Wayland is flawed at its core and the community needs to talk about it

TL;DR: Wayland bakes a paranoid security model directly into its protocol instead of using a sane capability system, breaks tons of important software (RenderDoc, xkill, automation tools, etc), solves threats that basically dont exist in practice, and projects like COSMIC arent even bothering with X11 support anymore. If X11 dies completely, entire workflows and niches are going with it. We either need Wayland to change its philosophy or start from scratch with something new.


I've been daily driving Linux for about 5 years now. Not the longest time compared to some of you, but enough to understand why I'm here. I want to actually my computer. That's the whole reason. Windows kept doing stuff I didn't ask for, and Linux was the answer. So why does it feel like Wayland is trying to bring that same energy back?

My core issue with Wayland is that it confuses security philosophy with protocol design. The developers decided early on that applications should be completely isolated from each other. One window cannot know anything about another window. An application cannot grab pixels from another application. Programs cannot position other programs windows.

And before someone says "but security!", look: this isolation ISN'T a configurable security layer you can adjust based on your needs. Its THE fundamental architecture. When Wayland devs say "we dont support feature X because security", what they really mean is "we designed ourselves into a corner and now we literally cant add this without breaking everything."

You know how actual secure systems work? Capabilities. The Linux kernel does this with stuff like CAP_NET_ADMIN or CAP_SYS_PTRACE. SELinux does this. AppArmor does this. Even Android, which is paranoid as hell about security, has a granular permission system where you can say "yes this app can do this specific thing."

Wayland could have been designed like a microkernel approach. Minimal core protocol, well defined extension points, capability system where compositors grant specific permissions to specific apps. Want your automation tool to see window positions? Grant it that capability. Screenshot tool needs to capture specific windows? Theres a capability for that.

But no. Instead we got "nobody can do anything unless we specifically designed a portal for it, and even then your compositor might not implement that portal, so good luck lmao."

And I would shut up if that actually solved something, but it solves problems that dont really exist. Lets talk about what Wayland supposedly protects us from. The classic example is keyloggers: on X11, any application can read keystrokes from any other application. Sounds bad right?

But think about it for a second. If malicious software is running on your system with your user permissions, you already lost. That application can read your files. It can access your browser cookies. It can modify your bashrc to capture passwords. It can install itself as a systemd user service. It can do literally anything you can do.

The idea that preventing it from reading X11 events makes you meaningfully more secure is honestly a fantasy. The actual threat model where X11 isolation matters is basically nonexistent in the real world. Meanwhile, the restrictions that "protect" you from this theoretical threat break actual software that real people use every day. Not bad enough, there are a LOT of actual useful stuff that break down because of this. This is where I get actually frustrated. Here's software that just doesnt work properly under Wayland:

RenderDoc is probably the most important graphics debugging tool out there. If you do anything with Vulkan or OpenGL, you need this. It works by injecting into the target process and capturing API calls. Wayland's security model makes this a nightmare. If youre a graphics dev on Linux, this alone should concern you.

Theres no xkill equivalent. On X11, window freezes, you run xkill, click on it, its dead. Simple. Been working for decades. On Wayland you

literally cannot do this in a compositor agnostic way because apps arent allowed to identify other windows. Each compositor has to roll their own solution, if they even bother.

xdotool and automation are just gone. Completely broken. If you have noscripts that automate window management, send keystrokes, position windows programatically.. Wayland says "sorry, security risk" and offers nothing in return. Years of workflow optimization just thrown away.

Global hotkeys were broken for years. Discord push to talk? Didnt work. Media keys in some apps? Didnt work. Some of this got "fixed" through portals but its still fragmented and janky.

Screen recording and streaming was a disaster for the longest time. OBS needed special backends for each compositor. Some compositors just didnt support it at all. Even now its worse than X11 for a lot of users.

Color management only recently got addressed and tons of compositors still dont implement it right. If you do photography or video editing and need accurate colors, Wayland was literally unusable for years.

Compatibility isn't even the real problem. When you bring this stuff up, people always say "just wait, itll get better." And sure, some gaps are closing. XWayland exists. Portals are slowly adding features.

But compatibility isnt my main concern. My concern is that Wayland's architecture means certain things will NEVER work, by design. The developers have said clearly they wont add features they consider security risks, even if users want them, even if users accept the tradeoff.

And heres whats really worrying: new projects arent even bothering with X11 anymore. Look at COSMIC from System76. Its Wayland only. No X11 support, and they've said thats how its gonna stay. This is the future. More and more projects will go Wayland only, X11 support will slowly rot away, and eventually it wont be a choice anymore.

If X11 truly dies and Wayland becomes the only option, entire categories of software and workflows will just cease to exist on Linux. Graphics debugging becomes second class. Automation requires compositor specific hacks forever. Power users who want actual control get told they cant have it.

Look, I use linux because I want to control my computer. This is really what it comes down to for me. I didnt switch to Linux because I wanted my OS to protect me from myself. I switched because I wanted freedom. If I want an application to see other windows, that should be MY decision. If I want to run automation noscripts, thats MY choice. If I want to accept a theoretical security risk in exchange for functionality I actually need, that should be up to ME.

