X has a security extension and can differentiate between trusted and untrusted X clients. Untrusted ones cannot read the clipboard, see input into other windows, or read the screen content. It's not even difficult to set up just nobody does because it's not well documented.
I think the only way to truly do desktop sandboxing is to make it easy to define capabilities for programs instead of users. Users should still be a thing, but I want to (easily) have a system where random programs can never screen record while OBS always can. Linux can technically do things like this, it's just done inelegantly and takes lots of effort to set up. Firejail is sort of what I'm thinking about, it's just not completely polished. Some of these problems are due to how programs communicate with each other on a fundamental level. It's jank all the way down... I should try not to think about it much more because I will lose what's left of my mind.
So, rather than read the documentation, they invented an entirely new system that does the same thing in an even more complicated way.
Is it necessary, though? I don't think that nonconsensual screen-recording is really a problem that's been plaguing the Linux desktop...
Agree, we need something that works first, performs well second, and has good security third. A system that works and runs fast can probably get security added later, but if you're designing a new software component, it never hurts to think about security.
I think there were some more problems with it, in the way that most software at least used to be designed to assume it's trusted and crash otherwise because the security access denied access to some other extensions. Also to make it really work effectively, you also had to combine it with sandboxing so that the untrused program cannot access it's cookie. I had my browser set up for a while to use it but then scrapped the whole setup because how inconvenient it was not to be able to copy&paste from and to other programs. I think you can use it somehow with firejail. I dunno. I use bwrap for those network facing progams, everything else on my system is just not allowed to access the network/internet, via network namespace sandboxing.
They are adding experimental Wayland support in the next version of Cinnamon, which implies that they plan on moving to it. But they don't seem to be in a rush too, lot's of people on their forum having been for years asking for Wayland support, which they have always turned down due to lot's of Cinnamon's components being forked from older versions of Gnome, which meant that they wouldn't support Wayland very well and would have to spend a lot of time adding and fine tuning it, which they didn't see much of a point in.
Probably a good thing I'm running Debian 11 then
the best distro is red hat
how's your telemetry doing?
Linux Mint 21.3 Beta Released With Cinnamon 6.0 Desktop
Linux Mint 21.3 beta is now available for testing as this latest Ubuntu-based, desktop-focused Linux distribution.
Linux Mint 21.3 is working its way toward release and this weekend marks the availability of the public beta. The Cinnamon 6.0 desktop is found with Linux Mint 21.3 that brings some new "spices" add-ons, very early and experimental work on Wayland support, 75% scaling support, gesture improvements, and various other desktop refinements.
Clement Lefebvre showing off Linux Mint with Cinnamon 6.0 on Wayland:
Linux Mint 21.3 is also bringing other desktop/app enhancements like the Hypnotix TV viewing application now allows setting channels as "favorites" for easier access, support for cusotm TV channels within Hypnotix, Warpinator adds support for connecting to another device manually, artwork improvements, and more.
Linux Mint 21.3 continues to make use of the Linux 5.15 LTS kernel and Ubuntu 22.04 LTS package base. Linux Mint 21.3 is intended to receive security updates until 2027.
More details on the Linux Mint 21.3 Beta via the LinuxMint.com blog.
I know Canonical makes... decisions about LTS that presumably make sense to Canonical, but isn't Mint big enough now to do something less damn weird?
