Show HN: X11 tool to share a screen area in any video meeting

I love how simple this is- Barely 100 lines or C++ (ignoring comments). That's one thing that makes me prefer X11 over Wayland.

Yeah. I mean, not to deny the decades of arguments over its warts, but it's kind of amazing to me the extent to which X11 has emerged as, well, the simplest/best and most hackable desktop graphics environment available. You want to play a trick, it's right there. The ICCCM got a ton of hate back in the early 90's, but... no one else has an equivalent and people still innovate in the WM space even today.

Hackable is right. But not always in the positive sense of the word.

FWIW, the threat model you're imagining is an attacker being able to run code to display directly to the desktop using the lowest level native API. A local[1] code exploit at the level of an interactive user is already a huge failure in the modern world.

Is that a reasonable argument against using X11? Sure, for some use cases. Is it a good argument for wayland/windows/OSX/whatever to do your tiling WM experimentation? Not really, those environments kinda suck for playing around with.

[1] Or "local-ish", your system or a trusted remote has to have been compromised already. Untrusted X11 protocol still exists but is deliberately disabled (and often blocked) everywhere. Even ssh won't forward it anymore unless you dig out the option and turn it on manually.

Isn't any app that can access read the x11 socket able to read any input? It's not just running an explicitly malicious app but also the risk of compromising an app which can read the x11 socket (e.g. Firefox)

there's very little code because there's very little error handling / sanity checking. not saying X11 isn't hackable and cool, but a lot of code gets bloated and complex (and robust!) by not assuming perfect usage.

for example. run ./clipscreen 1 2 3 4

True. If something goes wrong this will just crash. But to be fair, the only error handling I could think of would probably just exit with a vague error message... Pull requests to make it more robust welcome anyway!

Yes, exactly. I'm just saying that the response to a remote browser exploit in firefox is more likely to be "YIKES ZERO DAY IN FIREFOX!!!!!" and not "well it's a good thing we're running it in windows so it can't screenshot other apps or inject key events".

It's not like it's not a valid argument, just that it's sort of a nitpick. Security is hard, and defense in depth is a thing, but this particular attack surface is way, way back in the "depth" stack for a modern app deployment.

I find it very interesting how much our threat model has changed in the last 10-15 years. We no longer trust even local software, as we have to assume everything is now malicious. Commercial software from "reputable" companies can't be trusted to not pull a ton of analytics and personal data off your computer. We now have to worry about every piece of software being a keylogger and spying on other windows/applications and reporting back.

We've had to give up so much flexibility. Wayland certainly focuses on plugging this hole, but it means we've lost all these cool utilities like this one. There was just so much you could do with devilspie, xdotool, and others to make sure my operating system and window environment worked for me.

I still really miss X11's Zaphod mode, where you had two independent X sessions (:0.0 and :0.1) on two different monitors, with different window managers and different windowing rules.

I miss the days of being able to trust my computer and trust my software.

X11 is the opposite of simple and hackable. What you are thinking of as "hackable" is actually the result of it having a ton of legacy features that enable users to do neat tricks.

Wayland breaks a lot of these tools because it is so much simpler than X.

The code is a little weird. There is no XLib event loop. It calls sleep(100) in a loop until it hits SIGINT. That will have high cpu usage for no reason.

Lacking features isn't the same thing as "simpler", Wayland is great, but is very much a subset of the features implemented on an X11 desktop. Wayland doesn't do selections or provide any IPC mechanism of its own, much less something like an ICCCM that allows you to identify/target other users of the desktop and interact with them in a flexible way. In fact as I understand it the linked tool is in fact impossible to write in Wayland.

Again, this isn't the fault of "Wayland", which is just a compositor framework. The complaint is that the ecosystem of "desktop" software which evolved around Wayland is an ad hoc monstrosity that lacks the unified structure that its ancestor had way back in the X11R5 days.

It will not, even adding just a 1ms sleep in a loop will drop CPU usage to barely noticeable levels, 10 wakes a second is barely anything for any CPU from the past 3 decades.

This certainly is an elegant X.org party trick that can't be done easily in almost any other windowing system: creating a virtual Xrandr display that overlaps with existing physical displays. It's slightly awkward since if it exits outside of sigint it will leave a virtual output and no overlay window but that's a pretty minor issue. (All of that having been said, I would strongly advise to not over-index on SLoC as a measure of quality or elegance.)

