Well, 2024 should be interesting for Linux packaging! While many distributions use different packaging formats like deb, rpm and others there's also Flatpak for cross-distro support. But we also have Canonical's Snap - which is going to get improved cross-distro support.
Writing on Mastodon, developer Zygmunt Krynicki mentioned "I will be returning as a snap developer later this month. My main focus will be cross-distribution support. Unlike in the past this will be my full time job. I'm very excited for what is ahead for snaps.". It's interesting to see Canonical paying developers to work on this (and it's a good thing too)!
Pictured - The Snap Store
Packaging is always a real sore spot for Linux, and it leads to a fair amount of confusion. Just like with how many Linux distributions there are there's upsides and downsides to it though of course. You don't get innovation and improvements by always sticking to one single thing, and the power of open source is people can often just work on whatever they want.
Still, it would be nice no matter what distribution of Linux you pick, if we can just tell people to "go here" to get whatever app it is they're after rather than having to do a support-dance to find out their specific distribution and version to see what's available to find out how they can grab something.
Article taken from GamingOnLinux.com.
Some you may have missed, popular articles from the last month:
Quoting: mattaraxiaSorry this is very late, but worth responding to.See, this right here. This is the problem with many computer security types: They're freakin' drama queens. If I get a computer virus it will not break my neck. Sheesh.
That's just missing the point.
I rode a motorcycle for years and never needed my helmet. I was still glad to wear one, and would now if I ever went back to it. Induction didn't mean riders don't have a need for helmets.
(Also, they're used to getting away with talking down to people)
The thing is, in order to decide how much effort it is worth putting into security, and how much inconvenience is worth putting up with for security, you have to assess the risk, the severity of the likely consequences if the risk comes up, and how much effort and inconvenience you're talking about. For a private individual's computer, the severity isn't all that damn high. And as I've noted, the risk per year is low. So, it is rational for ordinary people not to be willing to put in much effort. If security types want me to sandbox all my applications, then those applications had better come from the "Software centre" sandboxed and update along with all the other applications when I tell the update thingie to do its thing. If those things are not true, it is not worth it to use special sandboxed applications from another source that will not update unless I think about updating them individually--especially since the result of that is I will have dozens of applications that I do not update regularly, so it's really unclear what the net security impact would be.
Last edited by Purple Library Guy on 18 January 2024 at 5:49 am UTC
0 Likes
mattaraxia Jan 18
Quoting: Purple Library GuyQuoting: mattaraxiaSorry this is very late, but worth responding to.See, this right here. This is the problem with many computer security types: They're freakin' drama queens. If I get a computer virus it will not break my neck. Sheesh.
That's just missing the point.
I rode a motorcycle for years and never needed my helmet. I was still glad to wear one, and would now if I ever went back to it. Induction didn't mean riders don't have a need for helmets.
(Also, they're used to getting away with talking down to people)
The thing is, in order to decide how much effort it is worth putting into security, and how much inconvenience is worth putting up with for security, you have to assess the risk, the severity of the likely consequences if the risk comes up, and how much effort and inconvenience you're talking about. For a private individual's computer, the severity isn't all that damn high. And as I've noted, the risk per year is low. So, it is rational for ordinary people not to be willing to put in much effort. If security types want me to sandbox all my applications, then those applications had better come from the "Software centre" sandboxed and update along with all the other applications when I tell the update thingie to do its thing. If those things are not true, it is not worth it to use special sandboxed applications from another source that will not update unless I think about updating them individually--especially since the result of that is I will have dozens of applications that I do not update regularly, so it's really unclear what the net security impact would be.
I'm not talking down to you any more than you are to me there champ.
"Ya know, I find it hard to take this attitude very seriously. I know the computer security people are all authoritative and expert and everything."
What I don't get is how called out people seem to feel by security issues. For someone who's so confident they've got it all locked down, you seem very defensive.
Of course you have to make those decisions. Again, I did not say you or anyone else should go out and use flatpak or anything else right now today. Maybe it's not there for you yet. That's fine. But you do have need for it today, whether you know it or not. And more specifically, that need is not managed by software updates. It solves a different problem. I'm sorry if knowing that offends you.
