosen window and its children
sina: I have no beef with
that extension
phf: that one is used for
things like screen recording, and is optional. it doesn't otherwise respect
the hierarchy
phf: in addition
there's a RECORD extension
that allows any application
to register for all keyboard events irrespective of
their destination
phf: sina: can you wait
till i finish my explanation
sina: to me,
the distinction between "X apps receive all keyboard input" and "X apps have access
to receive all keyboard input" is negligible
phf: an application can choose
to register events on root window and
thus receive all
the keyboarding events
that come in (or mouse events)
sina: fair, let me rephrase and you
tell me if still not
true: x apps have access
to receive all keyboard input
phf: those events
then propagate down
the window hierarchy
phf: root, being a special window receives all
the events (that's very handwavy but closer
to
truth)
phf: on any of
those windows you can put masks for what kind of events you want
to receive
phf: x11 allows you
to attach your own windows
to a window hierarchy,
that starts with root window
phf: see architecturally wayland and x11 couldn't be more different. x11 supports a special network protocol
that lets clients from different sources connect
to
the same instance of x. for example you can have a client from a different user on
the same machine or a client from a network source (like over ssh)
☟︎☟︎ mircea_popescu: sina
trivially verified, open
two gui editors,
type in one , check
the other.
sina: phf: it's not
true
that X apps receive all kb input?
phf: sina:
that's an extreme oversimplification
that is also not
true
mircea_popescu: sometimes i suspect asciilifeform has octopus helmet but with eyes, reads like
that.
phf: sina: yes, but do you understand
the ~technical details~
sina: I just pointing out
the issue illustrated
there
sina: did you rush
to paste
that before continue reading? she's aware of
the limitations and nobody says "use windows"
mircea_popescu: windows vista is so aptly named, like one of
those florida retirement
things. "rancho linda vista" etc
phf: that much is obvious from what he said so far, but i
thought maybe he'll choose
to
think about it a little bit
mircea_popescu: phf i doubt he's anything more
than simply pissed at
the rather famous x
thing.
phf: sina: could you explain
the difference between how keylogger issue manifests in x11 vs. how wayland prevents it, with some
technical details?
☟︎ a111: Logged on 2017-06-09 22:38 mircea_popescu: "works in
the sense
that it does something, not in
the sense it does what it should"
sina: I'm
trying
to remember
that
thing you said when I was asking about
the php mpfhf
mircea_popescu: or it can send assassins
to peel
the skin off
their children in
the night while
they watch in horror.
mircea_popescu: or it can laugh ass off at
them and publicly humiliater
mircea_popescu: or for
that matter, it can not ignore it, and exploit
the holes for great ethlulz.
sina: the republic is, as you like
to say, a sovereign entity, can do whatever it likes, including ignoring
the existence of software produced by people it deems as charlatans
mircea_popescu: the republic is well weary of such charlatans, chiefly because
their ~only offering encountered experimentally sooner or later boils down
to "vote hillary"
mircea_popescu: no, it does not make it ok. it also does not make it ok for some snake oil salesman
to sell his "better" shitpie.
mircea_popescu: ie, you are reacting
to
the empty
tank light coming on by
trying
to buy a car without one
sina: so
that makes it OK for a given X app
to be able
to log keys from another X app?
sina: mircea_popescu: my main gripe is
that X apps aren't isolated from each other, so
they can
tamper easily. I don't really like it
that a vulnerability in, e.g. xeyes, can read firefox memory, or whatever.
phf: sina: did you read
that on reddit?
sina: I'm not saying it's
the best
thing ever, but X needs
to die, and only a few people are doing
the work
to kill it
phf: some people when
they come back
to old homestead
take certain perverse pleasure in learning
that joe now sucks cock for meth, while molly is married with
three kids
to a cop
that beats her. not i, i'm sad
to see my childhood friends debase
themselves so
sina: mircea_popescu: you use wordpress
tho :P
mircea_popescu: this "poor idiots make standards -- doesn't matter what lords
thnk" nonsense is it's very own kind of poetteringization.
phf: you've lived in u.s.
too long when you
think "oh, hmm,
that's not
that bad actually!"
sina: "Report: 7 Percent of Americans
Think Brown Cows Make Chocolate Milk"
phf: noticed
this while looking for imlib2 sources
a111: Logged on 2017-01-13 23:41 asciilifeform: from comments, lulzgold, 'The Hivemind is fully committed
to systemd for service management, Wayland for graphical display, and PulseAudio for audio, which is why it doesn’t matter if you personally find
them distasteful,
they will become
the de facto standard. For systems programming, Rust looks increasingly like it will be
the Hivemind’s choice
to replace C, as it has
the backing of
the Mozilla organization, is being used for r
a111: Logged on 2016-04-22 12:42 phf: but freezing effectively implies lockstep freezing of
the whole environment,
to hardware. ("oh we deprecated x11, your code better support wayland. oh
this new video card only supports wayland, since x11 is deprecated, etc."]
a111: Logged on 2016-04-12 23:01 asciilifeform: and iirc 'wayland' is one of
those infuriating idiocies where 'want remote proggy? here's a DESKTOP, in a 1024x768 box'
phf: Enlightenment window manager is "fully committed
to moving
to Wayland eventually as
this is definitely
the future of
the graphical display layer on Linux." etc.