Wayland treats users like threats to their own systems. It assumes you cant be trusted to make decisions about what software can do on your own computer. This is Windows mentality. This is Apple mentality. This is exactly what Linux was supposed to be an escape from.

# So what now

I think theres really only two paths forward. Either Wayland fundamentally changes its philosophy and adopts something like capability based permissions, or we need to start working on a new display protocol from scratch that actually learns from both X11 and Wayland's mistakes.

The current path where X11 slowly dies while Wayland remains hostile to power users is not sustainable. We're going to loose important niches. We're going to drive away developers who need functionality Wayland refuses to provide. We're going to make Linux worse in the name of security theater.

X11 had real problems, I'm not denying that. It was old, full of cruft, the rendering model was showing its age. A replacement was probably needed. But Wayland aint it. It prioritized a flawed security model over user freedom, and now we're all paying for it.

I really hope I'm wrong about this. I hope the Wayland devs eventually realize that treating users as adversaries isnt the way. But based on every discussion I've seen, they seem completely committed to this path. And honestly that scares me about where Linux on the desktop is heading, because this looks

exactly what Microsoft or Apple do, prohibiting their users from doing stuff in their own operational systems.

https://redd.it/1pxectw
@r_linux

What are your favourite hidden gems on Linux?

I’ve been using Ubuntu as my daily driver for a while now, and I keep stumbling on tools or tricks that make me wonder how I missed them for so long.

Looking for:

lesser-known CLI tools
small config tweaks that improve daily use
utilities that quietly solve annoying problems
things you only discover after years on Linux


What is a hidden gem you wish you had found earlier?

https://redd.it/1pxh3y0
@r_linux

kernel merge acquired. adult linux contributor unlocked.
https://redd.it/1pxl0r4
@r_linux

Linux gaming is growing! The Roblox client Sober was downloaded 1.3 million times this year.
https://redd.it/1pxlf4v
@r_linux

Libreboot 26.01 RC1 released - free/opensource BIOS/UEFI replacement
https://libreboot.org/news/libreboot2601rc1.html

https://redd.it/1pxlxgh
@r_linux

8 years of “This Week in Plasma” - Actively looking for a person or team interested in taking over TWiP
https://blogs.kde.org/2025/12/28/8-years-of-this-week-in-plasma/

https://redd.it/1pxndle
@r_linux

What are your expectations for Linux in 2026?

My first expectation from Linux is to surpass 5% user base.

My second expectation is that online games will massively start supporting Linux.

My third expectation is that Epic or GOG will release a native launcher.

Four is snapdragon linux laptops.

Fifth on the list is that either GIMP or LibreOffice has become an industry standard.

Sixth steam machine will sell 4 million units.

https://redd.it/1pxx5z9
@r_linux

Proxmox-GitOps: IaC Container Automation (v1.3 with staging, „75sec to infra stack“ demo)
https://redd.it/1py0dds
@r_linux

Thoughts on Valve’s Project Lepton and what it could mean for Linux

I’ve been thinking about Valve’s Project Lepton lately, and I’m curious if anyone else sees the same potential here or if I’m overreading it.

On the surface, Lepton looks like an Android compatibility layer for Linux / SteamOS, kind of the same idea as Proton but aimed at APKs instead of Windows games. For VR alone, that already makes sense. Android basically owns the VR app ecosystem right now, so if Valve wants their VR hardware to compete seriously, being able to run Android VR apps without ports is a huge win.

But what keeps sticking in my head is the Linux desktop angle.

Proton didn’t just help gaming on Linux it changed expectations. People stopped asking “does Linux have games?” and started asking “why wouldn’t this work?” If Lepton focuses more on apps than games, Linux could suddenly access a massive pool of Android apps that never had Linux ports in the first place. Productivity apps, indie tools, niche stuff that would never justify a native Linux version.

And if Valve treats Lepton the same way they treated Proton (open, community-driven, iterative), then it’s not really Valve vs Microsoft or Valve vs anyone. It’s an ecosystem thing. That’s much harder to shut down or “compete away,” especially without looking hostile to users.

I don’t think this means Linux suddenly replaces Windows or anything dramatic like that. Inertia is real. But I do think it could make Linux seriously competitive in a way it hasn’t been before especially as Windows keeps losing user trust and Steam Deck already showed that people are fine with Linux as long as it stays out of their way.

Google is the wildcard here. Android spreading everywhere helps them, but losing control over distribution and services probably doesn’t. I’m really curious how they respond long-term.

Maybe it’s nothing. Maybe it’s niche. But Proton felt niche once too.

Curious what others think is Lepton just about VR, or could this turn into another slow but meaningful shift for Linux?

https://redd.it/1py3035
@r_linux

In doing some cleaning, I came across my old RHEL class books. They're at least 15 years old. I'm not in the biz anymore. Are these of any value to anyone? Or are they horribly dated?
https://redd.it/1py5ca2
@r_linux

Time to revive FatELF?

