Conversation

Notices

1. Embed this notice
   silverwizard (silverwizard@convenient.email)'s status on Tuesday, 10-Oct-2023 05:29:30 JST silverwizard
   As far as I can tell, Wayland's security model seems to be "users doing stuff means they could do bad stuff!"
   • Daniel Wurzbacher likes this.
   • Embed this notice
     GNU Too (gnu2@gnusocial.jp)'s status on Tuesday, 10-Oct-2023 06:02:55 JST GNU Too

     in reply to
     make experience working in the corporate world is that is what the lawyers tell us we have to do.
     silverwizard likes this.
   • Embed this notice
     silverwizard (silverwizard@convenient.email)'s status on Tuesday, 10-Oct-2023 06:24:22 JST silverwizard

     in reply to

     • hypolite
     @hypolite perfect
     hypolite likes this.
   • Embed this notice
     hypolite (hypolite@friendica.mrpetovan.com)'s status on Tuesday, 10-Oct-2023 06:24:24 JST hypolite

     in reply to
     @silverwizard To this day I still can't read "Wayland" without the Weyland Consortium corporation from the Android Netrunner card game coming to mind.
     silverwizard likes this.
   • Embed this notice
     argv minus one (argv_minus_one@mstdn.party)'s status on Tuesday, 10-Oct-2023 06:27:11 JST argv minus one

     in reply to

     @silverwizard

     It's *supposed* to be “apps might do bad stuff, and users might run them without knowing they'll do bad stuff, so let's stop apps from doing bad stuff.”

     Maybe it doesn't live up to that ideal, but that's the ideal.

   • Embed this notice
     silverwizard (silverwizard@convenient.email)'s status on Tuesday, 10-Oct-2023 06:27:11 JST silverwizard

     in reply to

     • argv minus one
     @argv_minus_one so the issue with "apps might do weird things" but that restricts privileged users. We shouldn't protect people from having fun
     GNU Too repeated this.
   • Embed this notice
     hypolite (hypolite@friendica.mrpetovan.com)'s status on Tuesday, 10-Oct-2023 06:36:32 JST hypolite

     • goatsarah
     @goatsarah @silverwizard I'm less familiar with it, so it only came second to my mind!
     silverwizard likes this.
   • Embed this notice
     silverwizard (silverwizard@convenient.email)'s status on Tuesday, 10-Oct-2023 06:41:02 JST silverwizard

     in reply to

     • argv minus one

     @argv_minus_one so I mean, the permission system existing means the app could edit it

     Apps can do anything, that's their point

   • Embed this notice
     argv minus one (argv_minus_one@mstdn.party)'s status on Tuesday, 10-Oct-2023 06:41:03 JST argv minus one

     in reply to

     @silverwizard

     Right, so there really ought to be some sort of permission system with which to do fun privileged stuff in Wayland.

     That's merely a missing feature, though, not a fundamentally bad design.

   • Embed this notice
     silverwizard (silverwizard@convenient.email)'s status on Tuesday, 10-Oct-2023 07:29:27 JST silverwizard

     in reply to

     • argv minus one
     @argv_minus_one how do you stop the OS from being a playpen or make screenreaders work?
   • Embed this notice
     argv minus one (argv_minus_one@mstdn.party)'s status on Tuesday, 10-Oct-2023 07:29:28 JST argv minus one

     in reply to

     @silverwizard

     The idea is that, in the future, apps can do anything *if* they have permission to do that thing. You'll trust the app that edits permissions to edit permissions, but you won't give that permission to video games and whatnot. This greatly limits the risk.

     Android has already implemented this system, so it definitely can be done. It won't protect irresponsible users from the consequences of their decisions, of course, but the only winning move in that game is not to play.

   • Embed this notice
     argv minus one (argv_minus_one@mstdn.party)'s status on Tuesday, 10-Oct-2023 07:49:07 JST argv minus one

     in reply to

     @silverwizard

     That gives me an idea: what if the permission system defines roles for apps, and grants exactly the permissions needed for an app to fill its role? If there is a “screen reader” role, then it's obviously suspicious if an app claiming to be a screen reader needs any other permissions.

   • Embed this notice
     silverwizard (silverwizard@convenient.email)'s status on Tuesday, 10-Oct-2023 07:49:07 JST silverwizard

     in reply to

     • argv minus one
     @argv_minus_one so you envision a blind user navigating a sprawling permission structure before setting up accessibility?
   • Embed this notice
     argv minus one (argv_minus_one@mstdn.party)'s status on Tuesday, 10-Oct-2023 07:49:08 JST argv minus one

     in reply to

     @silverwizard

     I'm not sure what you mean by “stop the OS from being a playpen”.

     Screen readers would need permission to read accessibility trees from other apps, and permission to play audio. They should be denied permission to use the network or write to the file system, so that they cannot exfiltrate this potentially-sensitive information.

   • Embed this notice
     𒀭𒂗𒆠 ENKI ][e (enkiv2@eldritch.cafe)'s status on Tuesday, 10-Oct-2023 09:23:05 JST 𒀭𒂗𒆠 ENKI ][e

     in reply to

     @silverwizard

     this is an excellent description of my least favorite kind of security thinking, thank you

     silverwizard likes this.