Fan of Flatpaks ...or Not?
-
Fair criticism!
However, the extent of the damage is limited by flatpak and whatever permissions you have set, and, if I understand it correctly, you cannot attack one flatpak through the other unless they share access to some files.
Also, I haven't seen this kind of attack in the wild (maybe I'm not informed enough?) as opposed to rogue maintainers injecting malware into packages.
On an unrelated note: apparently, there is finally some Russian Lemmy instance? That's a welcome change.
However, the extent of the damage is limited by flatpak and whatever permissions you have set, and, if I understand it correctly, you cannot attack one flatpak through the other unless they share access to some files.
there is a problem here that permissions are also set by the packages developers. User in most cases click accept all and alll done.
On an unrelated note: apparently, there is finally some Russian Lemmy instance? That's a welcome change.
Well... Appeared 2 years ago. It's just that practically no one needs it.
-
Times are changing, and memory constraints for most programs are generally not relevant anymore.
But there are gaps in the libraries that, unlike distributions with dependencies, can no longer be managed. And all the security of your system depends on a small flatpack access control, which 99% of users do not understand at all and, with any problems simply opens access to the entire home directory.
wrote on last edited by [email protected]I'm not saying Flatpak is perfect, but it appears to be the best we have.
I absolutely agree more needs to be done to explain permissions and have sane defaults. Flatseal in particular could introduce more warnings, and this is where non-technical users set their permissions.
In my experience, most Flatpaks do not request full home folder access by default, and making Flatpak access everything everywhere typically requires user intervention.
Native apps, meanwhile, just run with full system-wide access; I get it that they're more vetted and more properly updated, but this is an unhealthy and insecure arrangement.
-
This post did not contain any content.wrote on last edited by [email protected]
Idk how, but one time I tried installing something as a flatpak and it took like 300+MB and a very long time. I figured something was wrong, found a way to install it normally and it took like 10MB and installed quickly. Idk what went wrong, but I'll never touch this garbage again
Edit: oh they're not for arch. Maybe they should have told me before the 300mb slog
-
Flatpaks are pretty great for getting the latest software without having to have a cutting edge rolling release distro or installing special repos and making sure stuff doesn't break down the line.
I use Flatpaks for my software that I need the latest and greatest version of, and my distros native package for CLI apps and older software that I don't care about being super up to date.
My updater script handles all of it in one action anyways, so no biggie on that either.
Flatpaks are the best all-in-one solution when compared to Appimages or Snaps imo.
without having to have a cutting edge rolling release distro
Oh, that explains why they're completely bloated & useless to me. Arch btw
-
This post did not contain any content.
Honestly, I am a little scarred from snap.
Otherwise I'm agnostic on flatpaks - I've used a couple and they're ok? They just remind me of old windows games that dump all their libraries in a folder with them.
On a modern system the extra space and loss of optimisation is ok, but on older hardware or when you're really trying to push your system to run something it technically shouldn't, I can see it being an issue.
-
I'm not saying Flatpak is perfect, but it appears to be the best we have.
I absolutely agree more needs to be done to explain permissions and have sane defaults. Flatseal in particular could introduce more warnings, and this is where non-technical users set their permissions.
In my experience, most Flatpaks do not request full home folder access by default, and making Flatpak access everything everywhere typically requires user intervention.
Native apps, meanwhile, just run with full system-wide access; I get it that they're more vetted and more properly updated, but this is an unhealthy and insecure arrangement.
wrote on last edited by [email protected]this is a system for work tasks. Of course, I understand what the developers are going for. that is Android. And it's really nice to read the Internet on android. But try to do something more complicated than that and you'll realize that it's hell. However, I don't mind if such distributions appear. Why not? I just don't understand people who voluntarily limit their abilities. And why you don't just install Android 64?
The flatpack approach automatically remove everything low-level from the equation. Do you want to write directly to the graphics card buffer? Read the input? Do I set the fan rotation parameters directly in the /proc? All these applications will never work in flat pack.
On the other hand, flatpack is superfluous and for convenience. You can simply build an executable file without dependencies and configure firejail for it yourself... That's all. Or run the file from another user. That is so popular exactly bacause RedHat pushed them. Literaly like Canonical pushed snap.
-
However, the extent of the damage is limited by flatpak and whatever permissions you have set, and, if I understand it correctly, you cannot attack one flatpak through the other unless they share access to some files.
there is a problem here that permissions are also set by the packages developers. User in most cases click accept all and alll done.
On an unrelated note: apparently, there is finally some Russian Lemmy instance? That's a welcome change.
Well... Appeared 2 years ago. It's just that practically no one needs it.
