Why do people hype up Wayland?

[wizardfromoz]

The last update to 7.7 was 2012

Actually, 2019 - your reference is about 7.7-RC1, but granted it s still a long time.

 

[kibasnowpaw]

Seems somewhat academic to me.

RHEL 9 has X11 in it. 9.0 support ends 31 May 2027, but each dot point release (9.1, 9.2 and so on) extends that out by a year, so Redhat is committed to providing support for X up to at least 2032. RHEL 10 dropped it for Wayland.

X11/X.org is in maintenance mode, no more feature development, and that means just that - maintenance and security fixes.

A lot of things can happen or change between now and 2032.

Cheers

Wizard

i wouldn't mind use Wayland if it don't make life harder for me as it is now as a gamer it do that's why i use x11 and you right a lot can happen in 6 years.

 

[MikeWalsh]

Kinda amuses me, TBH. All this talk about "security" (yet again)..... Seems to me that some people - if they look hard enough, and convince themselves of its 'truth' - can find "security" holes absolutely everywhere.

I've said it before, and I'll say it yet again. If you're that worried about security.....stay off-line. Chuck the damn 'puter in the trash. And so as to resist "temptation", get rid of every aspect of your modern existence, and go live in a cave in the middle of nowhere.

Seems simple enough to me. It's not rocket-science. If something is 'bad' for you, then get rid of that thing; don't use it again.

(shrug..)


Mike.

 

[kibasnowpaw]

Kinda amuses me, TBH. All this talk about "security" (yet again)..... Seems to me that some people - if they look hard enough, and convince themselves of its 'truth' - can find "security" holes absolutely everywhere.

I've said it before, and I'll say it yet again. If you're that worried about security.....stay off-line. Chuck the damn 'puter in the trash. And so as to resist "temptation", get rid of every aspect of your modern existence, and go live in a cave in the middle of nowhere.

Seems simple enough to me. It's not rocket-science. If something is 'bad' for you, then get rid of that thing; don't use it again.

(shrug..)


Mike.

I get where you’re coming from, and I agree that “security panic” can easily spiral into paranoia if people go looking for ghosts everywhere. But I think a lot of these discussions miss a much more practical middle ground.

If someone genuinely cares about security and privacy, the biggest wins usually don’t come from the browser UI or swapping one desktop stack for another. They come from the network layer. That’s where you reduce the attack surface in a way that applies to everything, regardless of whether you’re on Wayland, X11, Firefox, Chromium, or something custom.

For example, I run my own router/firewall with Pi-hole and DHCP. I control which ports are open, which aren’t, whether IPv6 is even exposed, and what traffic is allowed out of the network at all. With Pi-hole alone, a massive amount of tracking, telemetry, and junk traffic never reaches the system in the first place. At that point, the difference between “secure browsers” or display protocols becomes far less dramatic in real-world terms.

What stood out to me in the XDA Wayland discussion I read the other day is that security is often presented as a primary justification for the hype, even though many of the real-world problems people mention there screen capture workflows, OBS, remote desktop, CAD tools, Vms are usability and workflow issues, not security failures. Wayland does improve client isolation at the compositor level, but that doesn’t automatically translate into meaningful protection if the network itself is wide open.

And yes the only perfectly secure system is an offline one: air-gapped, powered down, living far away from civilization. But it’s not a useful baseline for people who actually want to use computers to do real work.

Real security is about risk management, not absolutism. You reduce exposure where it has the most impact, accept that some risk always exists, and balance security against usability. In practice, network-level controls get you much closer to that balance than endlessly reinventing browsers or treating Wayland as a silver bullet.

So I don’t think people are wrong to care about security at all but if they’re serious about it, that’s where I’d tell them to start.

 

[f33dm3bits]

I get where you’re coming from, and I agree that “security panic” can easily spiral into paranoia if people go looking for ghosts everywhere. But I think a lot of these discussions miss a much more practical middle ground.

If someone genuinely cares about security and privacy, the biggest wins usually don’t come from the browser UI or swapping one desktop stack for another. They come from the network layer. That’s where you reduce the attack surface in a way that applies to everything, regardless of whether you’re on Wayland, X11, Firefox, Chromium, or something custom.

If you didn't know X was designed for being used over a network, but this was back in the day when computers were expensive and many people connected to a central computer system from a terminal (if I am not mistaken, those who have been longer around than me may correct me if I'm wrong).

Unlike most earlier display protocols, X was specifically designed to be used over network connections rather than on an integral or attached display device. X features network transparency, which means an X program running on a computer somewhere on a network (such as the Internet) can display its user interface on an X server running on some other computer on the network.

X Window System - Wikipedia

en.wikipedia.org

That does make it security risk if something stays unpatched.

Wayland was not.

The X Window System is an architecture that was designed at its core to run over a network. Wayland does not offer network transparency by itself however, a compositor can implement any remote desktop protocol to achieve remote display.

