XScreenSaver

XScreenSaver is a free and open-source collection of 240+[3] screensavers for Unix, macOS, iOS and Android operating systems. It was created by Jamie Zawinski in 1992 and is still maintained by him, with new releases coming out several times a year.[4]

XScreenSaver
XScreenSaver-demo and the XMatrix hack
Original author(s)Jamie Zawinski
Developer(s)Jamie Zawinski
Initial release17 August 1992 (1992-08-17)
Stable release
5.45 / December 8, 2020 (2020-12-08)[1]
Repositorygithub.com/Zygo/xscreensaver
Written inANSI C, X11, OpenGL
Operating systemUnix, macOS, iOS, Android
TypeScreensaver
LicenseMIT License[2]
Websitejwz.org/xscreensaver/

Platforms

The free software and open-source Unix-like operating systems running the X Window System (such as Linux and FreeBSD) use XScreenSaver almost exclusively. On those systems, there are several packages: one for the screen-saving and locking framework, and two or more for the display modes, divided somewhat arbitrarily.[5]

On Macintosh systems, XScreenSaver works with the built-in macOS screen saver.

On iOS systems, XScreenSaver is a stand-alone app that can run any of the hacks full-screen.

On Android systems, the XScreenSaver display modes work either as normal screen savers (which Android sometimes refers to as "Daydreams") or as live wallpapers.

There is no official version for Microsoft Windows, and the developer discourages anyone from porting it. The author considers Microsoft to be "a company with vicious, predatory, anti-competitive business practices"[6] and says that, as one of the original authors of Netscape Navigator, he holds a "personal grudge" against Microsoft because of its behavior during the First Browser War.

Software Architecture

The XScreenSaver daemon is responsible for detecting idle-ness, blanking and locking the screen, and launching the display modes. The display modes (termed "hacks" from the historical usage "display hack") are each stand-alone programs.

This is an important security feature, in that the display modes are sandboxed into a separate process from the screen locking framework. This means that a programming error in one of the graphical display modes cannot compromise the screen locker itself (e.g., a crash in a display mode will not unlock the screen).

It also means that a third-party screen saver can be written in any language or with any graphics library, so long as it is capable of rendering onto an externally provided window.

For historical and portability reasons, the included hacks are all written in ANSI C. About half of them use the X11 API, and about half use the OpenGL 1.3 API.

Rather than forking the code-base and re-writing the hacks in order to target different platforms, XScreenSaver contains a number of compatibility layers.

  • To allow the X11-based hacks to run natively on macOS and iOS, XScreenSaver contains a complete implementation of the X11 API built on top of Cocoa ("jwxyz").[7]
  • To allow the OpenGL 1.3-based hacks to run natively on iOS and Android systems, which only support OpenGL ES, XScreenSaver contains an implementation of the OpenGL 1.3 API built in top of OpenGL ES 1.0 ("jwzgles").[7]
  • And to allow the X11-based hacks to run natively on iOS and Android, XScreenSaver also contains an implementation of the X11 API in terms of OpenGL ES 1.0.[8]

Security

In addition to sandboxing the display modes, the XScreenSaver daemon links with as few libraries as possible. In particular, it does not link against GUI frameworks like GTK or KDE, but uses only raw Xlib for rendering the unlock dialog box.

In recent years, some Linux distributions have begun using the gnome-screensaver or kscreensaver screen-blanking frameworks by default instead of the framework included with XScreenSaver.[9] In 2011, gnome-screensaver was forked as both mate-screensaver and cinnamon-screensaver. Earlier versions of these framekworks still depended upon the XScreenSaver collection of screen savers, which is over 90% of the package.[10] However, in 2011, gnome-screensaver version 3 dropped support for screensavers completely, supporting only simple screen blanking,[11] and as of 2018, Linux Mint's cinnamon-screensaver 4.0.8 no longer supports the XScreenSaver hacks.[12]

Those Linux distributions that have replaced XScreenSaver with other screen-locking frameworks have suffered notable security problems. Those other frameworks have a history of security bugs that allow the screen to be un-locked without a password, e.g., by simply holding a key down until the locker crashes.[13][14][15][16][17][18][19]

In 2004, Zawinski had written about the architectural decisions made in XScreenSaver with the goal of avoiding this very class of bug, [20] leading him to quip in 2015, "If you are not running XScreenSaver on Linux, then it is safe to assume that your screen does not lock."[21]

Display Modes

The included hacks are highly varied, ranging from simple 2D psychedelia, to 3D demonstrations of complex mathematical principles, to simulations of other computer systems, to re-creations of artifacts and effects from movies.

