Xpra: Persistent Remote Applications for X11

Original Article ↗ Hacker News Discussion ↗

Xpra Use Cases and Features

  • Used to run remote X11 applications as if local, with persistent sessions that can be detached and reattached (e.g., long‑running browser on a headless box, apps in VMs, “newer than distro” software in a headless VM).
  • Seen as a way to approximate Qubes-like compartmentalization using VMs plus Xpra, though likely less secure; individual features can be disabled for untrusted servers.
  • Appreciated for seamless window integration compared to full remote desktops like Chrome Remote Desktop.
  • Provides an HTML5 client for running remote apps in a browser.
  • Has tooling like run_scaled for scaling X11 apps, though some distros ship older Xpra versions missing this.

HiDPI, DPI, and Mixed-Resolution Issues

  • One complaint is lack of HiDPI support; others argue DPI should be handled by X clients/servers, not Xpra itself.
  • More detailed responses note Xpra acts as both server and client, so it must manage DPI; if misconfigured, apps assume 96 DPI and look wrong on hi‑res displays.
  • Mixed DPI (laptop + low‑DPI external monitor) remains tricky; X11’s RANDR can expose per‑monitor DPI, but not all toolkits (notably some GTK versions) use it properly.
  • Some mention Xpra needing a patched dummy X driver for correct DPI handling, and that distro packages may lag.

Security Considerations

  • Over SSH, main risk highlighted is passing passwords on the command line; SSH keys with agents are recommended.
  • X11 itself is described as fundamentally insecure (any client can spy on/inject into others), whereas Xpra can provide a more controlled boundary than plain X forwarding.
  • A detailed security document is referenced for deeper analysis.

SSH Integration and UX

  • The GUI’s SSH support is criticized as weak; defaulting to Paramiko breaks existing OpenSSH setups (jump hosts, identities, multiplexing) unless --ssh=ssh is used.
  • Defenders argue Paramiko enables integrated GUI prompts, better cross‑platform handling, and richer error reporting than spawning ssh as a subprocess.
  • Workarounds include wrapper scripts, per‑session config files, or changing global/user Xpra config to restore OpenSSH as default, though some see this as too complex and emphasize that defaults matter.

Comparisons and Alternatives

  • Xpra is compared with many remote solutions: NoMachine, x2go (NX v3), NICE DCV, RustDesk, MeshCentral, xrdp, KRDP, gamescope, winswitch, and others.
  • NoMachine and NICE DCV are praised for “local feel” and performance; Xpra is still valued for per‑window remoting and persistence.
  • GPU‑accelerated encoding (e.g., NVENC) with client GPU decoding is noted as transformative for latency and perceived performance; some use Xpra in such setups.

X11 vs. Wayland Meta‑Discussion

  • One branch argues that on Linux, native Wayland + waypipe is preferable to Xpra if all systems are Wayland‑based; Xpra remains useful for X11 and cross‑platform.
  • Broader debate covers:
    • Whether X11 is truly “deprecated” or just “finished but still maintained.”
    • Wayland’s long, contentious rollout, initial lack of essential features (screen sharing, remote desktop, window positioning, non‑integer scaling, proper video/game support), and proliferation of compositor‑specific extensions.
    • Security and architecture trade‑offs: X11’s “mechanism, not policy” and easy compositing vs. its lack of isolation; Wayland’s stricter policy and sandboxing but more bikeshedding and fragmentation.
    • Ongoing gaps in Wayland for accessibility (screen readers), video capture/cameras, and certain gaming/Vulkan use cases, with some suggesting Xorg still works better in practice.

Other Side Topics

  • Some users use rsync or Syncthing to sync entire Firefox profiles instead of relying on Firefox Sync, as a crude but effective way to keep browser state aligned across machines.
  • Fragmentation in Linux remote desktop and graphics stacks is seen by some as a sign of a flexible ecosystem, by others as churn and lack of long‑term interface design.