5/1/2023 0 Comments Xscreensaver has me locked out![]() ![]() Just to add insult to injury, it has recently come to my attention that not only are Gnome-screensaver, Mint-screensaver and Cinnamon-screensaver buggy and insecure dumpster fires, but they are also in violation of my license and infringing my copyright. This button-mashing actually crashed the machine's screensaver by sheer luck, allowing them onto the desktop, ultimately leading to the discovery of a high priority security vulnerability for the Linux Mint team."īut that's not the only thing bothering Jamie Zawinski: But HotHardware notes that it was discovered when " one Dad let the kids play with the keyboard. ZDNet reports that Linux Mint has issued a patch for Cinnamon that fixes the screensaver bug. These bugs are a shameful embarrassment of design - as opposed to merely bad code. It is unconscionable that someone designing a critical piece of security infrastructure would design the system in such a way that it does not fail safe.Įspecially when I have given them nearly 30 years of prior art demonstrating how to do it right, and a two-decades-old document clearly explaining What Not To Do that coincidentally used this very bug as its illustrative strawman! ![]() The real bug here is that the design of the system even permits this class of bug. The point is not that such a bug existed, but that such a bug was even possible. You will recall that in 2004, which is now seventeen years ago, I wrote a document explaining why I made the design trade-offs that I did in XScreenSaver, and in that document I predicted this exact bug as my example of, "this is what will happen if you don't do it this way."Įvery time this bug is re-introduced, someone pipes up and says something like, "So what, it was a bug, they've fixed it." That's really missing the point. Jamie titled his blog post "I told you so, 2021 edition": ![]() Solutions to these long-standing issues remain elusive. Long-standing topics like X11, developer interaction, and code licensing all feature. JWZ continues to track issues with screensavers on Linux (since 2004!), and discusses a new bug in cinnamon-screensaver. ![]() But I don't remember.Legendary programmer Jamie Zawinski has worked on everything from the earliest releases of the Netscape Navigator browser to XEmacs, Mozilla, and, of course, the XScreenSaver project. My guess is that it's something like running X11 under macOS: the grabs stay inside the X11 app, but you can still use Cmd-Tab to switch away to non-X11 apps even if X11 thinks things are "locked" inside its little sandbox. However, now I can't find any record of what the actual problem was. The Wayland window manager lives at a higher level than the X11 emulation layer." I commented this change with "X11 grabs don't work under Wayland's embedded X11 server. Or is there some way for me to infect Raspbian 10.9 with this hybridization so that I can reproduce it myself?Īt some point in the distant past, I convinced myself that Wayland was incompatible with XScreenSaver locking, and therefore XScreenSaver refuses to lock when $WAYLAND_DISPLAY is set. Maybe there's a way to configure the system to go back to running "real" X11 instead of whatever fresh hell of X11 / Wayland hybridization this is? So maybe it's Wayland that is screwing everything up? One user was using Gnome and one was using KDE. The server is still X.Org 12101001, however it was launched by sddm / startplasma / Xwayland and the environment contains XDG_SESSION_TYPE= wayland and WAYLAND_DISPLAY= wayland-0. Actual photos of X11 / Wayland integration. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |