logo

drewdevault.com

[mirror] blog and personal website of Drew DeVault git clone https://hacktivis.me/git/mirror/drewdevault.com.git

Wayland-misconceptions-debunked.md (12618B)

    

  1. ---
  2. date: 2019-02-10
  3. layout: post
  4. title: Wayland misconceptions debunked
  5. tags: ["wayland"]
  6. ---
  8. This article has been on my backburner for a while, but it seems Wayland FUD is
  9. making the news again recently, so I've bumped up the priority a bit. For those
  10. new to my blog, I am the maintainer of
  11. [wlroots](https://github.com/swaywm/wlroots), a library which implements much of
  12. the functionality required of a Wayland compositor and is arguably the single
  13. most influential project in Wayland right now; and [sway](https://swaywm.org), a
  14. popular Wayland compositor which is nearing version 1.0. Let's go over some of
  15. the common misconceptions I hear about Wayland and why they're wrong. Feel free
  16. to pick and choose the misconceptions you believe to read and disregard the
  17. rest.
  19. The art of hating Wayland has become a cult affair. We don't need to put
  20. ourselves into camps at war. Please try not to read this article through the
  21. lens of anger.
  23. ### Wayland isn't more secure, look at this keylogger!
  25. There is an [unfortunate GitHub
  26. project](https://github.com/Aishou/wayland-keylogger) called "Wayland keylogger"
  27. whose mode of operation is using `LD_PRELOAD` to intercept calls to the
  28. libwayland shared library and record keypresses from it. The problem with this
  29. "critique" is stated in the `README.md` file, though most don't read past the
  30. title of the repository. Wayland is only *one part* of an otherwise secure
  31. system. Using `LD_PRELOAD` is effectively equivalent to rewriting client
  32. programs to log keys themselves, and any program which is in a position to do
  33. this has already won. If I rephrased this as "Wayland can be keylogged, assuming
  34. the attacker can sneak some evil code into your .bashrc", the obviousness of
  35. this truth should become immediately apparent.
  37. Some people have also told me that they can log keys by opening `/dev/input/*`
  38. files and reading input events. They're right! Try it yourself: `sudo libinput
  39. debug-events`. The catch should also be immediately obvious: ask
  40. yourself why this needs to be run with `sudo`.
  42. ### Wayland doesn't support screenshots/capture!
  44. The [core Wayland protocol][wayland.xml] does not define a mechanism for taking
  45. screenshots. Here's another thing it doesn't define: how to open application
  46. windows, like gedit and Firefox. The Wayland protocol is very conservative and
  47. general purpose, and is built with use-cases other than desktop systems in mind.
  48. To this end it only implements the lowest common denominator, and leaves the
  49. rest to protocol extensions. There is a process for defining, implementing,
  50. maturing, and standardizing these extensions, though the last part is in need of
  51. improvements - which are under discussion.
  53. [wayland.xml]: https://github.com/wayland-project/wayland/blob/master/protocol/wayland.xml
  55. There are two protocols for the purpose of screenshots and screen recording,
  56. which are developed by wlroots and supported by a strong majority of Wayland
  57. compositors: [screencopy][screencopy.xml] and
  58. [dmabuf-export][dmabuf-export.xml], respectively for copying pixels (best for
  59. screenshots) and exporting DMA buffers (best for real-time video capture).
  61. [screencopy.xml]: https://github.com/swaywm/wlroots/blob/master/protocol/wlr-screencopy-unstable-v1.xml
  62. [dmabuf-export.xml]: https://github.com/swaywm/wlroots/blob/master/protocol/wlr-export-dmabuf-unstable-v1.xml
  64. There are two approaches to this endorsed by different camps in Wayland: these
  65. Wayland protocols, and a dbus protocol based on Pipewire. Progress is being made
  66. on making these approaches talk to each other via [xdg-desktop-portal][portal],
  67. which will make just about every client and compositor work together.
  69. [portal]: https://github.com/emersion/xdg-desktop-portal-wlr
  71. ### Wayland doesn't have a secondary clipboard!
  73. Secondary clipboard support (aka primary selection) was first implemented as
  74. [gtk-primary-selection][gtk.xml] and was recently standardized as
  75. [wp-primary-selection][wp.xml]. It is supported by nearly all Wayland
  76. compositors and clients.
  78. [gtk.xml]: https://github.com/swaywm/wlroots/blob/master/protocol/gtk-primary-selection.xml
