Fan of Flatpaks ...or Not?
-
I've been working on Linux for 15 years now and I perfectly remember the origin of many concepts. If you look at it through time, what would it be like:
- We can build applications with external dependencies or a single binary, what should we choose?
- The community is abandoning a single binary due to the increased weight of applications and memory consumption and libraries problems
- Dependency hell is coming
... - Snap, flatpack, appimage and other strange solutions are inventing something, which are essentially a single binary, but with an overlay (if the developer has hands from the right place, which is often not the case)
- Someone on lemmy says that he literally doesn't care if the application is built in a single binary, consumes extra memory and have libraries problems. Just close all permissions for that application...
Well, all I can say about this is just assemble a single binary for all applications, stop doing nonsense with a flatpack/snap/etc.
UPD: or if you really want to break all the conventions, just use nixos. You don't need snap/flatpack/etc.
wrote on last edited by [email protected]I don't mind other solutions, as long as they have the key features Flatpak offers, namely:
- Being open-source
- Having app permission system
- Having bundled dependencies
- Integrating decently with the system
Times are changing, and memory constraints for most programs are generally not relevant anymore.
-
As I said, dependencies typically don't take that much space. We're not in the '80s, I can spare some megabytes to ensure my system runs smoothly and is managed well.
As per naming, I agree, but barely anyone uses command line to install Flatpaks, as they are primarily meant for desktop use. In GUI, Flatpaks are shown as any other package, and all it takes is to push "Install" button.
If you want to enjoy your chad geeky Linux, you still can. Go for CachyOS, or anything more obscure, never to use Flatpaks again. At the same time, let others use what is good and convenient to them.
It's not the 80s, and I can save a few megabytes to keep my system running smoothly and well-managed.
And then it turns out that you have 18 libssl libraries in diffirent fpatpacks, and half of them contain a critical vulnerability that any website on the Internet can use to hack your PC. How much do you trust the limitations of flatpack apps? are you sure that a random hacker won't hack your OBS web plugin and encrypt your entire fpatpack partition (which some "very smart" distributions even stuff office into, and your work files will be hidden there). People have come up with external dependencies for a reason.
-
I don't mind other solutions, as long as they have the key features Flatpak offers, namely:
- Being open-source
- Having app permission system
- Having bundled dependencies
- Integrating decently with the system
Times are changing, and memory constraints for most programs are generally not relevant anymore.
Times are changing, and memory constraints for most programs are generally not relevant anymore.
But there are gaps in the libraries that, unlike distributions with dependencies, can no longer be managed. And all the security of your system depends on a small flatpack access control, which 99% of users do not understand at all and, with any problems simply opens access to the entire home directory.
-
It's not the 80s, and I can save a few megabytes to keep my system running smoothly and well-managed.
And then it turns out that you have 18 libssl libraries in diffirent fpatpacks, and half of them contain a critical vulnerability that any website on the Internet can use to hack your PC. How much do you trust the limitations of flatpack apps? are you sure that a random hacker won't hack your OBS web plugin and encrypt your entire fpatpack partition (which some "very smart" distributions even stuff office into, and your work files will be hidden there). People have come up with external dependencies for a reason.
Fair criticism!
However, the extent of the damage is limited by flatpak and whatever permissions you have set, and, if I understand it correctly, you cannot attack one flatpak through the other unless they share access to some files.
Also, I haven't seen this kind of attack in the wild (maybe I'm not informed enough?) as opposed to rogue maintainers injecting malware into packages.
On an unrelated note: apparently, there is finally some Russian Lemmy instance? That's a welcome change.
-
Fair criticism!
However, the extent of the damage is limited by flatpak and whatever permissions you have set, and, if I understand it correctly, you cannot attack one flatpak through the other unless they share access to some files.
Also, I haven't seen this kind of attack in the wild (maybe I'm not informed enough?) as opposed to rogue maintainers injecting malware into packages.
On an unrelated note: apparently, there is finally some Russian Lemmy instance? That's a welcome change.