This flat-out can't be done in Wayland. Though all is not lost, you might not need this at all in Wayland. The standard way to capture the screen from an unprivileged process in Wayland is through desktop portals, and at least KDE supports a wide variety of different capture options including capturing a rectangle of the screen. I haven't tried, but I suspect this is even true when running X.org applications, thanks to XWaylandVideoBridge.

I am not really thrilled about D-Bus stuff everywhere, but it is nice that you can pretty much override any screen capture behavior you want by changing the org.freedesktop.impl.portal.ScreenCast implementation: I think that's actually a step in a better direction versus having every application implement its own functionality for selecting capture targets.

Not my experience at all. Granted I haven't tried writing a loop like this in 20ish years, because once you spot that mistake you don't tend to make it again, and CPUs are better now.

Another thing to note is when you call sleep with a low value it may decide not to sleep at all, so this loop just might be constantly doing syscalls in a tight loop.

By window manager started out as ~50 lines of Ruby copying an equivalent amount of C.

You can say many things about Wayland, but it's "simple" from a point of view I for one really do not care about. Wayland may be "simple" in some respects, but it makes most of the things I care about doing unnecessarily complex.

It's also why there existed more advanced security extensions for X11 (like security labels for windows), but also why even bare-bones X11 had methods to ensure that only one specific application was getting input, specifically to handle secure input like with passwords.

In Wayland you just start a capture with the xdg-desktop-portal API and it notifies the user and let them select the area to capture.

The most hackable would have been a Lisp based desktop.

Is it much more difficult under Wayland?

> Not my experience at all. Granted I haven't tried writing a loop like this in 20ish years, because once you spot that mistake you don't tend to make it again, and CPUs are better now.

You can trivially verify it by running the following, I have personally been using "sleep for 1ms in a loop to prevent CPU burn" for years and never noticed it having any impact, it's not until I go into microseconds when I can start noticing my CPU doing more busy work.

    // g++ -std=c++20 -osleep sleep.cpp
    #include <thread>
    #include <chrono>

    int main(int, char **)
    {
     while (true) {
     std::this_thread::sleep_for(std::chrono::milliseconds {1});
     }
     return 0;
    }

> Another thing to note is when you call sleep with a low value it may decide not to sleep at all, so this loop just might be constantly doing syscalls in a tight loop.

On what system? AFAIK, if your sleep time is low enough, it will round up to whatever is the OS clock resolution multiple, not skip the sleep call completely. On Linux, it will use nanosleep(2) and I cannot see any mention of the sleep not suspending the thread at all with low values.

Walyand probably would have been better if wlroots had been developed as a (whatever this means) first-party “built-in” library.

Yes, but I believe op was refering to how interacting with all things Wayland seems to be more involved than with x11. I'm not sure this is indeed like this, I have zero experience in developing for Wayland, but I think this is what op meant.

From a quick "how do I implement this in Python" with ChatGPT it seems to be about 30 lines, since most of the heavy lifting is done for you by the API.

If you can't trust your locally installed software, everything is lost. I understand where this new threat model comes from for some people but I'd rather continue to avoid bad software sources than hamstring my OS in the hopes of avoiding malware I installed on purpose.

I agree. But can you trust Zoom? What about Office or Photoshop? Can you trust Websites or your browser anymore? Even open source apps have analytics in them that may not be trustworthy anymore (firefox, audacity, ...).

Javascript has managed to even ruin the linux desktop. Running every random JS application sent to your browser VM makes the browser insecure which means the entire computer can't be trusted. This is the reason things like the waylands enforce a smartphone like model of security where the user's applications aren't allowed to communicate or interact with other elements of the graphical desktop. Applications aren't trusted. So the user isn't trusted. A trade-off not worth it.

> If you can't trust your locally installed software, everything is lost.

That's only true if you decide to trust it.

You can deal perfectly well with software you distrust, and not have it harm your system.

As someone who uses LLM's regularly to assist in code creation, take that output with a huge grain of salt until you've actually tested it. Especially as it relates to Wayland, I've pulled my hair out trying to get an LLM to assist with very similar tasks to this.

