Quoting: CatKiller

Quoting: BrokattValve officially only supports one distro and that is the latest Ubuntu LTS - with either Gnome or KDE desktop.

They don't support Gnome any more - well, specifically Wayland Gnome; X11 Gnome is OK - because it breaks SteamVR. I can't remember which widget it is that Gnome doesn't provide (I don't use VR and I don't use Gnome) but ISTR that the Gnome devs specifically refuse to support that widget. Someone with more familiarity with the details can fill in the gaps.

I would be really interested to know that too. I was kind of surprised the deck doesn't at least support GNOME. I get KDE is more accommodating to Windows users and being friendly to them is obviously a high priority for the deck, but GNOME is so good on a hybrid/tablet style device like that. VR being a priority makes a lot of sense.

Edit: it appears to be this: DRM leasing. They don't refuse, it's just never been complete enough to be merged:

https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2759 [External Link]

View this comment - View article - View full comments

Quoting: Purple Library GuyWhat can I say? My empirical evidence, albeit limited, says different, and you haven't advanced anything except bad analogies to justify your position..

I'll just respond to this point because it's so easy to demonstrate how not true it is.

I literally have. I gave several real world examples in my very first comment, but you just quoted a single sentence and started rambling instead of responding to what I actually wrote.

Here, as a Linux gamer, here's details of a very real world example I already explicitly mentioned. Did you ever run Steam? Real world example:

https://www.pcworld.com/article/431317/scary-steam-for-linux-bug-erases-all-the-personal-files-on-your-pc.html [External Link]

If you think flatpak is too hard to be worth mitigating something like this, cool, but it's a very real world example of why you do have a need for it whether you realize it or not. If you can be bothered to read a whole article, you'll see that problem affected real humans with no, as you put it, movie style hacker attack required. And it's one of several examples from my very first comment you only quoted one sentence of. No app is immune to this sort of thing. Sandboxing technology is the best mitigation for such problems we have.

You can keep trying to be disagreeable all you want, but you clearly haven't actually read what I actually said. Instead, you keep trying to commit me to some position you've imagined, that I think you should run flatpak or snap today or something.

View this comment - View article - View full comments

Quoting: AdamRHargreaves(I also disagree about the whole "infinite hardware" thing. That's just an excuse for lazy development - and the reason we see such stupid file sizes for things these days with no tangible benefit.)

Damn man, there's a lot of "I disagree" with a thing I didn't read on this forum. You are literally, explicitly agreeing with what the guy you are responding to actually said. They didn't say "also we have infinite resources" they said since it feels that way too many developers, and the reality is they are developing lazily like you describe, that is why we need this tech. It doesn't mean that's good. They literally said:

"Sandboxing software is only partly about packaging or security, it's also about curbing runaway modern excesses in software by adding friction."

You and them, you agree. People rush so hard to be on the other side of something, I just don't get it.

It really just seems you saw a few words, picked out the ones you don't like, and started your go to "I disagree" comment." There is tons of good info in that comment you've probably denied yourself just to rush to be contentious.

View this comment - View article - View full comments

Quoting: Purple Library Guy

Quoting: mattaraxiaI'm not talking down to you any more than you are to me there champ.

I generally give back what I get.

Quoting: mattaraxiaWhat I don't get is how called out people seem to feel by security issues. For someone who's so confident they've got it all locked down, you seem very defensive.

So, first, what I'm confident of is precisely not that I've got it all locked down, but rather that the return on effort of locking it all down is not worth it unless the effort is very low. I'm not saying my system is secure, I'm saying for a system like mine, the whole idea of security is overrated, and many security measures give only incremental improvement to what was already a small risk, while costing quite a bit in time and attention.
Meanwhile, sure, if someone disagrees with you they're defensive. Whatever.

You are extremely disagreeable while agreeing with exactly what I said then. And while you may do that generally, you objectively didn't here. You are frankly, objectively wrong that such measures are overblown for a system like yours. Luckily though, you don't need to understand them for them to continue becoming popular. They will come without your time and attention, and we'll all be better for it while you rant and rave when you aren't informed.

Something something "gamer types" I guess.

View this comment - View article - View full comments

Quoting: TheSHEEEP

Quoting: mattaraxiaHeh, I laughed surprisingly hard at that first part. I had really similar feelings while learning Rust, though after a while I wrote most of it off as just not-the-way-I'm-used-to-itis.