Last edited by mattaraxia on 18 January 2024 at 6:18 am UTC
0 Likes
Quoting: mattaraxiaI'm not talking down to you any more than you are to me there champ.I generally give back what I get.
Quoting: mattaraxiaWhat I don't get is how called out people seem to feel by security issues. For someone who's so confident they've got it all locked down, you seem very defensive.So, first, what I'm confident of is precisely not that I've got it all locked down, but rather that the return on effort of locking it all down is not worth it unless the effort is very low. I'm not saying my system is secure, I'm saying for a system like mine, the whole idea of security is overrated, and many security measures give only incremental improvement to what was already a small risk, while costing quite a bit in time and attention.
Meanwhile, sure, if someone disagrees with you they're defensive. Whatever.
Last edited by Purple Library Guy on 18 January 2024 at 10:07 pm UTC
0 Likes
mattaraxia Jan 19
Quoting: Purple Library GuyQuoting: mattaraxiaI'm not talking down to you any more than you are to me there champ.I generally give back what I get.
Quoting: mattaraxiaWhat I don't get is how called out people seem to feel by security issues. For someone who's so confident they've got it all locked down, you seem very defensive.So, first, what I'm confident of is precisely not that I've got it all locked down, but rather that the return on effort of locking it all down is not worth it unless the effort is very low. I'm not saying my system is secure, I'm saying for a system like mine, the whole idea of security is overrated, and many security measures give only incremental improvement to what was already a small risk, while costing quite a bit in time and attention.
Meanwhile, sure, if someone disagrees with you they're defensive. Whatever.
You are extremely disagreeable while agreeing with exactly what I said then. And while you may do that generally, you objectively didn't here. You are frankly, objectively wrong that such measures are overblown for a system like yours. Luckily though, you don't need to understand them for them to continue becoming popular. They will come without your time and attention, and we'll all be better for it while you rant and rave when you aren't informed.
Something something "gamer types" I guess.
Last edited by mattaraxia on 19 January 2024 at 1:53 am UTC
0 Likes
mattaraxia Jan 19
Quoting: AdamRHargreaves(I also disagree about the whole "infinite hardware" thing. That's just an excuse for lazy development - and the reason we see such stupid file sizes for things these days with no tangible benefit.)
Damn man, there's a lot of "I disagree" with a thing I didn't read on this forum. You are literally, explicitly agreeing with what the guy you are responding to actually said. They didn't say "also we have infinite resources" they said since it feels that way too many developers, and the reality is they are developing lazily like you describe, that is why we need this tech. It doesn't mean that's good. They literally said:
"Sandboxing software is only partly about packaging or security, it's also about curbing runaway modern excesses in software by adding friction."
You and them, you agree. People rush so hard to be on the other side of something, I just don't get it.
It really just seems you saw a few words, picked out the ones you don't like, and started your go to "I disagree" comment." There is tons of good info in that comment you've probably denied yourself just to rush to be contentious.
0 Likes
Quoting: mattaraxiaWhat can I say? My empirical evidence, albeit limited, says different, and you haven't advanced anything except bad analogies to justify your position. Maybe there is such, but all you've been saying is I'm not being nice to you and, basically, you have the authority of expertise so I should assume you are correct when you make bare assertions. If it came to argument from authority, well, I probably trust the authority of Clem Lefebvre and the maintainers of Debian, who are still using normal packaging for the most part, more than I trust your authority, since I don't know who you are and you've given no indication of what you know. Argument from authority isn't actually valid in either direction, so I won't stand behind that, but I haven't seen any argument based on anything else.Quoting: Purple Library GuyQuoting: mattaraxiaI'm not talking down to you any more than you are to me there champ.I generally give back what I get.
Quoting: mattaraxiaWhat I don't get is how called out people seem to feel by security issues. For someone who's so confident they've got it all locked down, you seem very defensive.So, first, what I'm confident of is precisely not that I've got it all locked down, but rather that the return on effort of locking it all down is not worth it unless the effort is very low. I'm not saying my system is secure, I'm saying for a system like mine, the whole idea of security is overrated, and many security measures give only incremental improvement to what was already a small risk, while costing quite a bit in time and attention.