However, the extent of the damage is limited by flatpak and whatever permissions you have set, and, if I understand it correctly, you cannot attack one flatpak through the other unless they share access to some files.
there is a problem here that permissions are also set by the packages developers. User in most cases click accept all and alll done.
On an unrelated note: apparently, there is finally some Russian Lemmy instance? That's a welcome change.
Well... Appeared 2 years ago. It's just that practically no one needs it.
-
Times are changing, and memory constraints for most programs are generally not relevant anymore.
But there are gaps in the libraries that, unlike distributions with dependencies, can no longer be managed. And all the security of your system depends on a small flatpack access control, which 99% of users do not understand at all and, with any problems simply opens access to the entire home directory.
wrote on last edited by [email protected]I'm not saying Flatpak is perfect, but it appears to be the best we have.
I absolutely agree more needs to be done to explain permissions and have sane defaults. Flatseal in particular could introduce more warnings, and this is where non-technical users set their permissions.
In my experience, most Flatpaks do not request full home folder access by default, and making Flatpak access everything everywhere typically requires user intervention.
Native apps, meanwhile, just run with full system-wide access; I get it that they're more vetted and more properly updated, but this is an unhealthy and insecure arrangement.
-
This post did not contain any content.wrote on last edited by [email protected]
Idk how, but one time I tried installing something as a flatpak and it took like 300+MB and a very long time. I figured something was wrong, found a way to install it normally and it took like 10MB and installed quickly. Idk what went wrong, but I'll never touch this garbage again
Edit: oh they're not for arch. Maybe they should have told me before the 300mb slog
-
Flatpaks are pretty great for getting the latest software without having to have a cutting edge rolling release distro or installing special repos and making sure stuff doesn't break down the line.
I use Flatpaks for my software that I need the latest and greatest version of, and my distros native package for CLI apps and older software that I don't care about being super up to date.
My updater script handles all of it in one action anyways, so no biggie on that either.
Flatpaks are the best all-in-one solution when compared to Appimages or Snaps imo.
without having to have a cutting edge rolling release distro
Oh, that explains why they're completely bloated & useless to me. Arch btw
-
This post did not contain any content.
Honestly, I am a little scarred from snap.
Otherwise I'm agnostic on flatpaks - I've used a couple and they're ok? They just remind me of old windows games that dump all their libraries in a folder with them.
On a modern system the extra space and loss of optimisation is ok, but on older hardware or when you're really trying to push your system to run something it technically shouldn't, I can see it being an issue.
-
I'm not saying Flatpak is perfect, but it appears to be the best we have.
I absolutely agree more needs to be done to explain permissions and have sane defaults. Flatseal in particular could introduce more warnings, and this is where non-technical users set their permissions.
In my experience, most Flatpaks do not request full home folder access by default, and making Flatpak access everything everywhere typically requires user intervention.
Native apps, meanwhile, just run with full system-wide access; I get it that they're more vetted and more properly updated, but this is an unhealthy and insecure arrangement.
wrote on last edited by [email protected]this is a system for work tasks. Of course, I understand what the developers are going for. that is Android. And it's really nice to read the Internet on android. But try to do something more complicated than that and you'll realize that it's hell. However, I don't mind if such distributions appear. Why not? I just don't understand people who voluntarily limit their abilities. And why you don't just install Android 64?
The flatpack approach automatically remove everything low-level from the equation. Do you want to write directly to the graphics card buffer? Read the input? Do I set the fan rotation parameters directly in the /proc? All these applications will never work in flat pack.
On the other hand, flatpack is superfluous and for convenience. You can simply build an executable file without dependencies and configure firejail for it yourself... That's all. Or run the file from another user. That is so popular exactly bacause RedHat pushed them. Literaly like Canonical pushed snap.
-
However, the extent of the damage is limited by flatpak and whatever permissions you have set, and, if I understand it correctly, you cannot attack one flatpak through the other unless they share access to some files.
there is a problem here that permissions are also set by the packages developers. User in most cases click accept all and alll done.
