Profile picture
Robᵉʳᵗ Graham @ErrataRob
, 14 tweets, 2 min read Read on Twitter
Today we've been talking about the Xorg bug. What is Xorg? To understand this, we have to time travel back to the 1980s.
Back in the day, Unix was for big computers located in the data center. Users connected to these using terminals. You are familiar with the command-line terminals, but "graphical terminals" also existed.
Much like how Telnet/SSH are the protocols for remote text terminals that we use today, "X Windows" is the protocol for graphical terminals.
Even when your Unix machine has a local graphical screen, X Windows is still the way that most applications make graphical things happen on the local screen. Conceptually, the user is still at some distance from the kernel, even on the local machine.
It's the operating system kernel that has physical access to the hardware, user mode programs don't, and in theory, every graphical kernel call needs to validate user permissions. This has become difficult in recent years with 3D graphics which need a HUGE attack surface.
So graphics, even on systems without X Windows, have become a frequent target for local privilege escalation. That even includes remote exploits in browsers that use 3D acceleration.
There are many implementations of X Windows, but Xorg's has been the default for Linux and BSD systems for decades. It's synonymous with the Linux GUI and/or X Windows.
Things like Gnome are "windows managers", and ancient concept from the 1980s that separates management of windows from the contents of windows. Since your terminal can have windows created by more than one external computer, management needs to be separate.
So for Xorg, instead of doing fine-grained systems calls for every draw operation, with the costly step of checking user permissions every single time, it's easier just to give it root permissions with 'setuid'.
Most apps on Linux can run remotely, just add the --display on the end of the command to cause them to open a window remotely instead of locally. Other apps bypass X Windows and write to the local "frame buffer", especially video and games.
Newer things like Android discard this X Windows nonsense, because it's nonsense, and are just GUIs on top of the frame buffer. So even though Android is Linux underneath, there is no X Windows. There are, however, X Windows apps so that you can use your phone as an X terminal.
Most Linux users I know, when they want a remote GUI, just use VNC instead. With VNC, the app renders the pixels locally, compressed the image, and sends it to a remote computer.
Not having X Windows doesn't mean you are good, though. Microsoft with it's GDI system is prone to all sorts of funny performance, scalability, and security issues. On the other hand, their remote terminal services is the best in the business.
Because X Terminal and VNC are good enough for Linux, they've done nothing better for remote terminals. Because Microsoft's Windows sucks for remote in theory, they've done extraordinary, heroic things to make their Terminal Services better than Linux.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Robᵉʳᵗ Graham
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @ErrataRob see all

Profile picture
1/ In regards to my tweets today about "institutions" that make us great, let's talk about journalism and "both-sides-ism". Nobody likes it, but those who disagree with us are still reasonable people, the are multiple sides to every debate. This is why a free press is valuable.
2/ Let's take "anti-vaxxers" for a moment, which I assume you'll agree are "batshit crazy" and not "reasonable" in any fashion. Yet, we still have a "both sides" issue. Even if "vaccines cause autism" argument is garbage, we still debate whether governments can force vaccines.
3/ It's the same argument whether governments can force you to donate a kidney. Or force you to donate bone marrow (which is relatively harmless to the donor). Or force a woman to cary a baby to term.
Read 9 tweets
Profile picture
1/ Also a good lesson for 2019, let's talk about General McChrystal's firing. What makes America great is that we have stable, independent institutions, rather than rule by a despot. That includes an independent press, courts, ... and a military.
2/ General McChrystal was critical of President Obama's policies in a piece in Rolling Stone. This was an attack on the institution of our military. Generals take their orders from the Commander In Chief, they don't publicly criticize their commanders. Therefore, he had to go.
3/ It's because we believe in "institutions" that McChrystal had to go. This is why Trump is uniquely bad among recent Presidents. It's not that he's left or right wing, it's that he's attacking all the institutions that make America great.
Read 11 tweets
Profile picture
To be fair, "Trump derangement syndrome" is a thing where people blame Trump for innocuous things, things he has no control over, or things that happened equally under Obama. On the other hand, this tweet is itself deranged.
The lesson you should learn for 2019 is how this tweet demonstrates lack of character and insecurity, they way Trump attacks childishly his critics: praising them when they agree with him, turning on them when they don't.
But that should equally apply to Trump. It's unlikely that even he is 100% bad. You should be able to point out things he does well. His recent prison reform was good. His judicial nominations have been all competent. While I don't agree with his tax law, it had needed reforms.
Read 3 tweets