Meanwhile, sure, if someone disagrees with you they're defensive. Whatever.
You are extremely disagreeable while agreeing with exactly what I said then. And while you may do that generally, you objectively didn't here. You are frankly, objectively wrong that such measures are overblown for a system like yours. Luckily though, you don't need to understand them for them to continue becoming popular. They will come without your time and attention, and we'll all be better for it while you rant and rave when you aren't informed.
Something something "gamer types" I guess.
As a side note, I'm not even much of a gamer--I'm mainly here because I consider gaming strategically important in making it possible for the Linux desktop to spread. So, something something totally swing and a miss, I guess.
If you had some kind of statistics about how often not-especially-secure desktops of private individuals get compromised (by anything except phishing), and/or how severe the results of such tend to be, that would be a counter-argument. You haven't even vaguely gestured in that direction, you've just made unsupported claims that I don't understand the dangers (and that failure to slavishly adhere to the latest security fashions represents vicious ingratitude to the unsung heroes busy securing my desktop for me). Those aren't arguments.
Last edited by Purple Library Guy on 19 January 2024 at 3:45 am UTC
0 Likes
mattaraxia Jan 19
Quoting: Purple Library GuyWhat can I say? My empirical evidence, albeit limited, says different, and you haven't advanced anything except bad analogies to justify your position..
I'll just respond to this point because it's so easy to demonstrate how not true it is.
I literally have. I gave several real world examples in my very first comment, but you just quoted a single sentence and started rambling instead of responding to what I actually wrote.
Here, as a Linux gamer, here's details of a very real world example I already explicitly mentioned. Did you ever run Steam? Real world example:
https://www.pcworld.com/article/431317/scary-steam-for-linux-bug-erases-all-the-personal-files-on-your-pc.html
If you think flatpak is too hard to be worth mitigating something like this, cool, but it's a very real world example of why you do have a need for it whether you realize it or not. If you can be bothered to read a whole article, you'll see that problem affected real humans with no, as you put it, movie style hacker attack required. And it's one of several examples from my very first comment you only quoted one sentence of. No app is immune to this sort of thing. Sandboxing technology is the best mitigation for such problems we have.
You can keep trying to be disagreeable all you want, but you clearly haven't actually read what I actually said. Instead, you keep trying to commit me to some position you've imagined, that I think you should run flatpak or snap today or something.
Last edited by mattaraxia on 19 January 2024 at 4:39 am UTC
0 Likes
Quoting: mattaraxiaThat's a real world example of something, but not of what you would need to establish. We know there are vulnerabilities. That says nothing about how often ordinary people's desktop computers are successfully attacked, let alone in ways that would matter to the ordinary person. Note: NOT servers, NOT computers belonging to large and/or wealthy organizations, and NOT via phishing or social engineering. Ordinary people's computers, hacked, in a way that does something that matters to the individual; how often does it happen? And, to get specific, how many of such cases would sandboxing apps have helped with? If you can't speak to that, you are not speaking to my point or to anything I have a reason to care about.Quoting: Purple Library GuyWhat can I say? My empirical evidence, albeit limited, says different, and you haven't advanced anything except bad analogies to justify your position..
I'll just respond to this point because it's so easy to demonstrate how not true it is.
I literally have. I gave several real world examples in my very first comment, but you just quoted a single sentence and started rambling instead of responding to what I actually wrote.
Here, as a Linux gamer, here's details of a very real world example I already explicitly mentioned. Did you ever run Steam? Real world example:
https://www.pcworld.com/article/431317/scary-steam-for-linux-bug-erases-all-the-personal-files-on-your-pc.html
If you think flatpak is too hard to be worth mitigating something like this, cool, but it's a very real world example of why you do have a need for it whether you realize it or not. If you can be bothered to read a whole article, you'll see that problem affected real humans with no, as you put it, movie style hacker attack required. And it's one of several examples from my very first comment you only quoted one sentence of. No app is immune to this sort of thing. Sandboxing technology is the best mitigation for such problems we have.