About 16 years ago now, FatELF was proposed, an executable format where code for multiple architectures can be put into one "fat binary". Back then, the author was flamed by kernel and glibc devs, seemingly partly because back then x86_64 had near complete dominance of computing (the main developer of glibc even referring to arm as "embedded crap"). However a lot has changed in 16 years. With the rise in arm use outside of embedded devices and risc-v potentially also seeing more use in the future, perhaps it's time to revive this idea seeing as now we have multiple incompatible architectures floating around seeing widespread use. The original author has said that he does not want to attempt this himself, so perhaps someone else can? Maybe I'm just being stupid here and there's a big reason this isn't a good idea.

Some more discussion about reviving this can be found here.

What do you guys think? Personally I feel like the times have changed and it's a good idea to try and revive this proposal.

https://redd.it/1py8j5b
@r_linux

Ripple v2.0.0 is Out Now
https://redd.it/1pyalg9
@r_linux

I just made the switch from Windows to Linux, and now I wish someone had introduced me to Linux sooner

The noscript, basically.

Originally I tried cinnamon mint for an older laptop that had pretty much stopped working, it had become so slow, even with a clean Windows 10 install, that I was going to throw it away.

Much to my surprise, after a clean Cinnamon mint install, the laptop is like new. It runs as fast as on the day I bought it, many, many years ago.

So of course, I had to try and check if gaming was possible - and much to my surprise, it is. Sure, it does require a bit of tinkering with settings, and it is definitely not plug and play, but for just a tiny time investment, I can now run pretty much all my Steam games.

I have two sons, 16 and 13, and they are now getting my older laptops with Cinnamon Mint installed, and we are going to completely switch off anything google or microsoft related, be it on laptops or on phones.

Wish I could do it for my wife too... But she is just the kind of user that is not made for Linux.

Anyway - I even made the switch with my more recent laptop - I took the plunge and had to edit the registry to transition my disks to AHCI, which had me a bit anxious, but everything went well.

I hope I can become more knowledgeable about the possibilities Linux offers in the future. For now, I very much enjoy owning my hardware again, and not having telemetry running on my hardware 24-7.

https://redd.it/1pyecdh
@r_linux

KDE - Highlights from 2025
https://pointieststick.com/2025/12/28/highlights-from-2025/

https://redd.it/1pymp29
@r_linux

SuperTux 0.7 Beta 1 released

The first BETA for SuperTux v0.7.0 is out now! You can download it from https://github.com/SuperTux/supertux/releases/tag/v0.7.0-beta.1

Check out the development summary for 0.7 on https://www.youtube.com/watch?v=PczyNWV8gI0 for the main changes!

Please try it out and report issues on GitHub here: https://github.com/SuperTux/supertux/issues

Thank you all for playing SuperTux and supporting us throughout the years!

https://redd.it/1pynjxa
@r_linux

I’m a young Linux user and my mother doesn’t like how the terminal looks.

I’m a young Linux user and I’ve been having a problem recently. Yesterday I was planning on designing the motherboard for a DIY game console, so I was downloading the proper software then I realize “My windows always look messy and unorganized“. This is a huge problem if you’re working on a project that requires more than one windows, so I decided to download swaywm. Whilst I was downloading Sway, my mother walked in on me with the terminal open and text flying by (normal sudo apt Install stuff) and told me to turn off the computer and not use it again because she didn’t like the terminal.


For context I’m using my grandmothers old IMac, which was bricked due to apple being greedy. All the stuff on the IMac was already off the computer and my mother was worried about me messing with said (inaccessible) data via the terminal I guess?


Does anyone know how to explain this situation to a tech illiterate person?

https://redd.it/1pypxra
@r_linux

39C3: Multiple vulnerabilities in GnuPG and other cryptographic tools
https://www.heise.de/en/news/39C3-Multiple-vulnerabilities-in-GnuPG-and-other-cryptographic-tools-11125362.html

https://redd.it/1pyu27b
@r_linux

What do people mean when they say “learn linux” ?

I often saw people recommending to learn linux be it because of a job or something else. I never quite understood what this meant. Is knowing linux = knowing windows, just being able to use it effectively or is there more to it?

https://redd.it/1pywoxb
@r_linux

Built a secure shared memory library for Linux

I’ve built a Linux shared memory toolkit and C library that adds a security-focused layer on top of POSIX/SysV shared memory.

It includes:

\-A C library for creating and accessing shared memory

\-Encryption using libsodium, with keys managed outside the shared segment

\-Explicit attach/access control

\-Semaphore-based synchronization

\-Structured reads/writes instead of raw byte buffers

\-A small CLI and daemon used for shared memory lifecycle and key management

I’d appreciate feedback on the overall design, and any obvious issues or improvements.

Repo-link: https://github.com/Dhinesh-Fedor/Secure-SHM

https://redd.it/1pywvr6
@r_linux