There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

BigTrout75 ,

Endlessly reading on social media that is not a good from Linux “gurus”. LOL

It’s been great for me, but I wish it had a official gui for permissions management.

Communist ,
@Communist@lemmy.ml avatar

Are you aware of flatseal?

If you are, is there an issue with using it for you?

BigTrout75 ,

Flatseal is good, just not official.

Communist ,
@Communist@lemmy.ml avatar

I’m not sure why/if that matters honestly, aside from discoverability I guess.

isVeryLoud ,

It’s as official as it gets. The XDG team provides the underlying infrastructure, and the community provides the tools.

samc ,
@samc@feddit.uk avatar

I wish there was an option for an android style system where, when an application wants to use a permission for the first time, you get a pop up asking you to grant that permission.

Or, more generally, just some way to ensure that (a) a flatpak isn’t granted the permissions it wants automatically and (b) I can then manually grant those permissions as conveniently as possible

Samueru ,

Flatpak usually ships very outdated drivers.

I’ve been in the support channel for yuzu linux, and you would not believe all the issues people have with games freezing, etc that are instantly fixed by using the appimage instead of the flatpak.

Also flatpaks are non-xdg compliant, since it creates the useless ~/.var directory. And they have said over and over that they won’t fix that. So fuck them.

Not to mention all the issues people have with their theming and integration into the system.

Appimages are just simpler and better, the other day I was thinking how many issues would be fixed if Steam shipped as an appimage.

  • It would allow for shipping a patch glibc with EAC
  • It would allow for moving all the nonsense that steam puts in the home user dir, since appimages support a portable home.
  • It would allow for shipping the 32bit libraries instead of having to install them system wide.

And depending on how you go about, appimages will even take less disk space than flatpaks or native packages even though you don’t get shared libraries with those, because they are compressed which reduces their size significantly.

Like for example the LibreWolf appimage is 110MiB while a the native package for librewolf 300MiB. Same with LibreOffice, the appimage is 300MiB while the native package is 600 MiB.

It also makes it easier to downgrade if you run into an issue, like I had to had an older appimage of ferdium because the latest version is affected by an electron bug that broke its zoom functionality.

Chewy7324 ,

Interestingly I’ve currently crashing issues with running CS2 through Steam native on NixOS, while the Steam flatpak works like it should.

The part about drivers is true though, as GPL is the reason I’m using native Steam.

Samueru ,

You don’t have steam-runtime instead of steam-native on nix?

Chewy7324 ,

I mean the native NixOS package of Steam (instead of flatpak), not that the Steam package uses native libs.

I believe Steam on NixOS always uses the Steam runtime, because NixOS isn’t FHS compliant, thus apps wouldn’t find any libs. No, I don’t think there’s steam-native on NixOS.

orcrist ,

For me, the question is why I should add an extra layer of complexity. If the things I use already work well using apt, and if most things are bundled in the default distro install, then my life is already good.

This all depends on your software needs, if course. Some people are using a lot of new stuff, so the above setup leads to annoying situations.

Pantherina ,

Flatpak is a distro on its own, but with original dev support. Its like a Linux Distro replacing others.

So it adds complexity but with the potential to remove it from the OS. For example Libreoffice, Browsers, Thunderbird etc are huge and its a good approach to use official versions here.

AMDIsOurLord ,

Then what’s the point in having different distros lol we don’t have duplication for the sake of duplication there are reasons why there are different distros, philosophies and packaging method. I see this mistake from many usually newer Linux users, there are different distros because there is a point in packaging the OS differently.

Flatpak for example completely abandons makig apps use patched system libraries. Or having different packages for different init systems. Or , god forbid, supporting BSDs

Pantherina ,

I dont know tbh. Flatpak is a bit like Android apps I think, but those apps only have a single OS to support.

YamiYuki ,

Some developers don’t want to deal with building an app for multiple versions. Sure some DEBs can work without needing to deal with that, but some don’t.

gnumdk ,
@gnumdk@lemmy.ml avatar

some devs don’t want to debug last arch/ubuntu broken setup.

YamiYuki ,

Indeed.

sebsch ,

What could be wrong with random foreign executables in your system?

shea ,

just like every other executable downloaded from the Internet, man. doesn’t seem too scary

sebsch ,

It is. I like Linux exactly because I trust the packages from the distribution. Everything else is an attack vector and untrusted

Edit: you install random binaries from the internet? Oo

delirious_owl ,
@delirious_owl@discuss.online avatar

Yes, security

matcha_addict ,

How? Security is one of its selling points.

sugartits ,

libxyz has security vulnerability:

Your distro updates libxyz. Fixed and every piece of software gets the fix for free.

Every single flatpak that uses libxyz has to update to include the fix. Let’s hope all those package maintainers are on the their game.

garrett ,

That’s not how Flatpak works.

