Bonum Certa Men Certa

Phoronix Keeps Exaggerating the Severity of X11 Bugs to Promote Wayland, Which is Unfit for Consumption

posted by Roy Schestowitz on Oct 06, 2023

Ladybug Cartoon

Reprinted with permission from Ryan Farmer.

I just got the X11 security updates for CVEs that were recently patched.

“Microsoft Larabel” over at “Moronix” (Phoronix), has been a foaming-at-the-mouth promoter of IBM Wayland ever since 2008 when the idea was announced.

Since Wayland still has at least 50 major problems when KDE 5.27.x LTS runs on it, I can’t switch from X11 right now, and that’s fine with me.

I’ve blogged before, huge blog posts, about how much I despise Wayland. It’s nothing but trouble even under GNOME, which has the most support for it.

(It causes X11 applications, including Windows programs in Wine, to have serious problems up to and including crashing, but usually just performing worse. X11 applications are still the overwhelming majority.)

Promoting something that’s both problematic and unfinished after 15 years and so badly specced out that common use cases are missing and everyone who points it out gets personal invective insults and FUD coming from a general IBM direction, is unacceptable.

Fortunately, the Xorg Server still works fine.

But, Microsoft Larabel and others went off the rail exaggerating the relevance of some recent security flaws.

Alan Coopersmith of Oracle fixed these flaws quickly, and rather well (he patched the X Server to not take corrupt input like that and do something with it anymore, and also the component that was sending the corrupt input so that it wouldn’t do that), and Debian pushed out the updated components today. I installed them immediately and rebooted my laptop.

There’s no way to secure any software that does anything non-trivial. There’s just not. Even this Rust nonsense has had a lot of emergency updates that have broken things.

If you like rewriting your software constantly because they didn’t standardize on anything, make promises, and make sure it worked before the specification was frozen, then Rust is for you. Unfortunately, this is “modern”.

X11 goes back nearly 40 years and is therefore “not modern”.

That’s a problem to these people. Actually supporting something (including the mistakes) and just fixing what’s actually impossible to live with, is “bad”.

That’s their attitude towards everything from programming languages like Rust and Python (which are horrible….people are STILL trying to move from Python 2 even though it’s been unsupported for years….it just adds negative work when they break things), to glibc (Hello DT_GNU_HASH! Let’s just drop DT_HASH with no warning even though they could live together for a while with a notice to developers!), to Wayland.

Why support something when you can just break it all the time and force everyone into this “It’s IBM’s world and you just live in it.” concept?

Rational person that I am, I hail from a time when people were just crazy and wanted their computer to work, so I installed the security updates and now I’m running the improved version of the software that can’t be attacked with those bugs anymore.

They act like Xorg only needs security updates, like all software does, because it’s old.

I wonder what the position on Web browsers, like Chrome and Firefox, where every update is an emergency and every emergency update, monthly, rolls at least 20 CVEs.

By far, the most dangerous application on your computer, is the Web browser you’re reading this in right now. Nobody wants to make that better. Everyone is making that big shitpile higher. Yet, security posers, including Matthew Garrett say that the Web browser is by far the safest way to run “untrusted code”. It’s actually not.

The safest way to run untrusted code is to not run untrusted code. For the most part, I don’t even run JavaScript if there’s any possible way to avoid doing it. Much less WebMs and WebGL, and all of this other garbage they’re dumping on us that’s full of bugs and can never, ever, be made secure.

Unfortunately, the enemies of Free Software throw around the word “trust” and use it wrongly, use it in bogus ways, corrupt the very meaning of the word, intentionally, to promote Microsoft locking down your computer to impose DRM and trap you on Windows.

Trusted code is an application I can verify the authenticity of, from my Linux distribution’s repo or another verified source, and we’ve had the ability to run this code on Linux distributions for decades now. Windows, which “Secure Boot” is designed to trap people on, doesn’t even do this. Get a file from some random site that’s loaded with spyware, and play the “anti-virus guessing game”.

Being trapped on an OS with no concept of security, that was basically designed like this and can’t be fixed without making the OS so terrible that nobody would want to use it (Windows “S Mode”), is not a solution.

Maybe if Web browsers from Google and Mozilla were just a dumb window server from 1984 instead of Google and Mozilla shitting all over the Internet and turning it into Orwell’s 1984, things would get better on the Web browser front.

If your argument is that a lot of these bugs go back to 1988 or 1998, yeah they do.

If this is your argument, then you should try Windows sometime. Tavis Ormandy alone keeps identifying CVEs that go back into the early 90s Windows NT releases and are still in Windows 10 and 11.

There’s a lot of old rotting code in Windows like this, and Microsoft frequently doesn’t act on private reports, for over a year, and then scrambles after the security researchers publicly out them, and then complain about how unfair it is to put them on the spot like that. As if they had been blindsided and not given months or a year to fix it.

Again, tell me how X11 is somehow special. Find a bug, squash a bug, apply the update.

Same as any other software.

