Fan of Flatpaks ...or Not?
-
> plus sudden updates that nuke active applications.This is not what's supposed to happen. If an app installed through flatpak is active while it's receiving an update, then the update is not supposed to affect the running application until it's closed/restarted.Edit: Somehow I didn't realize the concern was raised against Snap and not Flatpak.
The thread is about snap and why it's worse than flatpak.
-
This post did not contain any content.
My favorite part of the linux experience is the FREEDOM, but also being talked down to for not using my freedom correctly, I should only do things a specific way or I might as well just use windows.
-
Well, I heard that people who use flatpacks are libs. True?
Sorry, I just think it's funny that Linux users get so defensive about this stuff. You really felt insulted by this?
It was clearly trying to be insulting. I don't understand why anyone would try to start a flamewar over flatpaks.
-
Haven't had much opportunity to use snap, what's the problem with them?
And also the fact that the store backend is proprietary
-
Oh 100% but have you tried to explain how to use one to a computer novice? Like yes, the answer is usually “they should just…” but novice users will never. With flatpak, they get an experience similar to how MacOS works and a bit like how .exes work and it Just Works
️Edit: like I’ve had trouble showing people how to use the GNOME App Store which could not be any more simple. Anyone who has been convinced to install Linux already feels way out of their element so making everything feel as natural as possible is essential (and I mean, flatpaks are awesome anyway)
Wait how do you install flatpaks? I add the remote (if necessary) and then install it from there. That is nothing like I have ever seen on Windows (though apparently there are package managers).
-
I thought flatpaks were created to make packaging easier, not to solve all security issues. Still sounds like a win to me.
I mean, they added "bash scripts you find online", which are only a problem if you don't look them over or cannot understand them first... Their post is very much cemented in the paranoid camp of security.
Not that they're wrong. That's the big thing about security once you go deep enough: the computer has to work for someone, and being able to execute much at all opens up some avenues of abuse. Like securing a web based service. It has to work for someone, so of course everything is still vulnerable at some point. Usually when private keys or passwords are compromised if they're doing things remotely correctly, but they're still technically vulnerable at some point.
-
That's certainly a concern for some, but I'm using like 30 GB for all the things I've installed, which is a lot (12 (flatpak-system), 76 (flatpak-user)) but that's on a 2 TB drive, which amounts to like 1½% of the total available space. I don't think that's a bad trade.
Compared to a pure install that can run on an electric toothbrush it's a massive pill to swallow for some.
-
This post did not contain any content.
Flatpaks are pretty great for getting the latest software without having to have a cutting edge rolling release distro or installing special repos and making sure stuff doesn't break down the line.
I use Flatpaks for my software that I need the latest and greatest version of, and my distros native package for CLI apps and older software that I don't care about being super up to date.
My updater script handles all of it in one action anyways, so no biggie on that either.
Flatpaks are the best all-in-one solution when compared to Appimages or Snaps imo.
-
This post did not contain any content.
I don't like how so many distros ship with discover configured to install flatpaks by default. It's a huge newbie trap when you click "open file" and uh where are all my files??
You should only install a flatpak if the program is not available for your OS, or if the native version doesn't work for some reason. -
My favorite part of the linux experience is the FREEDOM, but also being talked down to for not using my freedom correctly, I should only do things a specific way or I might as well just use windows.
wrote on last edited by [email protected]You don't have to do as they say but doing so lets you talk down to others who aren't. So it's a fair trade.
-
This post did not contain any content.
Not a fan. There's often trouble, and some settings is hassle, and sometimes not even working.
-
That's not really true. It lists all the flatpak dependencies in that disk use, but a lot of those are shared, so they don't actually use that much each if you install more than one, and the deb dependencies aren't included at all. Flatpaks really do use more space, especially if you only have a small number of them, but it's not as bad as that.
Nope, I was counting all dependencies, both for flatpak and apk installations.