Of course you can get used to it and understand it.
Hell, you can get used to abominations like Objective-C. Which Rust thankfully isn't as bad as.

But there are just objectively much harder to parse languages (as in, read and understood even by uninitiated people). Due more complex structures in Rust code than you'd find in C-code.
C++ can get nightmarish to parse on its own, but more rarely so and in cases that can usually be auto'd away nowadays. And pure C code is just very simple to read as it "lacks" (I've grown to think it's a feature) all the bells and whistles of C++.

With Rust, you get a lot more special characters (&|*::<>?!..'+) throughout the entire code outside of calculations, more function calls per thing you want to do and once type specifiers and lifetimes come into play, all hope is lost to the uninitiated anyway ( what's this type do, why is there a ': "Box<Fn() + Send + 'static>" ).

It's not that it couldn't be understood, it's that it couldn't be understood quickly except by experts.
And if I have learned one thing in 15+ years of coding, it's that the most important attribute of code after "it works" is that it is easily readable to people new-ish to the project and/or the language.
Because code is hundreds to thousands of times more often read than written and lack of understanding leads to way more problems down the line.

The first ~four years of my professional life were largely coding Perl.

There's really not much more to add.

View this comment - View article - View full comments

Quoting: TheSHEEEPHonestly not a big fan of Rust.

It makes writing code ridiculously complicated, everything needs awkwardly added function calls (want a variable? Here you go "variable.wrap().unwrap().rewrap().is_this_safe()?.unwrap_or_else(|..| yes_no?).expect('oh no!') ") and just leads to code that is practically unintelligible unless you understand everything about Rust.
I once couldn't stop laughing when I made a string copy, it's like trying to thread a needle, but with both hands tied behind your back to make sure you won't accidentally poke yourself.

However, its modularity and concurrency safety while maintaining C-like speed is indeed quite well suited to a project like that.
Can't say I blame them.

Oh, and the error messages in Rust are pure magic, very helpful compiler.

Heh, I laughed surprisingly hard at that first part. I had really similar feelings while learning Rust, though after a while I wrote most of it off as just not-the-way-I'm-used-to-itis.

In addition to those features you mentioned, its easy compatibility with C code that makes it the future. It's (relatively) easy to do things like this, rewriting old parts of a large, mature code base like gstreamer, that seem to have cemented its future. I guess way more of this will keep happening in the next few years.

View this comment - View article - View full comments

Quoting: Purple Library Guy

Quoting: mattaraxiaSorry this is very late, but worth responding to.

That's just missing the point.

I rode a motorcycle for years and never needed my helmet. I was still glad to wear one, and would now if I ever went back to it. Induction didn't mean riders don't have a need for helmets.

See, this right here. This is the problem with many computer security types: They're freakin' drama queens. If I get a computer virus it will not break my neck. Sheesh.
(Also, they're used to getting away with talking down to people)

The thing is, in order to decide how much effort it is worth putting into security, and how much inconvenience is worth putting up with for security, you have to assess the risk, the severity of the likely consequences if the risk comes up, and how much effort and inconvenience you're talking about. For a private individual's computer, the severity isn't all that damn high. And as I've noted, the risk per year is low. So, it is rational for ordinary people not to be willing to put in much effort. If security types want me to sandbox all my applications, then those applications had better come from the "Software centre" sandboxed and update along with all the other applications when I tell the update thingie to do its thing. If those things are not true, it is not worth it to use special sandboxed applications from another source that will not update unless I think about updating them individually--especially since the result of that is I will have dozens of applications that I do not update regularly, so it's really unclear what the net security impact would be.

I'm not talking down to you any more than you are to me there champ.

"Ya know, I find it hard to take this attitude very seriously. I know the computer security people are all authoritative and expert and everything."

What I don't get is how called out people seem to feel by security issues. For someone who's so confident they've got it all locked down, you seem very defensive.

Of course you have to make those decisions. Again, I did not say you or anyone else should go out and use flatpak or anything else right now today. Maybe it's not there for you yet. That's fine. But you do have need for it today, whether you know it or not. And more specifically, that need is not managed by software updates. It solves a different problem. I'm sorry if knowing that offends you.

View this comment - View article - View full comments

Quoting: Purple Library Guy

Quoting: mattaraxia

Quoting: KithopUnless you have a need to sandbox something,

You have a need to snadbox *everything* already. I'm blown away this mindset exists.

