And that’s before we even get onto DEs – and much of the desktop Linux stack in general – generally not being designed with security in mind, as it’s not been something they’ve had to worry about.
I’m not sure this is entirely correct. But there’s truth here in the sense that things have been becoming more complex over time, so now an average desktop system has much more packages than 10 years ago, and supply chain vulnerabilities are a thing.
Now, using snap store, flathub and all that is just unhygienic.
We will see more malware, more scams. We will see glaring security problems that were allowed to stay in place for years be exploited. We will see infighting in the Linux community over all of this stuff.
I’m certain most of the failures will be in the new shiny stuff, and thus most of the losses in that infighting too.
Now, using snap store, flathub and all that is just unhygienic.
What is this based on? What do you mean by “unhygienic” anyway?
Flatpaks are more secure than system packages. They’re not installed with installation scripts that run as root (and can therefore do anything to your system if malicious code is slipped in.
Flatpaks also have sandboxing. It’s not a perfect implementation mind you, but it’s better than zero sandboxing.
Snaps is a bit more complicated, but sandboxing works if you have a fistro that uses AppArmour, so basically Ubuntu and some derivatives. Although who else would use snaps anyway lol. Flatpak won that fight.
I’m certain most of the failures will be in the new shiny stuff
I don’t know why you’d be certain of that. New stuff is generally designed from the ground up to be more secure.
Look at Flatpaks Vs repo packages.
Look at xdg-portals Vs 500 different implementations to do the same thing.
Look at the absolutely cataclysmic security catastrophe that is X11 compared to Wayland.
Because a vulnerability in one DE’s file manager, for example, will have smaller impact because many people don’t use that DE.
Same with other things.
Also because that’s something we still had to worry about.
Flatpaks are more secure than system packages. They’re not installed with installation scripts that run as root (and can therefore do anything to your system if malicious code is slipped in.
Not all package managers even run install scripts (from packages) at all.
Flatpaks may contain vulnerable versions of libraries bundles, IIRC. While the one from the normal package manager has been updated.
Flatpaks also have sandboxing. It’s not a perfect implementation mind you, but it’s better than zero sandboxing.
I just don’t like the general direction of this. Running more and more complex and untrusted crap and solving that with more complexity.
I don’t know why you’d be certain of that. New stuff is generally designed from the ground up to be more secure.
More complexity - bigger probability of mistakes. Sometimes fundamental laws are enough.
Look at the absolutely cataclysmic security catastrophe that is X11 compared to Wayland.
I’m afraid of the day that may come where people will say that Emacs is a security catastrophe due to lack of isolation.
This essentially all boils down to “I don’t like new things, and despite it being made more secure, I don’t trust it”
How are sandboxes “untrusted crap”?
You talk about complexity being bad, yet you seem to prefer X11 over Wayland, and 500 different implementations of the same thing, implemented separately by every app developer, rather than using a standardised xdg-portal. Surely you see the contradiction there?
This essentially all boils down to “I don’t like new things, and despite it being made more secure, I don’t trust it”
No, quite the opposite, I like new things, just in my own direction. Which would be simplification. We’ve had this exponential growth of computing power and complexity and expectations in the last 30 years, which can’t go on.
Again, where you’d use a screwdriver 100 years ago, you’ll still generally use a screwdriver, possibly one as simple as 200 years ago, but with computers we for some reason have to hammer nails with a microscope today.
A personal computer should be as complex as Amiga 500 tops.
Wasting 1000 times the energy to try and make it easier to use than that still hasn’t yielded satisfactory results, for a sane person this means stop.
The rest is just gaslighting.
How are sandboxes “untrusted crap”?
What you run in them is untrusted crap.
yet you seem to prefer X11 over Wayland, and 500 different implementations of the same thing, implemented separately by every app developer,
Yes, what’s standard in X11 has N different variants with Wayland. Correct.
rather than using a standardised xdg-portal
I don’t use it at all.
If you meant that Wayland is simpler than X11, let’s compare them when Wayland reaches feature parity. Also X11 as a standard is simple enough.
I also consider Nix and Guix to be better solutions to some of the problems Flatpak and Snap solve, and Flatpak and Snap to fall short of solving others.
Like I said, much of the new things you’re complaining about is simplification. Flatpak, Wayland, xdg-portals.
A personal computer should be as complex as Amiga 500 tops.
Lol. Why stop there? Why not say they should be no more complex than an abacus?
What you run in them is untrusted crap.
How?
And assuming it is… running it without a sandbox is somehow better??
Yes, what’s standard in X11 has N different variants with Wayland. Correct
Can you please answer. X11 is far more complex than Wayland. Why do you prefer it if you like simplicity?
I don’t use it at all.
You don’t use programs that… do things? Things like follow system theming, give notifications, open/save files, record your screen, open a file picker, etc? I don’t think you’re grasping what portals are.
If you meant that Wayland is simpler than X11,
Wayland is simpler than X11, by a long shot.
let’s compare them when Wayland reaches feature parity.
It won’t ever, by choice. It’s not meant to. X11 is filled with many mistakes that it should never have had.
Also X11 as a standard is simple enough.
The X11 developers say otherwise, and have embraced Wayland.
I also consider Nix and Guix to be better solutions to some of the problems Flatpak and Snap solve, and Flatpak and Snap to fall short of solving others.
Christ. I don’t. At all. You want simplicity and are now advocating for Nix and Guix, no Flatpaks, sticking with X11, no xdg-portals?
Do you have the definitions of “simple” and “complicated” mixed up in your mind?
Like I said, much of the new things you’re complaining about is simplification. Flatpak, Wayland, xdg-portals.