-
Compared to a pure install that can run on an electric toothbrush it's a massive pill to swallow for some.
And not many consider the environmental impact of this either. Sure storage might be cheap (not in my country but I digress) but more space still requires more storage and across thousands of computers and then millions of computers that's not an insignificant increase. We should be increasing technological efficiency not what were doing at the moment which seems to be just throwing more power and resources at the problems.
-
That's certainly a concern for some, but I'm using like 30 GB for all the things I've installed, which is a lot (12 (flatpak-system), 76 (flatpak-user)) but that's on a 2 TB drive, which amounts to like 1½% of the total available space. I don't think that's a bad trade.
Lucky you. My laptop has a small HD, and all that space is a problem.
-
That reminds me, is Flatpak packaging CLI tools already?
Looks like it does? Or at least could?
https://unix.stackexchange.com/questions/740712/does-flatpak-support-command-line-applications
I've never seen one so far though
-
I prefer Arch Linux's use of flatpaks, which is none at all ever
wrote on last edited by [email protected]Me pretty much only ever using arch Linux: "what the fuck is a flatpak"
I once had to install Firefox into wsl (Ubuntu) and I wanted the kms on the spot.
But maybe it's not that bad for newer people to get started with Linux.
-
This post did not contain any content.
I'm starting to think that in terms of features and possiblities, nix might truly be the best third party package manager of all. But the downside is that especially when using it the way it's recommended, combined with home manager, it has the steepest learning curve. Also graphical apps can be problematic. There is a tool called nixgl that tries to solve this, but it's a wrapper, so when a nix application opens a child process that needs to use the native system drivers, that childprocess is also wrapped in nixgl and it breaks. I recently found a neat workaround on github to solve this in a better way, which is to create a driver package manually with home manager, and symlink it to /run/, which is also where the drivers are linked on NixOS. This is a gamechanger to me because with no driver problems anymore, you can install almost everything through nix on pretty much any distro, except maybe for some programs that need system level access to run. You can install graphical programs, cli programs, and even entire window managers with it. I'm using full NixOS at the moment, but i'm seriously debating moving back to void linux with nix on top. Currently messing with it in a vm to test my configs.
-
I mean, they added "bash scripts you find online", which are only a problem if you don't look them over or cannot understand them first... Their post is very much cemented in the paranoid camp of security.
Not that they're wrong. That's the big thing about security once you go deep enough: the computer has to work for someone, and being able to execute much at all opens up some avenues of abuse. Like securing a web based service. It has to work for someone, so of course everything is still vulnerable at some point. Usually when private keys or passwords are compromised if they're doing things remotely correctly, but they're still technically vulnerable at some point.
The parent comment mentions working on security for a paid OS, so looking at the perspective of something like the users of RHEL and SUSE: supply chain "paranoia" absolutely does matter a lot to enterprise users, many of which are bound by contract to specific security standards (especially when governments are involved). I noted that concerns at that level are rather meaningless to home users.
On a personal system, people generally do whatever they need to in order to get the software they want. Those things I listed are very common options for installing software outside of your distro's repos, and all of them offer less inherent vetting than Flathub while also tampering with your system more substantially. Though most of them at least use system libraries.
they added “bash scripts you find online”, which are only a problem if you don’t look them over or cannot understand them
I would honestly expect that the vast majority of people who see installation steps including
curl [...] | sh(so common that even reputable projects like cargo/rust recommend it) simply run the command as-is without checking the downloaded script, and likewise do the same even if it'ssudo sh. That can still be more or less fine if you trust the vendor/host, its SSL certificate, and your ability to type/copy the domain without error. Even if you look at the script, that might not get you far if it happens to be a self-extracting one unless you also check its payload. -
This post did not contain any content.
I kinda like flatpaks being an option, not sure when they are the only option though.
-
Flatpak Zen Browser is never asking me to be the default. Maybe it did in the beginning but I don't remember.
Flatpak Firefox does that for me
