How do you avoid interaction if it’s being done automatically by your machine when you open up a print dialog, and if malicious servers can use the same names as legit printers?

People often think that things like recording your screen or keylogging are the worst but they’re not. These attacks would require you to be targeted by someone looking for something specific.

Meanwhile automated attacks can copy all your files, or encrypt them (ransomware), search for sensitive information, or use your hardware for bad things (crypto mining, spam, DDoS, spreading the malware further), or most likely all of the above.

Automated attacks are much more dangerous and pervasive because they are conducted at massive scale. Bots scan massive amounts of IPs and try all the known exploits and vulnerabilities without getting tired, without caring how daunting it may be, without even caring if they’re trying the right vulnerability against the right kind of OS or app. They just spray everything and see what sticks.

You’re thousands of times more likely to be caught by such malware than it is to be targeted by someone with the skill and motive to record your screen or your keyboard.

Secondly, if someone like that targets you and has access to your user account, Wayland won’t stop them. They can gain access to your root account, they can install elevated spyware, they can patch Wayland and so on.

What Wayland is doing is the equivalent of asking you to wear a motorcycle helmet 24/7, just in case you slip on some spilled juice, or a flower pot falls on your head, or the bus you’re in crashes. All those things are possible and the helmet would come in handy but are they likely? We don’t do it because it’s not, and it would be a major inconvenience.

You were merely lucky that they didn’t break.

Lucky… over 5 years and with a hundred AUR packages installed at any given time? I should play the lottery.

I’ve noticed you haven’t given me any example of AUR packages that can’t be installed on Manjaro right now, btw.

it wasn’t just a rise in popularity of Arch it was Manjaro’s PAMAC sending too many requests DDoSing the AUR.

You do realize that was never conlusively established, right? (1) Manjaro was already using search caching when that occured so they had no way to spam AUR, (2) there’s more than one distro using pamac, and (3) anybody can use “pamac” as a user agent and there’s no way to tell if it’s coming from an actual Manjaro install.

My money is on someone actually DDoS’ing AUR and using pamac as a convenient scapegoat.

Last but not least you’re trying to use this to divert from the fact AUR packages work fine on Manjaro.

That’s exactly the problem. Wayland is a set of standards, more akin to FreeDesktop.Org than to X. It lives and dies by its implementations, and it’s so utterly dependent on them that “KDE Wayland” has started to become its own thing. KDE are pretty much forging ahead alone nowadays and when they make changes it becomes the way to do it. Also what they do can’t be shared with other desktops because they’d have to use KDE’s own subsystems and become dependent on its whims.

It wasn’t supposed to be “Kdeland” and “Gnomeland” but that’s what it’s slowly becoming. We’re looking at major fragmentation of the Linux desktop because desktop teams have and do stop seeing eye to eye on major issues all the time. And because there’s no central implementation to keep them working together they’re free to do their own thing.

We need to keep a balance between security and convenience, to avoid systems becoming too awkward to use. Wayland tipped this balance too far on the side of security. Malicious local exploitation of the graphics stack has never been a big issue; consider the fact that someone or something would need to compromise your own account locally, at which point they could do much worse things than moving your windows around. It’s not that the security threat doesn’t exist, it’s that Wayland has approached it at the wrong end and killed a lot of useful functionality in the process.

Also consider that this issue has existed for the entire history of desktop graphics on *nix and nobody has ever deemed it worth to destroy automation for it. If it were such a grave security hole surely someone would have raised the alarm and fixed it during all this time.

My opinion is that Wayland has been using this as a red herring, to bolster its value proposition.

Manjaro has no purpose, it’s half-assed at being arch and it’s half-assed at being stable.

My experience with Manjaro and Fedora, OpenSUSE etc. contradicts yours. Manjaro has the best balance between stability and rolling out of the box I’ve seen.

“Out of the box” is key here. You can tweak any distro into doing anything you want, given enough time and effort. Manjaro achieves a good balance without the user having to do anything. I remind you that I’ve tested this with non-experienced users and they have no problem using it without any admin skills (or any admin access).

Debian testing is a rolling.

It is not.

AUR isn’t a problem in Manjaro because of lack of support, it’s a problem because packages there are made with Arch and 99.999% of its derivatives in mind, aka latest packages not one week old still-broken packages.

And yet I’ve managed to install dozens of AUR packages just fine. How do you explain that?

Matter of fact, I’ve never run into an AUR package I couldn’t install on Manjaro. What package is giving you trouble?