  79. [wp.xml]: https://github.com/wayland-project/wayland-protocols/blob/master/unstable/primary-selection/primary-selection-unstable-v1.xml
  81. ### Wayland doesn't support clipboard managers!
  83. See [wl-clipboard](https://github.com/bugaevc/wl-clipboard)
  85. ### Wayland isn't suitable for embedded devices!
  87. Some people argue that Wayland isn't supported on embedded devices or require
  88. proprietary blobs to work. This is *very* untrue. Firstly, Wayland is a
  89. protocol: the *implementations* are the ones that need support from drivers, and
  90. a Wayland implementation could be written for basically any driver. You could
  91. implement Wayland by writing Wayland protocol messages on pieces of paper,
  92. passing them to your friend in class, and having them draw your window on their
  93. notebook with a pencil.
  95. That being said, this is also untrue of the implementations. wlroots, which
  96. contains the most popular Wayland rendering backend, implements KMS+DRM+GBM,
  97. which is supported by all open source graphics drivers, and uses GLESv2, which
  98. is the most broadly supported graphics implementation, including on embedded
  99. (which is what the "E" stands for) and most older hardware. For ancient
  100. hardware, writing an fbdev backend is totally possible and I'd merge it in
  101. wlroots if someone put in the time. Writing a more modern KMS+DRM+GBM
  102. implementation for that hardware is equally possible.
  104. ### Wayland doesn't have network transparency!
  106. This is actually true! But it's not as bad as it's made out to be. Here's why:
  107. X11 forwarding works on Wayland.
  109. Wait, what? Yep: all mainstream desktop Wayland compositors have support for
  110. **Xwayland**, which is an implementation of the X11 server which translates X11
  111. to Wayland, for backwards compatibility. X11 forwarding works with it! So if you
  112. use X11 forwarding on Xorg today, your workflow will work on Wayland unchanged.
  114. However, Wayland itself is not network transparent. The reason for this is that
  115. some protocols rely on file descriptors for transferring information quickly or
  116. in bulk. One example is GPU buffers, so that the Wayland compositor can render
  117. clients without copying data on the GPU - which improves performance
  118. dramatically. However, little about Wayland is inherently network *opaque*.
  119. Things like sending pixel buffers to the compositor are already abstracted on
  120. Wayland and a network-backed implementation could be easily made. The problem is
  121. that no one seems to really care: all of the people who want network
  122. transparency drank the anti-Wayland kool-aid instead of showing up to put the
  123. work in. If you want to implement this, though, we're here and ready to support
  124. you! Drop by the wlroots [IRC channel][#sway-devel] and we're prepared to help
  125. you implement this.
  127. ### Wayland doesn't support remote desktop!
  129. This one is also true, but work is ongoing. Several of the pieces are in place:
  130. screen capture and keyboard simulation are there. If an interested developer
  131. wants to add pointer device simulation and tie it all together with librdesktop,
  132. that would be a great boon to the Wayland ecosystem. [We're waiting to
  133. help!][#sway-devel]
  135. [#sway-devel]: https://webchat.freenode.net/?channels=sway-devel
  137. ### Wayland requires client side decorations!
  139. This was actually true for a long time, but there was deep contention in the
  140. Wayland ecosystem over this matter. We fought long and hard over this and we now
  141. have a protocol for negotiating client- vs server-side decorations, which is now
  142. fairly broadly supported, including among some of its opponents. You're welcome.
  144. ### Wayland doesn't support hotkey daemons!
  146. This is a feature, not a bug, but you're free to disagree once you hear the
  147. rationale. There are lots of problems with the idea of hotkey daemons as it
  148. exists on X. What if there's a conflict between several clients who want the
  149. same hotkey? What if the user wants to pick a different hotkey? On top of this,
  150. designing a protocol carefully to avoid keylogging concerns makes it more
  151. difficult still.
  153. To this end, I've been encouraging client developers who want hotkeys to instead
  154. use some kind of IPC mechanism and a control binary. For example, `mako`, a
  155. notification daemon, allows you to dismiss notifications by running the `makoctl
  156. dismiss` command. Users are then encouraged to use the compositor's own
