I get this sporadically, probably once a week on average. Most of the time it seems to be caused by a specific tab and resolves itself after closing the tab (in my case Slack is the most common culprit).
KDE plasma. From my experience it uses less resources than lxqt and xfce and works out of the box while lxqt and xfce required extra work to get wifi, screen brightness controls and audio working. I can have 10+ tabs in a chromium based browser open without lag on an old laptop with 2GB ram and 1.33 - 1.83GHz 4 core intel atom from 10 years ago.
Its a silly default. Might also be to allow people to edit /etc configs with the app since its a basic editor. With enough dummies complaining about “doesn’t work can’t access files in <directory>” the dev may have set that to reduce negative review bloat (seriously look at the flatpak and snap stores and the number of bad reviews due to people not understanding the permissions system).
I would be turning that off immediately until I knew how trustworthy the app was or not installing it, just saying I can see where that default setting might be coming from.
Flatpak could use a permissions prompting api, so a prompt could be displayed to the user when they try to access a file outside the permissions scope, but that’s probably a lot of work to get in place. Maybe something we’ll see in flatpak in a few years.
Until then I think there needs to be some way to point new users to Flatseal and a summary of what these warnings imply and how to grok them.
A window manager like i3 or Openbox. If you are curious what that’s like, then try out Bunsenlab Linux. (XFWM4 is also a great choice, but it requires some know how to properly rip out the rest of Xfce, like the relatively heavy desktop and the panel)
Is the A6 from 2017/18? Should be fine with anything. My wife’s laptop is from 2010/11. I tried all the DEs because of the lightness claims, I found GNOME worked the best, and it is super peppy running NixOS.
I asked online why GNOME would perform better than what is assumed a lighter DE, and a comouter dude says GNOME goes and gets everything it needs and caches it when you launch something so retrieval is faster in the app, KDE loads stuff on demand as it is asked for so a alow CPU and HDD hinderes KDE for me.
Not for the average/casual user, which is why this post exists.
The average person will look at that and see the ‘!’ in a triangle and became scared of what it can do to their system, even though it has no more permissions than a system package. Alternatively, they will become desensitized and learn to ignore it, resulting in installing flatpacks from untrusted and unverified sources.
Overall, I just think the idea around having to sandbox all flatpaks is not a good idea. To give a concrete example, Librewolf is marked as “potentially unsafe” because it has access to the download folder, but if I want to use it to open a file that isn’t in “downloads” I have to use flatseal to give it extra permissions - it’s the worst of both worlds! Trying so hard to comply with flatpak guidelines that it gets in the way of doing things, and still not being considered safe enough.
but if I want to use it to open a file that isn’t in “downloads” I have to use flatseal to give it extra permissions
There has been a portal to prevent this issue for years now. The fix isn’t to patch around issues in Flatseal, it’s for developers or Flatpak packagers to fix their security policies and code.
As an added benefit, KDE users get thumbnails in their file picker because they’re no longer stuck with the old GTK one but instead can use their native file picker portal. A win for everyone!
I don’t know about this in depth, but from what another user in this thread said, a flatpak can’t ask a portal to have access to two files at once. If I’m understanding correctly, that would explain why Librewolf needs permission to access ~/Downloads, since it can be downloading more than one file at once, and it needs access to all those files in ~/Downloads at the same time.
EDIT: I got a bit mixed up with what you were saying, but nevertheless, if this is true, then Librewofl would still need permission to access ~/Downloads and so be marked as “potentially unsafe”.
Librewolf would need to ask permission to a folder (for the standard downloads folder for instance) or it would need to show two save prompts when downloading two files (isn’t that what it does already?)
The “two files” thing only applies to applications that ask access for one file (say, an mp4) and also want a second file in that same directory (say, a matching .srt). That can be worked around by selecting multiple files in the file picker, but that does pose for an annoying restriction. I don’t see how a browser would be affected by this, though, as browsers don’t tend to also send secondary files when you upload something.
I get what you mean. When updating Linux mint, the “This needs to get some additional packages too” window, relatively benign, has a big scary ⚠️/ /! on it.
Felt the need to explain to the person I was installing it for. “That’s totally normal, just look it over first and continue.”
…like, it’s gonna do that almost every time it updates, it doesn’t need to look scary. :|
Just looking at the weird scaremongering around Signal from the past few days ("a chat app stores keys as files that you can read) shows a trend that I’ve been seeing more the past years: people have gotten so used to the Android/iOS sandboxing system that they’ve either never been taught or have forgotten how normal programs work.
Flatpak and the necessary desktop portals are very much a work in progress when it comes to user friendliness, but they’re what the world has been moving towards for a while now.
I don’t know why a journaling app needs full system access and access to system settings, and the permission Flatseal requests is a dangerous one if you pay attention to these things. Looks like they’re doing their job to me.
I don’t know why a journaling app needs full system access and access to system settings, and the permission Flatseal requests is a dangerous one if you pay attention to these things. Looks like they’re doing their job to me.
Xournal seems pretty trustworthy to me, so I assume it’s for code simplicity (or age) or not being made with Flatpak in mind - just ‘open any file/full filesystem access’’ (for basic functions like opening files) and ‘change system settings’ for probably only a few features that change system settings.
I agree the permissions are dangerous and I commend Flatpak for incentivizing developers to use granular permissions.
As others (and you yourself have said), Flatseal’s entire purpose is to edit Flatpak lermissions, so that one shouldn’t be alarming.
The first one allows Flatseal to edit the permissions of Flatpak apps including itself.
System folder access allows a app to read the filesystem. (But not system internals)
System settings access allows the app to change settings
So the only concerning one is Xournal. However, I happen to know that it doesn’t support XDG portals which is how apps ask for permissions to files so it needs full file access. As for the system settings I have no idea.
That’s a reasonable machine. You probably could use anything but if you want lighter weight you could use Xfce4. If it is a laptop you could use stock gnome with some swap as a backup to prevent OOM
linux
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.