Permissions are also set by the packages developers
True, and I don't think it is healthy not to let them to. But it would be nice to either have some vetting on the matter, or ask user about which permissions they agree for when they install Flatpak.
Appeared 2 years ago
Ого, то есть примерно когда я сам здесь очутился. Никогда не слышал о ру инстансах, хоть и искал. Теперь, кажется, нашёл)
Берёте человечка на борт? Не обещаю сделать Рекабу главным инстансом, но всегда полезно быть по обе стороны Чебурнета, а то последнее время с забугорными беды бывают.
-
this is a system for work tasks. Of course, I understand what the developers are going for. that is Android. And it's really nice to read the Internet on android. But try to do something more complicated than that and you'll realize that it's hell. However, I don't mind if such distributions appear. Why not? I just don't understand people who voluntarily limit their abilities. And why you don't just install Android 64?
The flatpack approach automatically remove everything low-level from the equation. Do you want to write directly to the graphics card buffer? Read the input? Do I set the fan rotation parameters directly in the /proc? All these applications will never work in flat pack.
On the other hand, flatpack is superfluous and for convenience. You can simply build an executable file without dependencies and configure firejail for it yourself... That's all. Or run the file from another user. That is so popular exactly bacause RedHat pushed them. Literaly like Canonical pushed snap.
All these applications will never work in flat pack.
They don't have to! Flatpak doesn't remove all other ways to install software. But for 95% of use cases, it will do just fine.
Firejail is good, but it only solves sandboxing part of the equation, and there's so much more to Flatpaks than that. Also, it's more painful to configure and is more sysadmin-oriented.
-
This post did not contain any content.
I've heard Flatpaks aren't great at CLI tools, is that true ?
As a Nix user, I'm glad Flatpaks exist for other people, but I only ever use them when a package is not available from Nix directly. Seeing as Nix is literally the biggest package manager out there, it's a pretty rare occurrence.
-
This post did not contain any content.
Most of us refugees just want windows but cool.
-
This post did not contain any content.
About the image: The joke's on you, I install my flatpaks via the terminal.
I've started using flatpaks more after starting using Bazzite and I liked them more than I expected. As a dev, I still need my work tools to be native, but most of my other needs are well covered by flatpaks.
Tip: Flatseal is a great config manager for flatpaks' permissions.
-
About the image: The joke's on you, I install my flatpaks via the terminal.
I've started using flatpaks more after starting using Bazzite and I liked them more than I expected. As a dev, I still need my work tools to be native, but most of my other needs are well covered by flatpaks.
Tip: Flatseal is a great config manager for flatpaks' permissions.
I installed flatseal but I never understand what is essential and what is not.
-
I've heard Flatpaks aren't great at CLI tools, is that true ?
As a Nix user, I'm glad Flatpaks exist for other people, but I only ever use them when a package is not available from Nix directly. Seeing as Nix is literally the biggest package manager out there, it's a pretty rare occurrence.
Yes it is true. Flatpak is for gui apps only, at least as far as I know.
-
About the image: The joke's on you, I install my flatpaks via the terminal.
I've started using flatpaks more after starting using Bazzite and I liked them more than I expected. As a dev, I still need my work tools to be native, but most of my other needs are well covered by flatpaks.
Tip: Flatseal is a great config manager for flatpaks' permissions.
Installing flatpaks via the terminal is so much faster for some reason, so I always do it that way.
-
This post did not contain any content.wrote on last edited by [email protected]
I am definitely a fan. A lot of people say that flatpaks are bad because of sandboxing but I haven't seemed to have any issues with it.
Although I do try to use dnf when a dnf package is available (I use fedora)
-
Flatpak Zen Browser is never asking me to be the default. Maybe it did in the beginning but I don't remember.
Maybe you checked "stop asking"?
-
Idk how, but one time I tried installing something as a flatpak and it took like 300+MB and a very long time. I figured something was wrong, found a way to install it normally and it took like 10MB and installed quickly. Idk what went wrong, but I'll never touch this garbage again
Edit: oh they're not for arch. Maybe they should have told me before the 300mb slog
If i got it right, flatpacks gather all of the dependencies of the package and bundles them with tha package. Maybe those extra 290mb were from dependencies that you already had installed but that flatpak wanted to install another copy.
-
Maybe you checked "stop asking"?
Probably but I think if the original comment wanted the message to disappear they would also have done that.
-
I installed flatseal but I never understand what is essential and what is not.
It is mostly trial and error. I use it mostly to set envvars.
As an example, I add the ~/.themes folder and the GTK_THEME to allow some apps to get the themes I downloaded.
-
Probably but I think if the original comment wanted the message to disappear they would also have done that.
No, I wouldn't. It's how I can tell if the setting actually took!