Though many of the newer hacks take full advantage of the power of modern computers, the age of the project means that some of the older hacks may look dated to modern eyes, as they were originally written for much less powerful computers.

Examples of hacks include:[3]

Some of the included hacks are very similar to demo effects created by the demoscene:

  • Boing based on the 1984 program regarded as the first Amiga demo ever, showing the bouncing red and white ball.
  • Bumps an implementation of full-screen 2D bump mapping.
  • MetaBalls another common demo effect.
  • Moire2 moving interference circles similar to those common in older Amiga demos.
  • ShadeBobs another effect common in older Amiga demos.
  • XFlame the filter-based fire effect, also known as flame effect.

See also

XScreenSaver was featured in Sleep Mode: The Art of the Screensaver,[22] a gallery exhibition curated by Rafaël Rozendaal at Rotterdam's Het Nieuwe Instituut in 2017.

Media related to XScreenSaver at Wikimedia Commons

References
  1. "Changelog". Retrieved 2020-12-24.
  2. "Debian XScreenSaver copyright list". 2020-12-24. Retrieved 2020-12-24.
  3. "List of screen savers included in the XScreenSaver collection". 2020-12-08. Retrieved 2020-12-24.
  4. "XScreenSaver release history". 2020-12-08. Retrieved 2020-12-24.
  5. "Debian XScreenSaver package list". 2020-12-24. Retrieved 2020-12-24.
  6. "XScreenSaver: Windows Version". www.jwz.org. Retrieved 2020-12-24.
  7. "jwz.org blog post about the iOS port". 2012-06-19. Retrieved 2020-12-24.
  8. "jwz.org blog post about the Android port". 2016-05-23. Retrieved 2020-12-24.
  9. "XScreenSaver FAQ regarding KDE/Gnome". Retrieved 2020-12-24.
  10. "XScreenSaver source code distribution". 2020-12-08. Retrieved 2020-12-24.
  11. Campagna, Giovanni (2011-03-21). "Re: What is the status of the screensaver in GNOME3?". gnome-shell (Mailing list).
  12. "Linux Mint 19.1 Announcement". 2018-12-20. Retrieved 2020-12-24.
  13. "Gnome-Screensaver Key Flood". 2014-04-16. Retrieved 2020-12-24.
  14. "Cinnamon-Screensaver Key Flood". 2014-08-22. Retrieved 2020-12-24.
  15. "CVE-2014-1949, Cinnamon-Screensaver Lock Bypass". 2015-01-16. Retrieved 2020-12-24.
  16. "Mandriva Security Advisory MDVSA-2015:162". 2015-03-29. Retrieved 2020-12-24.
  17. "CVE-2015-7496, Hold ESC to unlock Gnome-session GDM". 2015-11-24. Retrieved 2021-01-18.
  18. "CVE-2019-3010, Privilege Escalation in Oracle Solaris XScreenSaver fork". 2019-10-23. Retrieved 2020-12-24.
  19. "Cinnamon-screensaver lock by-pass via the virtual keyboard". 2021-01-15. Retrieved 2021-01-15.
  20. "XScreenSaver: On Toolkit Dialogs". 2004-10-19. Retrieved 2020-12-24.
  21. "jwz.org blog post about Gnome security bugs". 2015-04-04. Retrieved 2020-12-24.
  22. "Sleep Mode: The Art of the Screensaver: Jamie Zawinski Interview". 2017-01-27. Retrieved 2020-12-24.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.