Will the new Unity 8/Mir support GTK 3.14+ applications such as GNOME Music and GNOME Weather? These applications do not have conventional title bars but Mac-style header bars with controls in them. I prefer GNOME's Nautilus over Unity's version, while still running Unity instead of GNOME Shell. I support GNOME3 and GTK 3.14/3.16 as much as I support Unity, even though there's little major improvements to Unity compared to GNOME Shell. But if I do have a choice between GNOME 3.8 and Unity, I'd prefer Unity until GTK 3.10+ came out with support for header bars. I'd chose Unity because of global menu and the HUD. Well, that's about it.

Oh, and speaking of QT5, I like how client-side decorations are used for a video player, which looked very cool. Very Mac-like. But of course, to each their own.

And of course, I strayed way too far off-topic from Mir improvements landed in GTK+.

Ubuntu 15.04 is a lot closer to upstream GNOME again than Ubuntu 14.10 was at the time of release. New GTK+, Nautilus, etc. releases are in and unity-decorations better support some (but not all) of the new GNOME stuff now. It's not the same like regular GNOME 3 but 15.04 is definitly very close again.

I suspect we'll be hearing all about Mir "Improvements" for many many years.

Hopefully I will try out Ubuntu 15.04 daily build in a virtualbox before I distro-hop. Thanks.

Client side decorations a potential security issue in browsers

Here's why I do not trust client-side decoration in browsers: the danger of a malicious "close" button that actually launches attack code/malware. Long ago, Windows users were advised not to use any "close" buttons presented by popup widgets that were ads or appeared to be ads, as malicious software was being distributed using intentionally offensive elements that included a fake "close" button. Due to that I reponded to overlay Flash ads in Youtube videos, etc by closing the entire browser window for many years.

Consider a malicious webpage in a browser with client-side decoration: a skilled attacker could take control of the window close button, then run something like porn on a work-related site seeking for force a hasty click on the close button. Although the webpage does not render the browser widgets, attack code could presumably use an exploit to change this. Getting control of a server side decoration's close button, by comparison, becomes window manager specific as well as OS specific.

DID I ever mention browsers in my post? Here:



Source: https://kver.wordpress.com/2014/10/2...e-decorations/

I was thinking of a 100% CSD future

I was thinking more of a future in which all decorations are drawn by the application, the direction in which GNOME is trending. After all, getting client side and server side decorations thematically consistant is not easy (I've done this myself as close as I could in my own theme).

Quite frankly, if you're at the point where someone has taken over the CSD of an application, then you're already screwed, because that means they've broken out of the browser sandbox.

Again, I did not mention web browsers in my post.