Flatpak has runtimes, which is where most shared libraries are. There’s a common base one called Freedesktop, a GNOME runtime, a KDE runtime , an Elementary runtime, and more. (The GNOME and KDE ones are built on top and inherit from the Freedesktop base runtime.)

docs.flatpak.org/en/…/available-runtimes.html

Additionally, at least for Flathub, they have shared modules for commonly used libraries that aren’t in runtimes. (Many are related to games or legacy support like GTK2.)

github.com/flathub/shared-modules

Lastly, some distributions are building their own runtimes and apps on top, so the packages they build are available as flatpaks as well. This is the case for Fedora, Elementary, Endless, and others.

fedoraproject.org/wiki/Flatpak

sugartits ,

That’s not how Flatpak works.

That’s exactly how flatpaks work if the library you need is not in the runtime. Which is very often the case.

I know because I made one for my personal use and the package was not available elsewhere.

Additionally, at least for Flathub, they have shared modules for commonly used libraries that aren’t in runtimes. (Many are related to games or legacy support like GTK2.)

So we’re just reinventing the wheel with more bloat? Brilliant.

garrett , (edited )

Yeah, that’s a big, weird if though. Most modern apps can rely on the runtimes for their dependencies and not have to ship their own custom dependencies.

It’s different from something like AppImage, where everything is bundled (or Snap, where a lot more needs to be bundled than a typical Flatpak, but not as much as with an AppImage).

Additionally, there’s always some level of sandboxing in Flatpaks (and Snap packages) and none at all for RPMs, Debs, or AppImages.

Also, Flatpak dedupicates common files shared across flatpak apps and runtimes, so there isn’t “bloat” like what you’re talking about.

…gnome.org/…/on-flatpak-disk-usage-and-deduplicat…

sugartits ,

I think bringing in an entire operating system, which may well include libraries and other files that I already have installed, to run something small can be considered bloat.

I currently have multiple versions of Nvidia’s libraries installed for some reason on my system through flatpak. I have no idea why that’s necessary but if I don’t allow this to happen I get dropped down to software rendering.

delirious_owl ,
@delirious_owl@discuss.online avatar

It sells security through isolation, but packages are not cryptographically verified after download. This is done in package managers like apt, but not flatpak

gamma ,
@gamma@programming.dev avatar

Others have mentioned disk usage and desktop integration. There is some truth to them, but shared runtimes keeps disk uasge down (although worse than native apps). Desktop launchers now search /var/lib/flatpak/exports/share/applications by default, but I’m still having issues with themes in one or two niche apps.

Trust is the big one. The benefit of your distro’s packages is that they are maintained by a limited number of maintainers. Flatpaks have a much, much larger number of maintainers, which is where sandboxing comes in. Flathub now marks apps with lax permissions as “potentially unsafe”, which is a huge step in communicating this to the average user.

Most desktop apps can get away with having next to no access, as long as they support the appropriate XDG desktop portals.

Ultimately, your mileage will vary, as there are many classes of application which are ill-suited to being sandboxed. Program launchers, programming languages, IDEs, file managers are a few.

duncesplayed ,

I feel like this should be required reading for a lot of Linux users. That article is a couple years old now, but I think is even more true now than it was when it was written. Having a middleman (package maintainer) between the user and the software developer is a tremendous benefit. Maintainers enforce quality, and if you bypass them, you’re going to end up with Linux as the Google Play Store (doubly so if you try and fool yourself into thinking it won’t happen because “Linux is different”)

therealjcdenton ,

They dont integrate well into your system like they should, (theming, bookmarks, storage, etc), and to fix that you gotta do some work arounds that should be done automatically

Churbleyimyam ,

What I find most annoying is the extra drive space required. It makes backing up and restoring my computer so much more annoying. The upside of this is that I’ve ended up learning how to install from source so I can avoid them when a deb package is not available!

cygon ,

I’m a little put off by the inconvenient command line and the mandatory bells and whistles (flathub is nice and all, but must it be baked into the main executable rather than having the package manager as an optional thing on top?).

So far, AppImage just looks superior to me. Works without installing a runtime into my system, no need to become root and integrate an app into a system-wide managed package repository, I can just run it.

AMDIsOurLord ,

1- It takes a lot of space. jUsT bUy a bIgGeR dRiVe --stfu I’m not going to spend money for you to waste it

1- a) Everyone assumes you’re an American with 20Gbps symmetrical fiber optic. My internet can’t handle 2+ Gb downloads for a fucking 50 Mb app bro

2- Duplicate graphics drivers. Particularly painful with Nvidia

3- It puts a lot of security work with distro library trees straight into the shitter

4- Horrendously designed system for CLI apps (flatpak run org.whocares.shit.app)

5- Filesystem isolation has many upsides for security but also it can cause some pain (definitely nitpicking)

shapis ,
@shapis@lemmy.ml avatar

All of this. Plus often it just doesn’t work.

And no. I do not want to blind fiddle with the permissions to fix it.

robojeb ,

Where in America is there 20Gbps symmetrical fiber? Everywhere I know tops out at 1gbps if you are lucky that your ISP isn’t shit, and lots of areas are still on slow cable.

