I will never understand why "the computer can tell what input it is receiving" has turned into an accepted threat model.
I understand that we have built a computer where our primary interface depends on running untrusted code from random remote locations, but it is absolutely incredible to me that the response to that is to fundamentally cripple basic functionality instead of fixing the actual problem.
We have chosen to live in a world where the software we run cannot be trusted to run on our computers, and we'd rather break our computers than make another choice. Absolutely baffling state of affairs.
Defense in depth. One compromised application may do a lot of harm if it has access to your keyboard inputs. Supply chain attacks are not that uncommon. While you can trust software developers, you cannot completely trust their builds.
I agree. I think fixing the keylogging issue should be possible without dumping the entire architecture. Perhaps the new X11 fork https://x11libre.net will achieve that? At least, it's encouraging to hear it's getting maintained.
Regarding (recent) supply chain attacks, Linux needs to take supply integrity and sandboxing more seriously. The tools to do so are there (e.g. Nix and firejail/bwrap) and, unlike Wayland, they play well with existing software.
And when someone violates that trust, do you then tear the house down and build one with only external doors, requiring inhabitants to circle in the yard to move between rooms? The point of the Wayland security model is that the inhabitants of the house do not trust each other, and the architecture of the house must change to accommodate that.
I'm not impressed with the analogy. I am not confused about the goals of Wayland's security model. I am dismayed at the poor judgment elsewhere in computing that has led to its necessity.
I understand that we have built a computer where our primary interface depends on running untrusted code from random remote locations, but it is absolutely incredible to me that the response to that is to fundamentally cripple basic functionality instead of fixing the actual problem.
We have chosen to live in a world where the software we run cannot be trusted to run on our computers, and we'd rather break our computers than make another choice. Absolutely baffling state of affairs.