31 Jul 2024 |
Pratham Patel (you can mention me) | honestly no idea about that, mind pointing me to some bulletins? | 06:54:16 |
K900 | Well they recently stopped executing arbitrary code from /tmp | 06:54:39 |
K900 | As part of their plugin system | 06:54:44 |
K900 | "Plugin" "system" | 06:54:48 |
K900 | And yes, that is how low the bar is | 06:54:54 |
Pratham Patel (you can mention me) | I get it but I don't use plugins :) | 06:55:05 |
K900 | It's not about plugins | 06:55:12 |
K900 | It's about knowing what the fuck you're doing | 06:55:17 |
Pratham Patel (you can mention me) | and I also see some irony in the blog post about the C++ thingy migration where it was mentioned that C++ has better memory safety than C; sure but eh, C++ isn't that that better than C in shoot-yourself-in-the-foot-guns either lo
| 06:56:02 |
K900 | Like, if your solution to "we should allow people to extend our thing" is "just compile some code in /tmp at runtime and dlopen it", I don't trust any code you've written | 06:56:06 |
K900 | Oh yeah they had a security fix a few days ago | 06:56:51 |
K900 | https://github.com/hyprwm/xdg-desktop-portal-hyprland/commit/0bb709491baffd69f4f861802f00cf60c77cc2cd | 06:56:51 |
K900 | Where you could get arbitrary command execution from a window title | 06:57:01 |
K900 | O | 06:57:04 |
K900 | * Over dbus | 06:57:10 |
K900 | And I'm pretty sure it's not even fixed all the way | 06:57:19 |
K900 | And they shipped that security fix in an update that also bumped the Pipewire version requirement by a major version | 06:57:44 |
K900 | Just so distros can have extra fun | 06:57:49 |
Pratham Patel (you can mention me) | lol | 06:58:00 |
K900 | Like, I know myself, I can be harsh on upstreams when they do stupid shit, but I do generally try to assume good intent when possible | 06:59:09 |
K900 | So let me be very clear: the Hyprland people are woefully incompetent, extremely resistant to any sort of feedback, and no code they touched should ever be trusted for any reason | 06:59:40 |
K900 | I don't even maintain Hyprland or run it | 06:59:52 |
Pratham Patel (you can mention me) | :grimmacing: | 06:59:56 |
K900 | And I've had enough evidence presented to me by pure osmosis | 07:00:02 |
K900 | To convince me to never touch the project or anything to do with it with any length of pople | 07:00:23 |
K900 | * To convince me to never touch the project or anything to do with it with any length of pole | 07:00:25 |
Pratham Patel (you can mention me) | offtopic but how "featue rich" is sway? not very educated with wayland but I see that it's protocol-based and not server-based like X11 which has it's pros and cons; the biggest con for me is that feature XDG protol X may be in Z but not in Y, unlike window managers on x11 which only manage windows.
is sway better than hyprland? I don't care about the eye candy, chose hyprland because it's userbase is near/higher than sway and therefore would likely be more supported; valid assumption or not, that's what I thought
| 07:11:58 |
K900 | Sway and Hyprland both use wlroots | 07:16:01 |
K900 | (at least current Hyprland, they're ripping it out for largely no reason) | 07:16:15 |
K900 | In fact wlroots is the backend of Sway abstracted into a library | 07:16:30 |