Related threads

Profile picture
<Trump Indiana rally thread, starting a little late but better late than never... I think?>
Trump has already floated his conspiracy theory about outside groups organizing/funding the so-called migrant "caravan." The same conspiracy theory that motivated the Pittsburgh synagogue shooter.
Before bringing (former Indiana basketball coach) Bobby Knight on stage, Trump repeats his story about how Bobby Knight called him and urged him to run for President. Narcissists gonna be narcissistic.
Read 27 tweets
Profile picture
#Khashoggi Case Thread: I am going to ‘pin’ this post to use it as an ‘Info Thread’ on the #Khashoggi Case. I am in #Turkey. I’ve been following the case closely and with access to sources & experts here. This is a very ‘sensitive’ criminal case due to ‘Diplomatic Booby Traps’!!!
The Evidence Obtained Outside Cameras will not show any evidence of ‘tempering’ but other than license plates of dozens of diplomatic cars (Many with tinted windows-large trunks) with related time stamp, drivers Info, model/year: Nothing.
#Turkish Intel-Investigative Bodies also have the list of all Diplomatic & Private Saudi & “other significant’ Planes in #Turkey for the period of ‘interest.’ Many of the Target airports have their own security cameras & related evidence.
Read 335 tweets
Profile picture
Today's pickup: "The Floppy Disk Story", a 1984 pamphlet from Fujifilm.
Apparently there was "overwhelming demand" for this pamhplet back in the day.
It came straight from Fujifilm, it seems.
So I:
1. really want to keep this thing in good condition for my collection of Floppy Artifacts
2. really want to scan this thing, which'd require taking it apart.

I guess I'll have to be very careful unstapling it and put it back together at the end.
Read 5 tweets
Profile picture
I got a mail one day & hoped it was from this IT firm I'd applied to for a Procurement expediter role, I looked & luckily it was them!

"Yaay!!" I screamed when it read that I passed the aptitude test & should get ready for the interview.

Biggie Biggie! Heavy Heavy! 😭

Thread
I was working with a shipping agency in apapa but needed a proper job so I hoped that I got it, the next day I lied to my boss that grandmother's best friend died; & that I was her god son, & there was a ritual I needed to do.

Luckily he believed & let me take few days off..
On my way home I got to oshodi & there was a gridlock, a tanker fell on the road so there was no movement. I thought of what to do, I brought out my phone & opened my WhatsApp

"How far?" KK sent about an hour ago, I replied him & he said he was stuck in traffic

"Oshodi own abi?
Read 77 tweets
Profile picture
Are you one of those people who's looked back on 2017 and convinced yourself that you haven't achieved anything? Worried about catching up with your mates who seem to have done much better?

Let me tell you a story about #time.

A thread 👇
A long #time ago, back when I was about twelve or thirteen years old, my parents travelled to Uyo.

Before leaving, my mother asked me to prepare Edikang ikong soup so she and my father would eat when they returned.
When I was finished with the soup, it was supposed to look something like this:

*photo credit: waiter foodies.
Read 32 tweets
Profile picture
Let's do some #Narnia #travel. Because, really, why not?
Thread. #CSLewis Appreciation Day, by (my) decree.
cc. @artnmuzic, @julietyler12, @RobertaWedge, @BrentonDana, @JenniferNeyhart, @nursemaiden
I took this photo in #HurstbourneTarrant, England. It reminded me extremely powerfully of the door into Archenland, "The Horse And His Boy". And it's great in its own right.
cc.@layanglicana
Close-up of that above. You see what I mean.
Read 20 tweets

Trending hashtags

#TheMidnightZone #Gaddafi #humanrights #island #photo #knowledge #Nazism #USGov #jaintemple #Yemen #HighAlert #Gamcheon #hmmm #backpackers #work #FundamentalRights #Divorce #Shiva #HappyDiwali #randomfacts #Clinton #PhotoOfTheDay #WeThePeople #Today #tippingpoint

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!