You can keep trying to be disagreeable all you want, but you clearly haven't actually read what I actually said. Instead, you keep trying to commit me to some position you've imagined, that I think you should run flatpak or snap today or something.
Far as I can tell, most of what happens to ordinary people is hackers go after some outfit that has a ton of passwords, steals their passwords from that place and messes up the individual without ever encountering their computer. Ain't a lot containerization or any other extra hardening is going to do about that. But it does show that security is important for servers and large organizations' computers.
Heh. Here's my bad analogy: We know orcas are capable of killing humans. It's obvious, you look at the mass, the teeth, the things they do predate upon, and a track record of occasionally snapping and killing a trainer at some Sea World place. But do they? Well, if you're not their prison guard, apparently not. The vulnerability to orca attack clearly exists, and yet there is no point in applying security measures against orca attack except in extremely specific situations. The only place where orca security experts are worth listening to is at places where orcas are in captivity. If orca security experts from those places were to try to apply their principles to whale watching tours, they would be doing the wrong thing.
0 Likes
mattaraxia Jan 19
Quoting: Purple Library GuyQuoting: mattaraxiaThat's a real world example of something, but not of what you would need to establish. We know there are vulnerabilities. That says nothing about how often ordinary people's desktop computers are successfully attacked, let alone in ways that would matter to the ordinary person. Note: NOT servers, NOT computers belonging to large and/or wealthy organizations, and NOT via phishing or social engineering. Ordinary people's computers, hacked, in a way that does something that matters to the individual; how often does it happen? And, to get specific, how many of such cases would sandboxing apps have helped with? If you can't speak to that, you are not speaking to my point or to anything I have a reason to care about.Quoting: Purple Library GuyWhat can I say? My empirical evidence, albeit limited, says different, and you haven't advanced anything except bad analogies to justify your position..
I'll just respond to this point because it's so easy to demonstrate how not true it is.
I literally have. I gave several real world examples in my very first comment, but you just quoted a single sentence and started rambling instead of responding to what I actually wrote.
Here, as a Linux gamer, here's details of a very real world example I already explicitly mentioned. Did you ever run Steam? Real world example:
https://www.pcworld.com/article/431317/scary-steam-for-linux-bug-erases-all-the-personal-files-on-your-pc.html
If you think flatpak is too hard to be worth mitigating something like this, cool, but it's a very real world example of why you do have a need for it whether you realize it or not. If you can be bothered to read a whole article, you'll see that problem affected real humans with no, as you put it, movie style hacker attack required. And it's one of several examples from my very first comment you only quoted one sentence of. No app is immune to this sort of thing. Sandboxing technology is the best mitigation for such problems we have.
You can keep trying to be disagreeable all you want, but you clearly haven't actually read what I actually said. Instead, you keep trying to commit me to some position you've imagined, that I think you should run flatpak or snap today or something.
Far as I can tell, most of what happens to ordinary people is hackers go after some outfit that has a ton of passwords, steals their passwords from that place and messes up the individual without ever encountering their computer. Ain't a lot containerization or any other extra hardening is going to do about that. But it does show that security is important for servers and large organizations' computers.
Heh. Here's my bad analogy: We know orcas are capable of killing humans. It's obvious, you look at the mass, the teeth, the things they do predate upon, and a track record of occasionally snapping and killing a trainer at some Sea World place. But do they? Well, if you're not their prison guard, apparently not. The vulnerability to orca attack clearly exists, and yet there is no point in applying security measures against orca attack except in extremely specific situations. The only place where orca security experts are worth listening to is at places where orcas are in captivity. If orca security experts from those places were to try to apply their principles to whale watching tours, they would be doing the wrong thing.
You're just digging a hole man. I'm not interested in convincing you more, but come on, you know full well you said I'd only provided such and such, and it's just not true. You claiming that doesn't provide enough of an example, for a point I'm not even making you're just trying to commit me to, is meaningless.