To the parent, splitbrain just got you to QA this for him. The true cost of software is the maintenance and QA, and he got you to do free work, and here I am doing free work writing about it. How hard we BOTH just got pwned! </joke>

haha yeah, its ok for a tool its really cool honestly :p just commenting on the 'so little code' might be good to check if the x y etc. are within the screen / set resolution perhaps.

If memory serves, Windows treats a sleep under the scheduler quantum length as a yield. It may take you off the cpu if there's something else to run but it may not. Meanwhile burning up cycles may prevent low power states.

At any rate, back to the code at hand, there are many ways to block on SIGINT without polling. But it's also hugely odd that this code does not read events from the X11 socket while it does so. This is code smell, and a poorly behaved X client.

will work for food

This is what the pause(2) syscall was made for, waiting for a signal forever.

Wayland is more focused on security. That onion layer right there will increase the complexity of usage. X11 doesn't have the extra abstractions to limit and prevent intrusive interactions with the desktop.

Example of this would be where "runas /user:smith application.exe" is simple but does not work when a Windows Service is required to run an application as the user signed in. One must use Window's API to pull in the account's token and use more API to execute "application.exe". UltraVNC is a great source to see all the extras needed.

To me it's quite sad that for a lot of things, the "standard" way of doing something is not actually part of the standard (XDG portals, third party protocols, etc.). Yes, X.org is old, bloated, unmaintainable and whathever, but at least every desktop environment used the same X server implementation and the same tools worked everywhere.

Besides the duplication of efforts in implementing the same stuff over and over, now someone developing somewhat non-trivial programs needs to be aware of the differences in supported features and non-standard extensions in all desktops, for example [1].

[1]: https://wayland.app/protocols/cursor-shape-v1#compositor-sup...

It’s a good way to drain your battery on mobile devices, even if usage looks low.

Not that this matters for this particular tool.

> Not that this matters for this particular tool.

Then the code is perfectly appropriate.

I think Wayland had made some mistakes, no doubt. Cursor shape just should've been part of the protocol. Wayland has its fair share of misfires.

That said, I understand what they were going for. They really wanted to make the compositor as small and simple as possible, so for example you would just use libwayland-cursor instead of bothering with cursors yourself. However there are a lot of ways libwayland-cursor worked out poorly... Not everyone agreed on how scaling should work, GTK4 ditched it for performance reasons, and overall it's just inconvenient for a lot of cases (languages other than C, sandboxing, etc.) And to make matters even worse, in practice every compositor needed to load and handle XCursor themes anyways...

That said, I think that it's okay if Wayland doesn't own the majority of the Linux desktop stack the way X11 did. It's fine for compositors and their helpers to implement protocols from other projects, too. That way Wayland can be more applicable to graphical machines other than desktops without bringing unnecessary baggage. It'll always have trade-offs, of course, but I think it's far from the end of the world.

It's a bad example for others and a bad habit to get into. If every program did this, we'd have trouble getting CPUs into deep idle states.

Wayland intentionally makes this more difficult, because one of the security goals of the project is that (by default) Wayland clients shouldn't have visibility into other clients' window contents/events/etc.

Of course, it still needs to be possible under Wayland, because there are plenty of legitimate use-cases (screenshots, screen sharing, video capture, etc.), but it was a non-goal to make it as simple as X.

Wayland merged the image-capture-source and image-copy-capture protocol extensions earlier this year: https://www.phoronix.com/news/Wayland-Merges-Screen-Capture

This is why I don't run Zoom or Office or Photoshop or versions of Firefox or Audacity not distributed by Debian.

Browser sandboxes pretty heavily though of course one does want to be a bit careful there too.

Yes. By not running it.

Huh? What are you trying to say? There's no conflict between distrusting applications and trusting the user. Even on Android (which is pretty paranoid these days), you, the user, can still opt to trust apps with things like accessibility API access and background location.

Why exactly should we perpetuate the insecure old single-privilege-level desktop model?

It's an irrelevant implementation detail. This is for a live call. You are streaming video at the same time, so there's no point in worrying about idling.

I'd even say that it's a good example for others, because the equivalent code with the event loop would be slightly more complicated (maybe 5 more lines?). Striving for "doing things right" when the wrong thing is perfectly appropriate would be a bad example.

I teach online for a living, and -- yep Zoom through FIREFOX only.

Coincidentally, it's also the best experience, for whatever reason it's the only on that supports virtual backgrounds on Linux for me? Neither Chrome nor Desktop seem to work for this.