On an unrelated note: apparently, there is finally some Russian Lemmy instance? That's a welcome change.
Well... Appeared 2 years ago. It's just that practically no one needs it.
Permissions are also set by the packages developers
True, and I don't think it is healthy not to let them to. But it would be nice to either have some vetting on the matter, or ask user about which permissions they agree for when they install Flatpak.
Appeared 2 years ago
Ого, то есть примерно когда я сам здесь очутился. Никогда не слышал о ру инстансах, хоть и искал. Теперь, кажется, нашёл)
Берёте человечка на борт? Не обещаю сделать Рекабу главным инстансом, но всегда полезно быть по обе стороны Чебурнета, а то последнее время с забугорными беды бывают.
-
this is a system for work tasks. Of course, I understand what the developers are going for. that is Android. And it's really nice to read the Internet on android. But try to do something more complicated than that and you'll realize that it's hell. However, I don't mind if such distributions appear. Why not? I just don't understand people who voluntarily limit their abilities. And why you don't just install Android 64?
The flatpack approach automatically remove everything low-level from the equation. Do you want to write directly to the graphics card buffer? Read the input? Do I set the fan rotation parameters directly in the /proc? All these applications will never work in flat pack.
On the other hand, flatpack is superfluous and for convenience. You can simply build an executable file without dependencies and configure firejail for it yourself... That's all. Or run the file from another user. That is so popular exactly bacause RedHat pushed them. Literaly like Canonical pushed snap.
All these applications will never work in flat pack.
They don't have to! Flatpak doesn't remove all other ways to install software. But for 95% of use cases, it will do just fine.
Firejail is good, but it only solves sandboxing part of the equation, and there's so much more to Flatpaks than that. Also, it's more painful to configure and is more sysadmin-oriented.
-
This post did not contain any content.
I've heard Flatpaks aren't great at CLI tools, is that true ?
As a Nix user, I'm glad Flatpaks exist for other people, but I only ever use them when a package is not available from Nix directly. Seeing as Nix is literally the biggest package manager out there, it's a pretty rare occurrence.
-
This post did not contain any content.
Most of us refugees just want windows but cool.
-
This post did not contain any content.
About the image: The joke's on you, I install my flatpaks via the terminal.
I've started using flatpaks more after starting using Bazzite and I liked them more than I expected. As a dev, I still need my work tools to be native, but most of my other needs are well covered by flatpaks.
Tip: Flatseal is a great config manager for flatpaks' permissions.
-
About the image: The joke's on you, I install my flatpaks via the terminal.
I've started using flatpaks more after starting using Bazzite and I liked them more than I expected. As a dev, I still need my work tools to be native, but most of my other needs are well covered by flatpaks.
Tip: Flatseal is a great config manager for flatpaks' permissions.
I installed flatseal but I never understand what is essential and what is not.
-
I've heard Flatpaks aren't great at CLI tools, is that true ?
As a Nix user, I'm glad Flatpaks exist for other people, but I only ever use them when a package is not available from Nix directly. Seeing as Nix is literally the biggest package manager out there, it's a pretty rare occurrence.
Yes it is true. Flatpak is for gui apps only, at least as far as I know.
-
About the image: The joke's on you, I install my flatpaks via the terminal.
I've started using flatpaks more after starting using Bazzite and I liked them more than I expected. As a dev, I still need my work tools to be native, but most of my other needs are well covered by flatpaks.
Tip: Flatseal is a great config manager for flatpaks' permissions.
Installing flatpaks via the terminal is so much faster for some reason, so I always do it that way.
-
This post did not contain any content.wrote on last edited by [email protected]
I am definitely a fan. A lot of people say that flatpaks are bad because of sandboxing but I haven't seemed to have any issues with it.
Although I do try to use dnf when a dnf package is available (I use fedora)
-
Flatpak Zen Browser is never asking me to be the default. Maybe it did in the beginning but I don't remember.
Maybe you checked "stop asking"?