In my area my options are 200mbps cable or 100mbps ADSL (which inexplicably costs more than the cable Internet)

S_H_K ,

Maybe is an hyperbole I have optic fiber straight to my door here and is 10gbps tops but usually it works around 80% of that with some conditions. And it’s not symmetrical I don’t recall the up speed tho.

samc ,
@samc@feddit.uk avatar

Best I’ve ever had was like 60mbps down. Might be a budget thing though, I refuse to pay more than £30/month for internet

Russianranger ,

Lived in 8 different states in the US - never had anything above 1 Gbps. Typically been 300-500 mbps, with only the past and current state state where I’ve gotten 1gbps. Poster is just assuming because we’re a first world country that we have good internet. We don’t. I hear Europe has better speeds than us.

pingveno , (edited )

One of the use cases I would like to have used Flatpak for is Visual Studio Code. Unfortunately, I found the isolation to be too onerous for developer needs. Take the Rust compiler toolchain. There’s no way to access that from VSCode. There are ways to add on tools to the VSCode environment, but that feels like a kludge when I already have everything installed and set up. And if the toolchain isn’t available for Flatpak, tough luck. Other features just simply don’t work. I eventually switched to using the Ubuntu builds from the VSCode developers.

Edit: The Rust compiler toolchain can be added onto Flatpak because there is a packaged version of the toolchain, but it’s not the host environment’s version. Other tools like the fish shell might be entirely unavailable.

Presi300 ,
@Presi300@lemmy.world avatar

Unless you are using like a 64GB drive, not really. Ig flatpaks are as bit more annoying to start from the terminal

danielfgom ,
@danielfgom@lemmy.world avatar

It’s HUGE. That’s the biggest downside for me. I’m always use a deb/native package first because they are way smaller.

hornedfiend ,

Of course they are. they share dependencies with other software. flatpaks bundle all dependencies,which is great for sandboxing,even though some sort of break the rule and share some,they are still sandboxed.

Unless you “firejail” or “bubblewrap” your software, security is much better OOB for flatpaks.

soFanzy ,

That’s a myth. Security of flatpaks depends entirely on the given permissions, and since most flatpaks just set their own permissions on installation, or require filesystem access to work, there is no meaningful difference in security OOB.

wisha ,

Flatpak apps cannot set their own permissions “on installation”. If flatpak tells you some weather app uses only the network permission then that is all the app is going to get.

For an app to be able to change its own permissions, it first needs permission to the flatpak overrides directory. Any app that does this gets an “Unsafe” designation in gnome-software.

Also about most apps requiring filesystem access to work: I have 41 flatpak apps on my system (Silverblue so everything is flatpak). Only 6 have access to my home or Documents directory. (11 apps requested full filesystem or homedir permission, but 5 of these work perfectly fine after I turned off their permissions in Flatseal).

Notably, “large attack surface” apps like Thunderbird or Firefox don’t have access to my Documents. File uploads and email attachments go through the file picker portals.

jabjoe ,
@jabjoe@feddit.uk avatar

Those dependencies adenoid and no kept Upton date, unlike deb/rpm installed stuff. Best sandbox to not compromise your system. Also hope that sandboxing is done right…

jerrythegenius , (edited )
@jerrythegenius@lemmy.world avatar

Some people don’t like it because it uses a bit more storage and can start a bit slower, (I think) they can’t be used for system packages, and I’ve also had some issues with theming

GravitySpoiled , (edited )

This should be pinned somewhere …gnome.org/…/on-flatpak-disk-usage-and-deduplicat…

Edit: the speed shouldn’t be a real issue. You may measure a difference but that’s not an issue as it was with snaps until they improved upon it.

acockworkorange ,

One thing I always wondered is whether libraries in memory would be duplicated or not. I have seen a lot of people talking about storage space which is cheap and shouldn’t really be the focus for desktops. But I haven’t seen anything about in memory usage.

GravitySpoiled ,

Good question. With 16 GB RAM 8 haven’t seen RAM issues for normal stuff

acockworkorange ,

Me neither but I if we’re considering having all but the core of the distro in Flatpacks, this policy might mean Linux becoming less accessible to more modest configurations.

Unless Flatpacks deal with it somehow like regular packages do. If two app packages contain the same library within (as opposed to packaged in a dependency), can Flatpack figure out they’re the same and share code memory between the two? For library packages with two apps depending on different versions of the same third party flatpack, does it assume the newer version can be applied to both, optimizing memory usage? If so, wouldn’t that break the premise of flatpacks?

Can I convince my autocorrect that flatpacks and flapjacks are different things?

Inquiring minds want to know.

wildbus8979 ,

Using flatpak on low end devices (like Linux phones), I can tell you from experience, the speed liss is noticeable. Specially for application startup. As is the resource overhead.

GravitySpoiled , (edited )

That’s a fairly good point. On mobile startup can be crucial because sessions are short in comparison to desktop where you have longer sessions and startup time is negligable (even the slow startup times of snaps could be ignored for e.g. a video editing session)

Low specs shouldn’t keep the community from moving into newer technology.

wildbus8979 ,

Precisely. I’ve been playing with Mobian on a One Plus 6 (works great) and while I really like the idea of using mostly sandboxed app much like things work on Android, right now it certainly negatively impacts the experience.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •