I don’t see how this is a Wayland problem. X11 has no desktop automation integrated either. You had to use third party tools for that like Autokey. And admittedly, there is still no comparable replacement for Wayland as far i know (maybe KDE scripts? https://develop.kde.org/docs/plasma/kwin/api/ or https://github.com/ReimuNotMoe/ydotool ?). But that is because nobody has fully build one yet, not because some inherent absence of necessary wayland functions.
It actually is because of Wayland design. In their quest for “security” they’ve made it impossible for automation and accesibility tools to do their job.
It’s a glaring omission in Wayland going forward, for zero gain. Most of the touted Wayland security advantages are hogwash.
I mean if it’s goal was to prevent scripts from using the graphics env maliciously then it seems to have made some progress if you can’t even automate it with good intentions
We need to keep a balance between security and convenience, to avoid systems becoming too awkward to use. Wayland tipped this balance too far on the side of security. Malicious local exploitation of the graphics stack has never been a big issue; consider the fact that someone or something would need to compromise your own account locally, at which point they could do much worse things than moving your windows around. It’s not that the security threat doesn’t exist, it’s that Wayland has approached it at the wrong end and killed a lot of useful functionality in the process.
Also consider that this issue has existed for the entire history of desktop graphics on *nix and nobody has ever deemed it worth to destroy automation for it. If it were such a grave security hole surely someone would have raised the alarm and fixed it during all this time.
My opinion is that Wayland has been using this as a red herring, to bolster its value proposition.
I don’t see how this is a Wayland problem. X11 has no desktop automation integrated either. You had to use third party tools for that like Autokey. And admittedly, there is still no comparable replacement for Wayland as far i know (maybe KDE scripts? https://develop.kde.org/docs/plasma/kwin/api/ or https://github.com/ReimuNotMoe/ydotool ?). But that is because nobody has fully build one yet, not because some inherent absence of necessary wayland functions.
It actually is because of Wayland design. In their quest for “security” they’ve made it impossible for automation and accesibility tools to do their job.
It’s a glaring omission in Wayland going forward, for zero gain. Most of the touted Wayland security advantages are hogwash.
I mean if it’s goal was to prevent scripts from using the graphics env maliciously then it seems to have made some progress if you can’t even automate it with good intentions
We need to keep a balance between security and convenience, to avoid systems becoming too awkward to use. Wayland tipped this balance too far on the side of security. Malicious local exploitation of the graphics stack has never been a big issue; consider the fact that someone or something would need to compromise your own account locally, at which point they could do much worse things than moving your windows around. It’s not that the security threat doesn’t exist, it’s that Wayland has approached it at the wrong end and killed a lot of useful functionality in the process.
Also consider that this issue has existed for the entire history of desktop graphics on *nix and nobody has ever deemed it worth to destroy automation for it. If it were such a grave security hole surely someone would have raised the alarm and fixed it during all this time.
My opinion is that Wayland has been using this as a red herring, to bolster its value proposition.