Manjaro literally accidentally DDoSes the AUR every now and then because again they’re incompetent.

You’re being confused.

AUR had very little bandwidth to begin with and could not cope with the rise in popularity of Arch-based distros. That’s a problem that needs to be solved by the AUR repo first and foremost. Manjaro did what they could when the problem became apparent and has added caching wherever it could. Both Manjaro and Arch devs have worked together to improve this.

May I ask what fake location do you intent to provide? And have you considered that it might invalidate your claims? Like, you say your car had an accident but your location says you’re in Antarctica, and they use that to weasel out of coverage.

If Wayland is so fragile as to only work with KDE, and is not responsible for anything, how long until it’s relegated to a KDE internal subsystem?

It actually is because of Wayland design. In their quest for “security” they’ve made it impossible for automation and accesibility tools to do their job.

It’s a glaring omission in Wayland going forward, for zero gain. Most of the touted Wayland security advantages are hogwash.

I believe that rclone already has Proton Drive support.

We don’t know yet, the first frame has been rendering for the last two weeks.

Ok but it’s not called Kdeland.

Or try using any form of desktop automation… which is a show-stopper and it doesn’t look like Wayland plans to do anything about it any time soon.

There is no other Arch-based distro that strives to achieve a “rolling-stable” release.

Alternatives like Fedora have already been mentioned by other comments.

Debian testing is not a rolling release. Its package update strategy is focused on becoming the next stable so the frequency ebbs and flows around stable’s release cycle.

manjaro since it manages to be less stable than Arch specifically because of their update policy

This is false. Their delayed updates mitigate issues in latest packages. Plasma 6 was released late but it was a lot more usable, for example.

I mean why even be on Arch if you can’t use the AUR and have the latest packages?

Anybody who wants Arch should use Arch. Manjaro is not Arch.

Some of us don’t want the latest packages the instant they release, we’re fine with having them a week or a month late if it means extra stability.

There’s nothing magical about what Manjaro is doing, it stands to reason that if you delay packages even a little some bugs will be fixed.

Also you can use AUR on Manjaro perfectly fine, I myself have over 100 AUR packages installed. But AUR is not supported even by Arch so it’s impossible to offer any guarantees for it.

There’s also Flatpak and some people may prefer that since it’s more reliable.

It’s been removed in most of the US.

On some phones you won’t get anything when searching for “lockdown” but you most likely have it, it’s typically under Display > Lock screen > Shown lockdown option.

The community has been making Winamp clones for as long as Winamp has existed. XMMS appeared the same year as Winamp, in 1997. Audacious is still around and still has a mode where it uses Winamp skins.

The thing about Winamp is that it had its time in the spotlight for a few years and then everybody moved on to the new types of media libraries like foobar2000. Today it’s just a museum piece.

This was predicted back when they first announced it… what do you know, it was correct.

Manjaro has been specifically designed to have fresh packages (sourced from Arch) but to be user friendly, long term stable, and provide as many features as possible out of the box.

It requires some compromises in order to achieve this, in particular it wants you to stick to its curated package repo and a LTS kernel and use it’s helper apps (package/kernel/driver manager) and update periodically. It won’t remain stable if you tinker with it.

You’ll get packages slower than Arch (depending on complexity, Plasma 6 took about two months, typically it’s about two weeks) but faster than Debian stable.

I’m running it as my main driver for gaming and work for about 5 years now and it’s been exactly what I wanted, a balanced mix of rolling and stable distro.

I’ve also given it to family members who are not computer savvy and it’s been basically zero maintenance on my part.

If it has one downside is that you really have to leave it alone to do its thing. In that regard it takes a special category of user to enjoy it — you have to either be an experienced user who knows to leave it alone or a very basic user who doesn’t know how to mess with it. The kind of enthusiastic Linux user who wants to tinker will make it fall apart and hate it, and they’d be happier on Arch or some of the other distros mentioned here.

Why do you assume they haven’t warned Mozilla in advance?

Also, Mozilla was fully aware that what they were doing is in breach of GDPR. I find it extremely hard to believe that the makers of Firefox are not fully familiarized with it by now.

Last but not least Mozilla is doing this for financial gain. It’s selling pur data to advertisers. Why should we excuse it? It’s a very hostile act.

If Mozilla has hit rock bottom and has been reduced to selling our data to survive then that’s that. We’ll find another way and another FOSS browser. Accepting it is not an option.