On 7/31/23 00:33, Grant Taylor wrote:
On 7/29/23 5:47 PM, Rick Troth wrote:
Xwindows is used by Linux because it had been developed widely and
was common on Unix when Linux came into popular view. Xwindows
itself is an excellent development. Sadly, Xwindows is way to
"chatty" and has other issues.
I'm curious to know what you're thinking if you'd be willing to
elaborate.
The whole Athena project at MIT "back in the day" was rigorously planned
out with cross-platform requirements in mind.
It's old, but if we're going to diss things because they're old then
we'll devolve into a flame war about COBOL.
Kerberos was born there too. (Less of a fan, but it has its place, and
notice that Microsoft has fully bought in there.)
X11 not only ran on VMS workstations but could even use DECNET for
transport as an alternative to TCP. (I'd be surprised to encounter
DECNET support in contemporary X11.)
Stuff like that indicates that the X11 developers took pains to build a
generalized API which in turn allowed it to run on more systems.
(But the reactions against it from the security community are WAY out
of line, MUCH to aggressive. Xwindows is not and evil back door for
the hackers. But I digress.)
X11 is not good. I don't know how /bad/ it is.
I think the biggest thing is that most people don't think about it at
all. As such it has a way of biting many people.
I hear a great number of people complaining. But in my experience X is
#1 complicated (likely because of the Stone Age when it was developed)
and #2 "heavy" or as I like to say "chatty".
Saying "X11 is not good" out of hand is a weak argument (but is sadly
effective in public forums like this one).
If most people don't think about it, that's a GOOD thing. "It's just
there", so make use of it.
X11 has a couple of authentication methods, per IP and MIT Magic
Cookie. Per IP is problematic when you have multiple users on either
IP. MIT Magic Cookie tends to help this and make t hings more per
user. But I don't think as many people use MIT Magic Cookie as
should. Almost all of the tutorials I've seen online still do things
per IP or simply open up X11 to the any IP that can connect to it.
Despite the authentication issue, X11 makes it too easy for a client
that can access the X11 display server to copy the screen to a file,
manipulate the clipboard, capture keys, read / mess with the mouse,
and various other surprising things.
Wearing my CISSP hat: then don't let untrustworthy clients access the
X11 display.
There is value in minimal rules. Ultimately *all* controls boil down to
binary go/no-go. Always. But too many "what ifs" often make it harder
for legitimate people (and programs) to do what they need to do.
Now if Wayland can address the all-or-nothing access, great!
But I'm seriously worried that Wayland will throw out some babies with
the nasty old dirty bath water. (And that water really is gross, I agree.)
But *something* must have access/control over the whole raster. The
design of X11 leaves much of it open to all comers.
I see this, I recognize the risks, but I don't damn it outright. (And I
admit to being contrarian in the security world.)
We protect the wrong things.
One great thing about X11 is the ability to launch a single application
*without* a window manager or session manager.
You can, for example, bring up Xvnc as the one and only client. The
local screen/display then appears to be the remote canvas.
I did this regularly using VMware back when I ran VMware on my Linux PC.
Worked a charm.
I use X11 heavily and I *only* use it over trusted channels and with
trusted clients.
Forgive me for ignorance about the details of the built-in
authentication methods: I don't use them. I do my best to tie-off the
ends and then tell X auth to get out of the way. He doesn't always
listen. Oh well.
You're right: z/OS already does Xwindows. Mac doesn't use Xwindows,
but its fore-runner NeXT did X just fine. (personal experience)
macOS doesn't use X11 /by/ /default/. But my understanding is that
there are many ways to add X11 on top of -- what I think is called -
Coco (?) -- thereby making it behave similar to Linux (et al.) and
Windows with an X11 display server.
Yes. There are may ways to add X11 on top of MacOS, also on top of MS
Windows.
I use CYGWIN/X on MS Windows. That's a basic requirement in my MO.
(Though it's true, that exposes me to untrustworthy clients by nature of
MS Windows itself. Let's not get started.)
MS Windows doesn't do X, but there are numerous utilities bridging
the gap. (Personally I go for CYGWIN/X when corp IT doesn't get in
the way. Works great!) I rarely use X based apps on MVS, but I've
used them occasionally for more than two decades. (Even used X from
CMS. Tell the ARS Technica guy *that*, will ya?)
I'm curious what X11 based applications you ran as clients on MVS / CMS.
Several X11 apps were re-compiled for CMS "back in the day". The single
tasking nature of CMS made them less than effective.
On MVS (USS), I remember using 'xterm', which is the X11 app I use most.
Lately, I'm more likely to run 'xterm' on some other platform and then
SSH-in to USS. Works.
The nice thing about Xwindows is that it's the same from one platform
to the next.
That's not as true as it used to be.
X11 used to be both BIGendian & littleENDIAN and supported byte
swapping on the fly. That functionality was disabled by default in a
recent change (within the last year) and now must be enabled with a
command line option on the X server.
Newer X11 servers should support older X11 clients. I'm not as sure
about the other way around. Especially when you get to older releases
or even X10.
I strongly agree with this last one: newer should support older.
Never used X10. Never had time to read-up on it. More ignorance on my part.
Never had cross-platform troubles with X11. Byte swapping on the fly
likely adds to the bloat I observe.
Geek that I am, I started recompiling the compiler. (Gotta have the
latest compiler for everything else. Besides, Linux is "open source",
right?) Mike was more sporty. He brought up DOOM. We had to borrow a
nearby Sun workstation (I forget which model). There was no BITMAPPED
DISPLAY on the mainframe. But the beauty of this story is that DOOM
was essentially the first application to run on Linux/390 native
(outside of IBM).
LOL
Yup! It was fun. *:-)*
Grant. . . .
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
-- R; <><
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
