@ebassi Just recently I got an issue from a user on KDE who has Reduced Motion (or similar) enabled there but our GTK app on Flatpak doesn't inherit it from KDE, only (the old option) from GNOME.

@whynothugo "depends on polkit" yeah, no shit. The privilege escalation flow is a solved problem if you use the tools that the OS provides you. "Something dead simple" is not a thing, unless you want to re-implement everything that already exists and is well integrated with the rest of the OS. In short: people don't want "dead simple" as in "I have to run two binaries"; they want something that works like everything else.

@whynothugo in short: yes, there's some complexity, usually already dealt with by the people developing the applications and integrating your OS. The complexity is not there for shits and giggles, and it's only visible if you're taking over from those two roles above. Some computer touchers enjoy doing the integrator's job, but that's not something that actual users have to care about.

@ebassi I trust in the decades-proven security and reliability of Xorg on my stable extended long-term support distribution

@ebassi people want “dead simple" and “want something that works like everything else”. That’s why they (try to) run gparted as root.

You can just create a socket for IPC, and use group membership to control permissions. Linux, BSD and any other Unix-like support this just fine.

Perhaps polkit+udisks has some technical advantage (compared to a socket) in some specific use case, but folks will always go for convenience. Especially the kind of folks who want a GUI.

@whynothugo sorry, but nothing of what you wrote is correct, or how things are supposed to work in 2025. I strongly recommend you stop hurting yourself.

@whynothugo an OpenBSD and Alpine user coming here and arguing for ease of use with handrolled IPC sockets instead of the proper privilege escalation API that is well integrated with desktop environments used by millions of people…

@ebassi stating that what I said is incorrect contributes nothing to a discussion. If you believe that a statement is incorrect, please elaborate on that.

And please refrain for insults, this has so far been a civil conversions. I have not disrespected you in any way.

@YaLTeR @ebassi so you're the one who still uses Ubuntu 16.04? /j

@tragivictoria @ebassi yes i'm the ubuntu 16.04 georg

@YaLTeR @ebassi That doesn’t update a thing unless there is a patch attached to a CVE

@ebassi https://m.xkcd.com/1200/

it's not like people are going to run GParted sandboxed otherwise. And it fundamentally needs access to your full disk, so not running as root is not going to buy you much security.

But yeah, you don't *have to* run it as root either, so why not run it as $USER.

@bugaevc that XKCD strip is fundamentally flawed: installing fake software running as an admin is how people get access to all those remote services without having to physically steal the laptop.

The problem is not running gparted (or whatever application): it's running everything, from settings to random (GTK) modules, as root without your knowledge or consent. You don't know what else has root access when you run a whole ass GUI application.

@bugaevc I've have bug reports for gdk-pixbuf being broken after the switch to sandboxed loaders because people run gparted as root and modify the environment to set themes and cursors from their user's home directory. This is the kind of insanity we allow, while going around sandboxing and hardening the underlying OS.

@ebassi While privilege separation is obviously the right choice, I can kind of understand why people keep on going for the "run desktop app as root" approach: it is a lot easier to do things the wrong way.

If you're building a graphical app that runs as root, it is quite easy to run the app from the build directory without installing it.

To go the privilege separation route, you're going to need to install at least the D-Bus policy files and Polkit action files. It could probably do with some more tutorial style documentation of current best practices here.

@ebassi@mastodon.social It's basically universal human behaviour to make up stuff to be mad at. Wherever I look at, I always see this type of behaviour. Quite amazing, in a way.

@ebassi we need Summoning Salt style videos to recount the lore

@danirabbit need to pick up the history of GNOME again…

@uriel 2026 was going to be the year of the SteamOS Desktop, but Altman instead decided to make it Year Of The "nobody gets a Desktop"

@ebassi @GerryT It was understandable back when apps implemented the other half of the protocol. Namely unselecting text once they lose ownership of PRIMARY.

Once apps started to keep showing selected text without owning PRIMARY, the model broke down. And I'm not sure the people asking for middle click paste would even want this part to change.

Then simply make it configurable. The "telemetry-driven" approach may suit corporate environments, but I find it rather troubling that one might be unable to use their PDP-11 simply because no one else in the vicinity does the same. Everyone should have the freedom to run a PDP-11 at home.