I mean again, you clearly can't be bothered to read a whole article, but the example I gave doesn't require "hackers" at all.
You're vomiting up an insane amount of text at this point when you'd be better off just admitting you hadn't read the actual discussion you jumped into.
But really, it's OK, the world will move on without you. Are you still mad that Ubuntu disabled the root user ~20 years ago because it didn't affect you? Luckily, smarter people realized it was a good thing to do, and essentially all distros followed along.
Last edited by mattaraxia on 19 January 2024 at 6:28 am UTC
0 Likes
Quoting: mattaraxiaYou've once again spent a whole lot of time saying your arguments are wonderful and I am unworthy of you amazing security experts, but zero time making any arguments. I'm done.Quoting: Purple Library GuyQuoting: mattaraxiaThat's a real world example of something, but not of what you would need to establish. We know there are vulnerabilities. That says nothing about how often ordinary people's desktop computers are successfully attacked, let alone in ways that would matter to the ordinary person. Note: NOT servers, NOT computers belonging to large and/or wealthy organizations, and NOT via phishing or social engineering. Ordinary people's computers, hacked, in a way that does something that matters to the individual; how often does it happen? And, to get specific, how many of such cases would sandboxing apps have helped with? If you can't speak to that, you are not speaking to my point or to anything I have a reason to care about.Quoting: Purple Library GuyWhat can I say? My empirical evidence, albeit limited, says different, and you haven't advanced anything except bad analogies to justify your position..
I'll just respond to this point because it's so easy to demonstrate how not true it is.
I literally have. I gave several real world examples in my very first comment, but you just quoted a single sentence and started rambling instead of responding to what I actually wrote.
Here, as a Linux gamer, here's details of a very real world example I already explicitly mentioned. Did you ever run Steam? Real world example:
https://www.pcworld.com/article/431317/scary-steam-for-linux-bug-erases-all-the-personal-files-on-your-pc.html
If you think flatpak is too hard to be worth mitigating something like this, cool, but it's a very real world example of why you do have a need for it whether you realize it or not. If you can be bothered to read a whole article, you'll see that problem affected real humans with no, as you put it, movie style hacker attack required. And it's one of several examples from my very first comment you only quoted one sentence of. No app is immune to this sort of thing. Sandboxing technology is the best mitigation for such problems we have.
You can keep trying to be disagreeable all you want, but you clearly haven't actually read what I actually said. Instead, you keep trying to commit me to some position you've imagined, that I think you should run flatpak or snap today or something.
Far as I can tell, most of what happens to ordinary people is hackers go after some outfit that has a ton of passwords, steals their passwords from that place and messes up the individual without ever encountering their computer. Ain't a lot containerization or any other extra hardening is going to do about that. But it does show that security is important for servers and large organizations' computers.
Heh. Here's my bad analogy: We know orcas are capable of killing humans. It's obvious, you look at the mass, the teeth, the things they do predate upon, and a track record of occasionally snapping and killing a trainer at some Sea World place. But do they? Well, if you're not their prison guard, apparently not. The vulnerability to orca attack clearly exists, and yet there is no point in applying security measures against orca attack except in extremely specific situations. The only place where orca security experts are worth listening to is at places where orcas are in captivity. If orca security experts from those places were to try to apply their principles to whale watching tours, they would be doing the wrong thing.
You're just digging a hole man. I'm not interested in convincing you more, but come on, you know full well you said I'd only provided such and such, and it's just not true. You claiming that doesn't provide enough of an example, for a point I'm not even making you're just trying to commit me to, is meaningless.
I mean again, you clearly can't be bothered to read a whole article, but the example I gave doesn't require "hackers" at all.
You're vomiting up an insane amount of text at this point when you'd be better off just admitting you hadn't read the actual discussion you jumped into.
But really, it's OK, the world will move on without you. Are you still mad that Ubuntu disabled the root user ~20 years ago because it didn't affect you? Luckily, smarter people realized it was a good thing to do, and essentially all distros followed along.
0 Likes
Patreon
PayPal
See more from me