Ya know, I find it hard to take this attitude very seriously. I know the computer security people are all authoritative and expert and everything. But I've been using computers since before there was an internet, and in all that time no computer of mine has ever had an attack that I noticed the results of. If it weren't for phishing emails I might think there was no such thing as malicious cyberattacks outside the movies. It's possible that part of the reason my Windows computers of the late 90s/early00s got a bit wonky after a while was viruses, I dunno, but if so their action was indistinguishable from ordinary "Windows installs used to age really badly". So the thing is, after 30 years or so when I could have suffered an attack, during which I never did anything much about security other than "switch to Linux" and "use fairly decent passwords", and nothing ever happening, it gets harder and harder to sustain that panicked "The sky will fall in the next few minutes if I don't do the latest security thing right now!" mentality. Induction says to me "I've never sandboxed everything before and nothing bad ever happened, why would that suddenly change now?"

If I was running a server or something, sure, I'd take security seriously. But I'm not, I'm just a guy with a computer.

Sorry this is very late, but worth responding to.

That's just missing the point.

I rode a motorcycle for years and never needed my helmet. I was still glad to wear one, and would now if I ever went back to it. Induction didn't mean riders don't have a need for helmets.

View this comment - View article - View full comments

Quoting: Kithop

Quoting: mattaraxiaYou have a need to snadbox *everything* already. I'm blown away this mindset exists.

Ah yes, I'm going to sandbox 'ls' from the filesystem, and then explicitly fiddle to punch holes in to make it useful again...

Facetious and hyperbolic, yes, but let's not get into absolutes here. Sandboxing is great when you want it, but it's most definitely not for *everything*. There is a time and place for it, and I believe there are distros that lean on it extensively. It's great tech, but also *incredibly frustrating* as a user if you're not expecting it. All the Wayland xdg-desktop-portal stuff comes to mind - I love Wayland, but it shouldn't take *three separate popups* to allow OBS or Discord to screenshare a particular app, with no option to 'remember my choice forever please'. We're going to end up with Windows UAC level annoyances again, and then people will just turn it off entirely.

Should apps like Steam be sandboxed from accessing anything outside of ~/.steam (or equivalent)? Sure. Should your browser be sandboxed to not access things outside of your Downloads folder? Sounds like a good starting point. But remember, you may want to preview that PDF from your Documents or a thumb drive, or a static HTML page you're working on off a network drive, so it's got to be easy to do so and yes, explain and understand the implications.

If you want to run a Flatpak or Snap, you should understand that yes, you get sandboxing and the double edge that goes with it in terms of 'why can't this app see my files'. Unless your distro is explicitly designed for it, though, I believe it should not replace your native package manager. If I want to switch, let me make the choice to switch, don't start forcing Snaps on me when I call apt and expect a .deb.

Sorry this is so old, but I don't think you're responding to what I said so much as complaining about specific implementations you were already annoyed with.

The point isn't everyone should sandbox everything with existing tech right now, it's that everyone *has a need to* already. I didn't say "I don't understand the mindset of not wanting to use flatpak" the person above specifically said they don't see what problem sandboxing solves, that certainly patching is good enough. That mindset, is fundamentally misinformed. It does not solve the same problems something like flatpak solves. Saying so fundamentally misunderstands the problem.

Similarly, nothing you said addresses the cases I mentioned. That need still exists, for sure, for basically everything anyone runs. Whether or not that means you should run everything in flatpak today, is moving goalposts and missing the point.

View this comment - View article - View full comments

Quoting: KithopUnless you have a need to sandbox something,

You have a need to snadbox *everything* already. I'm blown away this mindset exists.

The purpose of sandboxing is zero days. The whole point is you don't know about them until there's a problem.

For example, there was a nasty bug in steam shortly after launch that could essentially rm -rf / and destroy everything the user had access to. It should be sandboxed. There was a really nasty exploit in Zoom allowing for RCE. It should be sandboxed. There was even a really nasty RCE vulnerability in the library most desktops use to thumbnail common files. Just downloading it and executing nothing could run arbitrary code.

*nothing* is immune. Sandboxing is categorically good.

Also, flatpak absolutely uses shared libraries. This notion that you have to hope every single app updates is fundamentally wrong. The runtimes can also be provided by the distro, like on Fedora, especially Silverblue.

These things need to be embraced. They are the best Linux Desktop security improvements we've had in . . . well maybe ever.

View this comment - View article - View full comments