No. AppImage is relatively simple. Flatpak is not. There’s a clear difference between “new shiny” and “new”.
Lol. Why stop there? Why not say they should be no more complex than an abacus?
Amiga 500 is quite functional as compared to abacus. Modern PCs not so much as compared to Amiga 500.
Can you please answer. X11 is far more complex than Wayland. Why do you prefer it if you like simplicity?
It’s not far more complex as a protocol.
You don’t use programs that… do things? Things like follow system theming, give notifications, open/save files, record your screen, open a file picker, etc? I don’t think you’re grasping what portals are.
I don’t, quick googling says this is something connected to giving permissions to Flatpaks or something, which I don’t use.
Wayland is simpler than X11, by a long shot.
ColibriOS is simpler than Genera.
It won’t ever, by choice. It’s not meant to. X11 is filled with many mistakes that it should never have had.
As in?
The X11 developers say otherwise, and have embraced Wayland.
So what? It’s not a religion to embrace.
Do you have the definitions of “simple” and “complicated” mixed up in your mind?
In what world is Guix more complex than Flatpaks?
See, you are trying to do these emotional hints at me saying something stupid, but this is really too much.
I’m not sure this is entirely correct. But there’s truth here in the sense that things have been becoming more complex over time, so now an average desktop system has much more packages than 10 years ago, and supply chain vulnerabilities are a thing.
Now, using snap store, flathub and all that is just unhygienic.
I’m certain most of the failures will be in the new shiny stuff, and thus most of the losses in that infighting too.
Why is that?
What is this based on? What do you mean by “unhygienic” anyway?
Flatpaks are more secure than system packages. They’re not installed with installation scripts that run as root (and can therefore do anything to your system if malicious code is slipped in.
Flatpaks also have sandboxing. It’s not a perfect implementation mind you, but it’s better than zero sandboxing.
Snaps is a bit more complicated, but sandboxing works if you have a fistro that uses AppArmour, so basically Ubuntu and some derivatives. Although who else would use snaps anyway lol. Flatpak won that fight.
I don’t know why you’d be certain of that. New stuff is generally designed from the ground up to be more secure.
Look at Flatpaks Vs repo packages.
Look at xdg-portals Vs 500 different implementations to do the same thing.
Look at the absolutely cataclysmic security catastrophe that is X11 compared to Wayland.
Because a vulnerability in one DE’s file manager, for example, will have smaller impact because many people don’t use that DE.
Same with other things.
Also because that’s something we still had to worry about.
Not all package managers even run install scripts (from packages) at all.
Flatpaks may contain vulnerable versions of libraries bundles, IIRC. While the one from the normal package manager has been updated.
I just don’t like the general direction of this. Running more and more complex and untrusted crap and solving that with more complexity.
More complexity - bigger probability of mistakes. Sometimes fundamental laws are enough.
I’m afraid of the day that may come where people will say that Emacs is a security catastrophe due to lack of isolation.
This essentially all boils down to “I don’t like new things, and despite it being made more secure, I don’t trust it”
How are sandboxes “untrusted crap”?
You talk about complexity being bad, yet you seem to prefer X11 over Wayland, and 500 different implementations of the same thing, implemented separately by every app developer, rather than using a standardised xdg-portal. Surely you see the contradiction there?
No, quite the opposite, I like new things, just in my own direction. Which would be simplification. We’ve had this exponential growth of computing power and complexity and expectations in the last 30 years, which can’t go on.
Again, where you’d use a screwdriver 100 years ago, you’ll still generally use a screwdriver, possibly one as simple as 200 years ago, but with computers we for some reason have to hammer nails with a microscope today.
A personal computer should be as complex as Amiga 500 tops.
Wasting 1000 times the energy to try and make it easier to use than that still hasn’t yielded satisfactory results, for a sane person this means stop.
The rest is just gaslighting.
What you run in them is untrusted crap.
Yes, what’s standard in X11 has N different variants with Wayland. Correct.
I don’t use it at all.
If you meant that Wayland is simpler than X11, let’s compare them when Wayland reaches feature parity. Also X11 as a standard is simple enough.
I also consider Nix and Guix to be better solutions to some of the problems Flatpak and Snap solve, and Flatpak and Snap to fall short of solving others.
Like I said, much of the new things you’re complaining about is simplification. Flatpak, Wayland, xdg-portals.
Lol. Why stop there? Why not say they should be no more complex than an abacus?
How?
And assuming it is… running it without a sandbox is somehow better??
Can you please answer. X11 is far more complex than Wayland. Why do you prefer it if you like simplicity?
You don’t use programs that… do things? Things like follow system theming, give notifications, open/save files, record your screen, open a file picker, etc? I don’t think you’re grasping what portals are.
Wayland is simpler than X11, by a long shot.
It won’t ever, by choice. It’s not meant to. X11 is filled with many mistakes that it should never have had.
The X11 developers say otherwise, and have embraced Wayland.
Christ. I don’t. At all. You want simplicity and are now advocating for Nix and Guix, no Flatpaks, sticking with X11, no xdg-portals?
Do you have the definitions of “simple” and “complicated” mixed up in your mind?
No. AppImage is relatively simple. Flatpak is not. There’s a clear difference between “new shiny” and “new”.
Amiga 500 is quite functional as compared to abacus. Modern PCs not so much as compared to Amiga 500.
It’s not far more complex as a protocol.
I don’t, quick googling says this is something connected to giving permissions to Flatpaks or something, which I don’t use.
ColibriOS is simpler than Genera.
As in?
So what? It’s not a religion to embrace.
In what world is Guix more complex than Flatpaks?
See, you are trying to do these emotional hints at me saying something stupid, but this is really too much.