Wayland (protocol) - Wikipedia

en.wikipedia.org

The question is in today's dage an age do you really want that when it comes to security? There are both valid for reasons to have it and not have it.

 

[kibasnowpaw]

If you didn't know X was designed for being used over a network, but this was back in the day when computers were expensive and many people connected to a central computer system from a terminal (if I am not mistaken, those who have been longer around than me may correct me if I'm wrong).

You’re absolutely right about the historical design of X, and that context matters. X was built in a time when computing was centralized, hardware was expensive, and network transparency was a feature, not a liability. Terminals connecting to a central system made sense in that model, and X was explicitly designed around that assumption. From a modern security standpoint, that architecture does carry baggage, especially if systems are unpatched or exposed in ways they shouldn’t be.

Where I think it’s important to be precise, though, is how that design translates into real-world risk today.

In practice, almost nobody is using X’s network transparency in the way it was originally intended anymore. On modern Linux desktops, X11 typically runs locally over Unix domain sockets, not exposed TCP connections. Remote access, when used, is usually tunneled through SSH or handled by separate remote desktop solutions. That doesn’t make X “secure by design” in a modern sense, but it does mean the original threat model is largely dormant unless someone explicitly enables or misconfigures it.

That’s why my stance is still network-first. If a system is unpatched, has open ports it shouldn’t, weak firewall rules, or poor DNS hygiene, then the display protocol isn’t the primary risk factor. Those fundamentals dominate the real attack surface. Conversely, a well-segmented, well-filtered network dramatically reduces exposure regardless of whether the desktop stack is X11 or Wayland.

I also think it’s important to separate architectural correctness from user decision-making. Wayland’s model is clearly cleaner for modern desktops: stricter client isolation, no implicit trust between applications, and no built-in network transparency. From a design and maintenance perspective, that’s a strong argument for it being the future default.

But in day-to-day reality, most users are not choosing Wayland because of security. They choose based on whether things work. On places like r/ubuntu and similar forums, the discussion is overwhelmingly about breakage, compatibility, gaming, screen sharing, Nvidia behavior, or workflows that worked under X11 but don’t yet behave the same under Wayland. Security is rarely the deciding factor for adoption or rejection.

So when you ask whether we really want X’s historical network model in today’s world: as a default going forward, probably not and I agree with that. But that doesn’t automatically make X11 an active security problem in properly configured modern systems, nor does it mean Wayland alone meaningfully “fixes” security if the rest of the stack is neglected.

Wayland is the better long-term architecture.
X11 carries legacy design choices that wouldn’t be made today.
But real-world security still lives first at the network and system level, and real-world adoption is still driven by whether things work, not by abstract threat models.

That’s why I think both positions can be valid at the same time, depending on context.

 

[KGIII]

If you're that worried about security.....stay off-line.

That's a bit of a false dichotomy. One can be both extremely worried and still use the 'net. They can just do so cautiously, limiting what they do and how they do it. Essentially, they're extremely worried but willing to accept some risks in order to use the 'net.

It's like someone who is deathly afraid of automobile accidents, so they wear their seatbelt and only ride in vehicles that have a full complement of airbags. In this case, they limit what they put on the computer and use security software that limits their exposure.

People with agorophobia can force themselves to go outside. They don't like it, and may be physically ill because of it. People regularly do things they're afraid of, largely out of necessity. In cases where they're extremely worried about security, they can use distros (like Tails and Qubes) that offer greater security out of the box. They can do all of their internet activity over Tor.

In other words, there are ways they can reduce their risks.

 

[APTI]

• Xlib - the basic C library for X11 protocol
• xcb (X C Bindings) - the "modern" replacement for Xlib
• Xrandr - display configuration/resolution management
• Xinerama - multi-monitor support (older approach)
• Xrender - 2D rendering with alpha compositing
• XFixes - miscellaneous fixes/extensions
• Xft - FreeType font rendering
• Xi (XInput) - input device handling
• Xext - various X extensions
• Xtst - testing/automation (XTEST extension)
• Xmu, Xaw - X miscellaneous utilities, Athena widgets
• ICE, SM - Inter-Client Exchange, Session Management
• Xdmcp - X Display Manager Control Protocol

It's over 30 libs (depending on how your distro implements it,.
Some haven't been updated in over a decade, some are broken, most haven't had security updates in a LONG time.
Some of the devs has even passed on. Some of it's political, I'm not updating my library, because I don't like the way you implemented this. So it's never been changed in over a decade.

Wayland, streamlined, less resources, often faster, the devs are all onboard with each other.
Wayland used to have compatibility problems a few years ago, but honeslty, I can't think of anything that doesn't run uder it.

Let me help you.... for one. anydesk does not behave well under wayland. So now you can think of something. I have others too.

 

[Bongripper666]

I don't hype it. I use it, because it just works better for me.