Other Recent Techrights' Posts

One More (Failed) Attempt to Deplatform the Sites by Harassing and Threatening Webhosts
What we're seeing here is a person who abuses the system in Canada at Canadian taxpayers' expense trying to do the same in the UK, at British taxpayers' expense
Coercion From the "Consent" and "CoC" Crowd is a Self-Defeating Tactic
Freedom of the press; Nothing less
According to statCounter, GNU/Linux Increased From 3.77% to 3.89% This Month (Worldwide), Windows Now Below 20% in 78 Nations, Below 10% in 27 Nations
Highest since March (for GNU/Linux)
Patriotism is OK, But We Need Facts and Reason, Not Blind Obedience to Authority
Very seldom in the history of human civilisation has groupthink proven to be of real merit
 
Roy and Rianne's Righteously Royalty-free RSS Reader (R.R.R.R.R.R.) and the Front-End Interfaces
As the Web deteriorates the availability, quality and prevalence of RSS feeds is not improving, to put it mildly
Algeria Shows High GNU/Linux and Android Adoption, All-Time High and Almost Three-Quarters of Web Requests
GNU/Linux was below 3%, now it is above 3%
Mass Layoffs at Microsoft-owned GitHub (About 80 Percent of the Staff in India Laid Off)
It's not just in India
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 16, 2024
IRC logs for Sunday, June 16, 2024
Gemini Links 16/06/2024: Scarecrows, Moles, Ham Radio, and No IPs
Links for the day
Africa is Android and Green (Chrome, Not Just Android Logo)
In Africa Firefox is almost below 1% now
Covering Abuses and Corruption
We'll never surrender to blackmail
Ubuntu Running Out of Energy
Its planet too is deteriorating
Links 16/06/2024: In Defence of Email and Why Recycling Symbol Lost All Meaning
Links for the day
Gemini Links 16/06/2024: Computer Science Course Union and Potentiometer
Links for the day
Cross border crime: sale of Swiss insurance in France and European Union without authorisation
Reprinted with permission from Daniel Pocock
Letting Microsoft systemd Manage /home Was a Terrible Idea All Along
systemd-tmpfiles, deleting /home
When You Touch One of Us You Touch All of Us
We have a principled, uncompromising stance on this matter
Links 16/06/2024: New Sanctions Against Russia, Fentanylware (TikTok) Causing More Problems
Links for the day
Social Control Media in Japan: Twitter (X) Has Collapsed, YouTube Rising (Apparently)
What a genius Mr. Musk is!
Windows Cleansed in South Africa (Already Hovering Around 10% Market Share)
Plus Microsoft's mass layoffs in Africa
[Meme] Satya Nadella's Windows PC RECALLS Not What He Did
Satya got lucky
Usage of Let's Encrypt in Geminispace Has Collapsed (That's a Good Thing!)
Ideally, or eventually, all capsules will sign their own certificates or have their own CA
North Macedonia: Windows Down From 99.2% to 28.5%
Last year it was even measured at 26%
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, June 15, 2024
IRC logs for Saturday, June 15, 2024
Gemini Links 16/06/2024: Hand Held Maneuvering Unit and Hugo Static Files
Links for the day
Removing the Tumour From IRC
looking back
[Meme] The Free(dom) Software Engineer in European Elections
“When the debate is lost, slander becomes the tool of the loser.”
Vista 11 Was 'Leaked' Exactly 3 Years Ago and This One Picture Says It All
how 'well' Vista 11 has done
A Smokescreen for Brad Smith
Maybe the key point was to say "Linux is not secure either" or "Windows and Linux are equally vulnerable", so don't bother dumping Microsoft
Windows Sinking Below 13% Market Share in the Island of Jamaica
Microsoft's decline continues and will mostly likely continue indefinitely in Jamaica and its neighbours
Links 15/06/2024: Microsoft's Intellectual Ventures Attacks Kubernetes With Software Patents, More Layoff Waves
Links for the day
Gemini Links 15/06/2024: On Lagrange and on YouTube Getting Worse
Links for the day
Edward Brocklesby: hacker received advance notice of zero-day vulnerabilities in MH and NMH email software
Reprinted with permission from Daniel Pocock
[Meme] Code Liberates Kids
Matthias Kirschner: I can't code, but I can write a book
In Armenia, Bing is Measured at 0.6%, About Ten Times Less Than Yandex
Bing will probably get mothballed in the coming years
[Meme] A Pack and Pact (Collusion Against Computer Users)
They never really cared about users, no more than drug dealers care about drug users...
GNU/Linux in Azerbaijan: From ~0.1% to 7%
Azerbaijan is around the same size as Portugal
Women in Free Software (FOSS) Need Action, Not Mere Words
the men who are loudest about women's rights are some of the very worst offenders
Embrace, Extend, Extinguish Minecraft
These folks should check out Minetest
Techrights Statement on Men Who Viciously Attack Women in Free Software
history shows women will win
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 14, 2024
IRC logs for Friday, June 14, 2024
[Meme] People Who Cannot Find Gainful Employment Because of Their Poor Behaviour Online (Not the People Who Merely Call Them Out on It)
Imagine trying to become a lecturer while talking like this in public
You Too Would Get Nervous
countries where Windows is down to 2%
[Meme] The Two Phases (and Faces) of Microsofters
Microsofters: stalk IRC, then troll IRC
The 'Nobody Reads Techrights Anyway' Crowd
Send In the Clowns
Books in the Making
I intend to spend a considerable amount of time explaining what my family and I were subjected to for the 'crime' of promoting/covering Free software
Microsoft is Still Losing Malta
And GNU/Linux is doing well on laptops and desktops
Tux Machines: Third Party Impending
There will be more next week