I thought that Linux behaved the same, but I'm not finding any proof in `man 2 nanosleep`...

My guess is that somebody coded that event-loop-less X client not really familiar with the language and how to write Xlib apps. I partially assume this because C, C++ and especially Xlib are becoming less popular over time, so finding skilled practitioners to write it idiomatically is relatively rare now. This basic event loop stuff is something that maybe belongs in a library. So they just wrote library grade functionality themselves, badly. The commentary here is getting defensive about doing things the wrong way, coming up with lots of post hoc justification.

> Wayland intentionally makes this more difficult,

some men just want to watch the world burn

You can't find that proof because Linux does the opposite. Unless your task is SCHED_REALTIME, all timers have a little bit of slack at the end that allows the kernel to group wakeup events. You can configure this (for non-RT tasks) with prctl(PR_SET_TIMERSLACK).

https://lxr.linux.no/#linux+v6.7.1/kernel/time/hrtimer.c#L20...

https://www.man7.org/linux/man-pages/man2/PR_SET_TIMERSLACK....

It means you got to tickle the banana, good luck making sure that the gorilla holding it is fine with that.

And Wayland keeps their apps from spying on the rest of my screen!

> never noticed

I'd love to see numbers with a Kill-A-watt between the PC and the wall

> You are streaming video at the same time, so there's no point in worrying about idling.

I'd argue it's completely opposite of this. You're streaming video, already putting some significant stress on the system. No reason to waste time (even if it's a minuscule amount) to make things worse.

> Striving for "doing things right" when the wrong thing is perfectly appropriate would be a bad example.

And that's how we ended with e.g. modern IoT that kinda sorta works but accumulation of minor bad decisions (and some less minor bad decisions for sure) ends up making the whole thing a hot mess.

> Commercial software from "reputable" companies can't be trusted to not pull a ton of analytics and personal data off your computer.

Thankfully, for a lot of software, there is no reason to ever give them network access in the first place.

Why? Running an empty loop a thousand times a second is literally almost nothing to any cpu released in the past 20yrs at least

This was in the wrong thread…

This is a sleep which allows the kernel scheduler to move to a new process and not a busy-wait so it will have very very low processor usage.

Running an empty loop with no sleep or other yield type operation will peg one of your cores if you pin it to that core.

  Int main() {
    while(1) {}
  }

compile that with -O0 and see what happens.

I never understood the rationale for Wayland's "security"...

All the programs that I use (ls, rm, vim, ...) can "spy" to each other, and have unrestricted read/write access to all the bytes in my home directory. That's the whole point: I run these programs to control said bytes. What's so special about the pixels of my screen that the programs that manipulate them need to be protected from each other? If anything, the pixels in my screen seem less critical to security that the bytes in my disk. But Wayland insists in making that difficult, for incomprehensible reasons. Those are my pixels and I want to do what I decide, not what Wayland lets me to. I control my programs, not the other way round. If I decide that this program reads one pixel on my whole screen, or the global mouse position, or whatever, I see no point in forbidding me to do it.

Of course, if I want to run some rogue program whose author I don't trust, I will do so inside a limited container. But this has nothing to do with graphical applications. I wouldn't like the rogue program to read my homedir either.

When did we say anything about no sleep or yield? That's completely different. Read the thread.

Even then, "tinywl" which aims to be a "minimum viable product" Wayland compositor based on wlroots is almost 1k lines:

https://github.com/swaywm/wlroots/tree/master/tinywl

Sorry! I was looking for documentation that on Linux sleep(0) yields.

Whether the CPU is busy because of a loop with a sleep depends on the ration of the sleep time and the time to perform the rest of one loop iteration. Doing stuff in a loop iteration that takes 1min and then adding a ms sleep will not drop CPU usage a measurable amount.

re cursors: There is a replacement/amendment protocol for cursor handling coming though I don't know the current status of it. It seemed a lot easier to work with for the vast majority of cases.

There is no code in nanosleep that converts it into a yield, and in fact a nanosleep(0) is a nanosleep(50µs) with the default timer slack value. If you want to yield, call sched_yield() …

"A thousand times a second" obviously implies sleep or yield unless your computer is old enough to be your grandfather.