  157. keybinding facilities to execute this command. This is more flexible even
  158. outside of keybinding - the user might want to execute this behavior through a
  159. script, too.
  161. Still, if you *really* want hotkeys, you should start the discussion for
  162. standardizing a protocol. It will be an uphill battle but I believe that a
  163. protocol which addresses everyone's concerns is theoretically possible. *You*
  164. have to step up, though: no one working on Wayland today seems to care. We are
  165. mostly volunteers working for free in our spare time.
  167. ### Wayland doesn't support Nvidia!
  169. Actually, Nvidia doesn't support us. There are three standard APIs which are
  170. implemented by all graphics drivers in the Linux kernel: DRM (display resource
  171. management), KMS (kernel mode setting), and GBM (generic buffer management). All
  172. three are necessary for most Wayland compositors. Only the first two are
  173. implemented by the Nvidia proprietary driver. In order to support Nvidia,
  174. Wayland compositors need to add code resembling this:
  176. ```c
  177. if (nvidia proprietary driver) {
  178.     /* several thousand lines of code */
  179. } else {
  180.     /* several thousand lines of code */
  181. }
  182. ```
  184. That's terrible! On top of that, we cannot debug the proprietary driver, we
  185. cannot send fixes upstream, and we cannot read the code to understand its
  186. behavior. The mesa code (where much of the important code for many drivers
  187. lives) is a frequent object of study among Wayland compositor developers. We
  188. cannot do this with the proprietary drivers, and it doesn't even implement the
  189. APIs it needs to. They claim to be working on a replacement for GBM which they
  190. hope will satisfy everyone's concerns, but 52 commits in 3 years with over a
  191. year of inactivity isn't a great sign.
  193. To boot, Nvidia is a bad actor on Linux. Compare the talks at FOSDEM 2018
  194. from the [nouveau developers][nouveau] (the open source Nvidia driver) and the
  195. [AMDGPU developers][amdgpu] (the *only*[^1] AMD driver - also open source). The
  196. Nouveau developers discuss all of the ways that Nvidia makes their lives
  197. difficult, up to and including *signed firmwares*. AMDGPU instead talks about
  198. the process of upstreaming their driver, discuss their new open source Vulkan
  199. driver, and how the community can contribute - and this was presented by paid
  200. AMD staff. I met Intel employees at XDC who were working on a continuous
  201. integration system wherein Intel offers a massive Intel GPU farm to Mesa
  202. developers free-of-charge for working on the open source driver. Nvidia is
  203. clearly a force for bad on the Linux scene and for open source in general, and
  204. the users who reward this by spending oodles of cash on their graphics cards are
  205. not exactly in my good graces.
  207. [^1]: *actively maintained
  209. So in short, people asking for Nvidia proprietary driver support are asking the
  210. wrong people to spend hundreds of hours working for free to write and maintain
  211. an implementation for *one* driver which represents a harmful force on the Linux
  212. ecosystem and a headache for developers trying to work with it. With respect, my
  213. answer is no.
  215. [nouveau]: https://archive.fosdem.org/2018/schedule/event/nouveau/
  216. [amdgpu]: https://archive.fosdem.org/2018/schedule/event/amd_graphics/
  218. ### Wayland doesn't support gaming!
  220. First-person shooters, among other kinds of games, require "locking" the pointer
  221. to their window. This requires [a protocol][pointer-constraints.xml], which was
  222. standardized in 2015. Adoption has been slower, but it landed in wlroots several
  223. months ago and support was added to sway a few weeks ago.
  225. [pointer-constraints.xml]: https://github.com/wayland-project/wayland-protocols/blob/master/unstable/pointer-constraints/pointer-constraints-unstable-v1.xml
  227. ### In conclusion
  229. At some point, some of these things have been true. Some have never been true.
  230. It takes time to replace a 30-year incumbent. To be fair, some of these points
  231. are true on GNOME and KDE, but none are inherently problems with the Wayland
  232. protocol. wlroots is a dominating force in the Wayland ecosystem and the tide is
  233. clearly moving our way.
  235. Another thing I want to note is that Xorg still works. If you find your needs
  236. aren't met by Wayland, just keep using X! We won't be offended. I'm not trying
  237. to force you to use it. Why you heff to be mad?