this post was submitted on 18 Sep 2023
91 points (100.0% liked)

KDE

5338 readers
76 users here now

KDE is an international technology team creating user-friendly free and open source software for desktop and portable computing. KDE’s software runs on GNU/Linux, BSD and other operating systems, including Windows.

Plasma 6 Bugs

If you encounter a bug, proceed to https://bugs.kde.org/, check whether it has been reported.

If it hasn't, report it yourself.

PLEASE THINK CAREFULLY BEFORE POSTING HERE.

Developers do not look for reports on social media, so they will not see it and all it does is clutter up the feed.

founded 1 year ago
MODERATORS
 

Wayland. It comes up a lot: “Bug X fixed in the Plasma Wayland session.” “The Plasma Wayland session has now gained support for feature Y.” And it’s in the news quite a bit lately with the announcement that Fedora KDE is proposing to drop the Plasma X11 session for version 40 and only ship the Plasma Wayland session. I’ve read a lot of nervousness and fear about it lately. So today, let’s talk about it!

you are viewing a single comment's thread
view the rest of the comments
[–] ExLisper@linux.community 11 points 1 year ago (1 children)

has long plagued X11

The risk existed but did it plague X11? I never heard about any app logging keystrokes and sending theme somewhere. Where there any attacks using this? I don't think normal uses had to worry about it.

[–] ono@lemmy.ca 6 points 1 year ago* (last edited 1 year ago) (2 children)

The risk existed but did it plague X11?

Yes, and it still does. Practically every X11 installation is vulnerable.

(If you're nitpicking my use of the word plagued, though, note that I am talking about the vulnerability, not the exploit.)

I never heard about any app logging keystrokes and sending theme somewhere.

That's because of a variety of external factors, including:

  • X11 desktops aren't common enough to be priority malware targets, yet.
  • People who run only open-source software typically get it from trustworthy channels, like their OS distro's package repository.
  • Devices likely to attract malware, such as game consoles and mobile phones, have avoided X11. (Android phones and Steam Deck are examples.) This is no accident; lack of app isolation was a factor in that decision.

I don’t think normal uses had to worry about it.

We've been lucky so far, in that our circumstances have kept us mostly safe. However, Linux malware is on the rise. Commercial games, both on their own and through anti-cheat systems, are making opaque software more common on our desktops. Flathub is working on paid apps, which could likewise create malware opportunities that weren't there before. The Epic Game Store has already been caught collecting data from other apps, so the intent is clearly present already.

It's generally just a matter of time before exploitable systems become exploited systems. We would do well to close the door on unauthorized key logging, clipboard snooping, screen scraping, and input injection.

[–] kugmo@sh.itjust.works -4 points 1 year ago (1 children)

This amount of security theater is why Wayland was unusable for 10 years

[–] semperverus@lemmy.world 3 points 1 year ago

Except it isn't theater, and you are not qualified to make that statement.