(In case you’re wondering what I’m talking about, it’s this: https://bugzilla.gnome.org/show_bug.cgi?id=753678 – still an issue under elementary OS 6.)
@toni It boggles my mind that basic security (and accessibility) issues remain unfixed for years while folks work on new and wonderful whizz-bang visual effects. *smh*
yup @aral, @keithzg and @toni it’s a very well known bug but they keep making more of it because apparently nobody listens: https://www.jwz.org/blog/2021/01/i-told-you-so-2021-edition
On the other hand: when you remote-desktop to a Windows machine, its monitor turns on and lets everyone in the office see what you're doing.
I've seen the bug you're talking about in openSuse, but I feel it's still much better than Windows, security-wise.
Which is not an excuse, of course! But I guess it's a risk if many developers get to choose what bit they take on and which they don't. Someone needs to figure out a mechanism that directs resources to such issues...
Hmm... I've had several times when someone in the office said they could see my screen, and vice versa.
RDP can work without a screen attached to the remote PC, but it's also used for "remote control" sessions, so there are at least unsafe scenarios.
For Linux ... I've tightVNC is good but I've never managed to set it up so it actually works. NoMachine used to work but these days is tied to physical screens and shows your desktop at the remote location. Complete rubbish!
hmm... I no longer work in that place, so I can't test it now. Maybe I've conflated something ... *scratches head*
The definite advantage of RDP over anything else (except ye olde noMachine 3.x) is that it "just works", and is not tied to local screen resolution.
used X2go to connect to a Linux machine because I couldn't get VNC to work, and its resolution was also tied to the remote display, even if I unplugged it...
ppl in VNC fora were like " lol y u use linux if ur too stupd!"
That sounds cool, thanks for the hint! I'll definitely try that out.
There's another thing about not just VNC people but most remote desktop makers, which is they seem to believe that it's all about desktop "sharing", and why would anyone not want to show the desktop on both ends? And then they don't even mention on their site which kind of remote desktop their tool provides.
»VNC folks do seem to be of the curmudgeonly variety«
...at the same time, I wonder why they are like that. VNC can do cool stuff. Our last cluster admin setup turboVNC, and it was amazing. 3D-accelerated full linux desktop, remotely from a headless cluster node.
He tried to explain to me how to setvit up because I wanted that on my own machine -- but I had a different distro and less knowledge of its internals ==> no chance, and no help online, either.
VNC's biggest drawback :(
@keithzg @aral @toni I haven't looked into it for a long time. I see it on a desktop I've got after many years of only using a laptop... only returned to Plasma/KDE in the last year or so after a couple years' sojourn to Cinnamon. But yes, I think it's probably an X11-level issue, not desktop-level.
@aral someone tried to crack my root password once and they weren't able to, thankfully!! ✊ *knocks on wood*
@aral mhm, I just noticed that I unconsciously usually do "super" + "L" before closing the lid, so not overly common for me to see it, but yes, I also remember seeing this behaviour especially under high load
On regular GNOME that is.
Is there a corresponding issue in the GNOME GitLab?
@sheogorath No idea, looks like they didn’t port their issues over to the new system or provide links to corresponding issues from the old system 🤷♂️
@sheogorath But similar issues are all over the ecosystem. e.g., see https://github.com/solus-project/budgie-desktop/issues/1374
The original issue https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/ was only closed with a message and the state RESOLVED OBSOLETE, despite it clearly has security implications. Here is also a CVE-2016-1000002 assigned.
I've allowed myself to recreate the issue, because I have been repeatingly annoyed by it:
@aral 😅 I've noticed the specific bug you're talking about on my elementaryOS laptop. It's certainly shocking to see.
@aral I haven’t looked at it, but I speculate the problem is it runs lock after suspending, while it should run before suspending.
@lxo Is Firefox a core part of your operating system? You want “Linux on desktop” to be a thing, then start seeing it as an everyday person using an everything thing would see it. No one cares about GNOME apart from hobbyists. As far as anyone else is concerned, elementary OS (or Ubuntu, etc.) has a security issue. Just like if it happened on a Mac they’d say macOS has a security issue. Try and see the forest for the leaves.
@lxo I meant “you” in the general sense also :) As in “people who do.” When competing with macOS and iOS (which is what “Linux” is doing for mindshare), passing the buck upstream isn’t going to cut it. No one* cares about the innards. And that goes all the way to device manufacturers. Security/usability/accessibility issue in component X? That’s right, Brand X has a security/usability/accessibility issue. No one* knows/cares about component X.
* apart from hobbyists/developers
@lxo “we free software people … have brought you” – Dude, everything I do is free and open source. It’s this sort of arrogance, gate-keeping, and total ignorance about design/how everyday people use technology as an everyday thing that is the biggest impediment to “free and open” competing with proprietary solutions. Get off your high horse and learn to recognise when someone IS helping BY pointing out the flaws in your culture and approach.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!