I’ve been working on Linux for 15 years now and I perfectly remember the origin of many concepts. If you look at it through time, what would it be like:
We can build applications with external dependencies or a single binary, what should we choose?
The community is abandoning a single binary due to the increased weight of applications and memory consumption and libraries problems
Dependency hell is coming
…
Snap, flatpack, appimage and other strange solutions are inventing something, which are essentially a single binary, but with an overlay (if the developer has hands from the right place, which is often not the case)
Someone on lemmy says that he literally doesn’t care if the application is built in a single binary, consumes extra memory and have libraries problems. Just close all permissions for that application…
Well, all I can say about this is just assemble a single binary for all applications, stop doing nonsense with a flatpack/snap/etc.
UPD: or if you really want to break all the conventions, just use nixos. You don’t need snap/flatpack/etc.
Provided that flatpack has a common parent container, which is not always the case. More precisely, it almost never does. Because someone updates flatpack to new versions of the parent containers, and someone else does not.
Times are changing, and memory constraints for most programs are generally not relevant anymore.
But there are gaps in the libraries that, unlike distributions with dependencies, can no longer be managed. And all the security of your system depends on a small flatpack access control, which 99% of users do not understand at all and, with any problems simply opens access to the entire home directory.
I’m not saying Flatpak is perfect, but it appears to be the best we have.
I absolutely agree more needs to be done to explain permissions and have sane defaults. Flatseal in particular could introduce more warnings, and this is where non-technical users set their permissions.
In my experience, most Flatpaks do not request full home folder access by default, and making Flatpak access everything everywhere typically requires user intervention.
Native apps, meanwhile, just run with full system-wide access; I get it that they’re more vetted and more properly updated, but this is an unhealthy and insecure arrangement.
this is a system for work tasks. Of course, I understand what the developers are going for. that is Android. And it’s really nice to read the Internet on android. But try to do something more complicated than that and you’ll realize that it’s hell. However, I don’t mind if such distributions appear. Why not? I just don’t understand people who voluntarily limit their abilities. And why you don’t just install Android 64?
The flatpack approach automatically remove everything low-level from the equation. Do you want to write directly to the graphics card buffer? Read the input? Do I set the fan rotation parameters directly in the /proc? All these applications will never work in flat pack.
On the other hand, flatpack is superfluous and for convenience. You can simply build an executable file without dependencies and configure firejail for it yourself… That’s all. Or run the file from another user. That is so popular exactly bacause RedHat pushed them. Literaly like Canonical pushed snap.
All these applications will never work in flat pack.
They don’t have to! Flatpak doesn’t remove all other ways to install software. But for 95% of use cases, it will do just fine.
Firejail is good, but it only solves sandboxing part of the equation, and there’s so much more to Flatpaks than that. Also, it’s more painful to configure and is more sysadmin-oriented.
I’ve been working on Linux for 15 years now and I perfectly remember the origin of many concepts. If you look at it through time, what would it be like:
Well, all I can say about this is just assemble a single binary for all applications, stop doing nonsense with a flatpack/snap/etc.
UPD: or if you really want to break all the conventions, just use nixos. You don’t need snap/flatpack/etc.
Flatpak is not single binary, Flatpaks have shared runtime (For example Freedesktop, GNOME, KDE runtimes)
Provided that flatpack has a common parent container, which is not always the case. More precisely, it almost never does. Because someone updates flatpack to new versions of the parent containers, and someone else does not.
I don’t mind other solutions, as long as they have the key features Flatpak offers, namely:
Times are changing, and memory constraints for most programs are generally not relevant anymore.
But there are gaps in the libraries that, unlike distributions with dependencies, can no longer be managed. And all the security of your system depends on a small flatpack access control, which 99% of users do not understand at all and, with any problems simply opens access to the entire home directory.
I’m not saying Flatpak is perfect, but it appears to be the best we have.
I absolutely agree more needs to be done to explain permissions and have sane defaults. Flatseal in particular could introduce more warnings, and this is where non-technical users set their permissions.
In my experience, most Flatpaks do not request full home folder access by default, and making Flatpak access everything everywhere typically requires user intervention.
Native apps, meanwhile, just run with full system-wide access; I get it that they’re more vetted and more properly updated, but this is an unhealthy and insecure arrangement.
this is a system for work tasks. Of course, I understand what the developers are going for. that is Android. And it’s really nice to read the Internet on android. But try to do something more complicated than that and you’ll realize that it’s hell. However, I don’t mind if such distributions appear. Why not? I just don’t understand people who voluntarily limit their abilities. And why you don’t just install Android 64?
The flatpack approach automatically remove everything low-level from the equation. Do you want to write directly to the graphics card buffer? Read the input? Do I set the fan rotation parameters directly in the /proc? All these applications will never work in flat pack.
On the other hand, flatpack is superfluous and for convenience. You can simply build an executable file without dependencies and configure firejail for it yourself… That’s all. Or run the file from another user. That is so popular exactly bacause RedHat pushed them. Literaly like Canonical pushed snap.
They don’t have to! Flatpak doesn’t remove all other ways to install software. But for 95% of use cases, it will do just fine.
Firejail is good, but it only solves sandboxing part of the equation, and there’s so much more to Flatpaks than that. Also, it’s more painful to configure and is more sysadmin-oriented.