Where does this paranoia come from? The kind of attacks cited by Wayland advocates are all theoretically possible but virtually unheard of in practice. In any time in the past thirty years, has there ever been a case of a rogue program in the Debian repos that maliciously spies on the user by exploiting the open and trusting nature of X11? Even if you expand the scope of consideration to applications like browsers getting pwnd by RCE zero days and then doing this, how often does this actually happen? Maybe this degree of paranoia, fear of technically possible but actually extremely rare scenarios, makes sense for targeted individuals like reporters and whistleblowers operating in totalitarian countries, but for anybody else it seems insane. It's like having deadbolts on your bedroom door because you're afraid of somebody trying to kidnap you in the middle of the night, that extra security against such an unlikely threat isn't worth the inconvenience. Except actually, getting kidnapped in the middle of the night is probably a more common occurrence than getting pwned through X11 programs from your distro repos.

Zoom through a browser only.

As for the rest, they may have "analytics" (spyware) but are there any documented cases of any of them acting as an X11 keyloggers or covertly screenshotting the users desktop? Those are the threats Wayland asks us to fear. And Wayland won't protect us from the rest. If Firefox or Audacity phone home with reports about what I'm doing with those applications, Wayland won't stand in the way.

It used to be the case that glibc implemented nanosleep for small values below the scheduling quantum with a spin loop. It was explicitly documented to do so.

This was changed sometimes in the last 20 years, probably with battery powered devices becoming more prevalent and CPUs implementing more advanced sleep states.

I looked into this a bit further and it seems to be a range from [0,50]. [1] explains that if there is a pre-existing timer interrupt at 0, then the queue will be resumed at 0. But yes - given no other timers it will resume at 50.

1. https://people.kernel.org/joelfernandes/on-workings-of-hrtim...

Wayland is simple because it shoves all the responsibilities to somewhere else.

The question is about waiting, i.e. when you have no real work to do. If you have significant work to do then there is no point in sleeping until that work is done.

FYI the code has been updated to use sigwait instead.

Sleeping for 100ms between checking for events will not produce a noticeable CPU load. The only reason this would drain the battery is because it can prevent the CPU from entering deeper powersaving states - but even for that 100ms is an eternity and video streaming will prevent that anyway.

Sure, if that is the only program, but it is not. This kind of thinking drains batteries faster than necessary, drains the cache, and reduces CPU efficiency. sleep() is a wasteful system call, a kludge at best, and is never the correct solution to a synchronization problem.

The rationale is that you can have a GUI in one of those limited containers and not spy on all your other windows.

I don't run "apps" on my PC. I run programs from a trusted source repository. I expect those programs to not be hindered in their attempts to serve me.

It very much is. I expect programs running on my computer to not be restricted in how they can help me.

What is interesting is that physical home security has gone in the opposite direction - people are happy to put dozens of devices in they home which can (and some definitely do) stream everything they hear and see to the cloud.

You already can with X11, for example running your rogue graphical program inside a graphical virtual machine. The vm gui will filter-out the events that happen outside the window and the rogue program will think it's running alone.

It's nice that wayland makes such containerization much lighter, at least concerning the GUI (you still need to hide your filesystem, network, etc if you want to run rogue programs under wayland). But I don't see the point in enforcing it for each and every one of your programs. It's extremely unergonomic.

For science, literal proving hypotheses science

>Why exactly should we perpetuate the insecure old single-privilege-level desktop model?

Because after 10 years of heavy development none of the waylands have managed support simple things like screen readers. X11 supports screen readers and innumberable other vital accessibility features that wayland never will be able to. Some waylands might eventually develop extensions for their particular desktop but there won't ever be a way for wayland protocol because it can't. Security theater is more important than accessibility/usability for wayland that leaves many use cases and entire demographics of people out in the cold.

So yes, X11, which is still the least worst option. Better to have the ability to do all things than have to wait decades+ for developers to write complex extensions to do things (and just for their DE, causing fragmentation).

I think the general direction where Wayland, Flatpak and other similar sandbox frameworks are going is that of users running proprietary, untrusted and more or less user-hostile apps on the desktop, just like on tables and smartphones.

Well, I already run my setup through a kilowatt. I don't see a difference with Python, which you can argue should be 10-100x less efficient:

import time

while True:

    time.sleep(0.001)

also the script itself it bounces between 0% and 1% cpu usage