151
Found a security bug in LMDE6, need some help
(i.imgur.com)
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
This shit right here is why you absolutely must use xscreensaver.
Not some repackaging of the hacks.
Not some implementation with your wms decorations.
Xscreensaver.
Or Wayland, where this isn't an issue.
I like my security bugs well publicized with documented workarounds as opposed to undiscovered and undisclosed, thank you.
Apropos of nothing, Xscrensaver is my bellwether for moving to Wayland. When it’s officially ported I’ll switch.
I doubt there will ever be screensaver support with Wayland. Wayland isn't a program so there is not a display server to connect to. The desktop draws directly to the screen.
Swaylock?
I mean, it absolutely could if stuff like ext_session_lock weren’t incredibly insecure.
There’s a thread on the maintainer of xscreensavers website that talks extensively about this and it got me trying to get just some stubs hooked into several wayland environments, seeing how the sausage is made and putting Wayland back on the shelf.
I tried Linux briefly in highschool (around the year 2000) before going back to Windows (I love video games). I switched about 2 years ago back to Linux (Debian). Your comment made me remember xscreensaver and I went and installed it again. The matrix screensaver is a huge throwback, I love it and I missed it.
But it was a pain to do this. I'm using KDE/Plasma on Debian, and I had to follow this process to get it done. My lock buttons built into KDE menus still don't work despite replacing kscreenlocker_greet like the manpage recommends. I'm not sure it's worth my time to try to figure out, since the page warns an update will revert this. I'm not going to remember how to fix it later. I choose to lock my computer with super+L so this isn't a huge issue for me.
The process to use xscreensaver with gnome looks equally bad.
WHY is this so tough, though? Debian "just works" for me, so needing to fumble through this manpage feels pretty lame. The process looks similar on other distros, from a quick google. I'm not an IT person or a programmer, and this doesn't feel very "linux" that it's this way. Why would these window managers replace something that just works?
I suppose it does look a bit dated?
None of the desktop environments like xscreensaver because it breaks their window decorations and input handling. It does this for security purposes because its job is first and foremost to be as secure as possible then once that’s done go ahead and make pretty pictures.
If it sounds crazy that input and window decorations would be insecure, peruse the maintainers webpage and be horrified.
Wayland needs infinite workarounds to get xscreensaver working because the way you’d do it under the Wayland framework is with a weird method called uhh ext_session_lock (I reference it in another comment but I’m not sure that’s the right one now.) which at least as of about a year ago let screen locking programs handle passwords directly!
I think it’s an artifact of open source software being maintained by people who are on the payroll of companies that rely on the software.
Thanks for taking the time to reply, that makes a lot of sense.
I haven't switched to Wayland yet. It makes sense why xscreensaver wouldn't work well with an entirely different window server. I was just surprised it was so difficult (for me at least) to use with modern window managers despite being relevant and mature, haha.