Quoting: tpau

Quoting: CalinouEA app isn't DRM-free (just like Ubisoft Connect). This means Heroic developers would have to bypass it somehow, which is unlikely to happen for many reasons.

What does DRM mean other than the game, launcher and Webservers talk with one another to see if you own the game and are allowed to start it?

It means quite a lot more. It means that the launcher checks if there're other porcesses on the system that might be listen in on their communication with the server(not always web). It means that the game checks that the game can only be started by its launcher. It means that the game checks there've been no changes to the game.

Quoting: tpauIt does not have to be bypassed, as that would be piracy, it has to be replicated like login and downloading.
Never do anything the original wouldn't do or you are getting into trouble with their owners, like ea in this case.

There's no modern form of DRM of which if you can duplicate it you can't break it and thus if you make your duplication open source you've aided and abetted anyone who breaks the DRM with all that knowledge you've made available.

View this comment - View article - View full comments

Quoting: on_en_a_grosIs there any comparison between the main launchers ( heroic , lutris ect ) ex features , ease of use?

According to reddit [External Link] Lutris has better UI, but heroic better compatibility and Bottles is for people who use Linux, because they want: "pain and suffering".
A more recent reddit question [External Link] adds that NonSteamLauncher has good UI and compatibility, but misses important features like pre-tweaking and prefix handling.

View this comment - View article - View full comments

Woot.
My prediction:
The device will come and contain a manjaro distro.
It will have a worse launcher and be incompatible with some steam api's.
It will be more expensive than the steamdeck.
It will have coreboot.
It will sell much worse than the steamdeck.

View this comment - View article - View full comments

Quoting: pete910

it seems the Manjaro Linux team have buddied up with hardware vendor Orange Pi for the Orange Pi Neo gaming handheld.

This looks familiar...

Ah, yes. Until they decide to go windows....

A large difference between Orange Pi and AYANEO is that Orange Pi has actual experience in the Linux devices market and has thus access to the required talent to make them.
What they don't have and why the device will ultimately fail is the talent to advertise in the Linux gaming space.
The device will be sold with Linux, but it will be too expensive and have a worse launcher than the steamdeck.
Also its advertisement campaign will lay too much focus on hackability, maintainability and customizability.

View this comment - View article - View full comments

Quoting: pleasereadthemanual

Quoting: damarrin

Quoting: pleasereadthemanual'm not sure if there are incentives to use the App Store over Steam. It seems like they get the same cut. I know macOS programs from the App Store tend to be gutted compared to programs distributed outside of it because of restrictions (DaVinci Resolve being one such example, Affinity Suite being another).

Well, the App Store is there on every Mac, you don't need to install it by yourself. Plus, users with iPhones will already know it's the place to get all software and Apple will actively steer people towards it. Also, IIRC, it would hide software that wouldn't run on your Mac (a simple check for OS version and 32/64 bits, nothing fancy like checking gfx card requirements).

There's a strong dislike for the built-in store on Windows AFAICT, this isn't the case on the Mac. People love it. And I'm sure devs who make software for the Mac do as well (except for the likes of Epic). After all, as we Linux users all know, hunting the web for programs and downloading installers is the silliest thing ever.

Plus, "tend to be gutted" is much too strong of a statement. Yes, software will need to be modified in some instances (like years ago LibreOffice not being able to be on there because of their Java dependecy, IDK if this has changed or not), but I'd say the vast majority is made with with Mac and App Store in mind from the start.

As for Steam, Valve doesn't need the Mac and Apple doesn't need Valve.

I can only speak for myself: I tried to use the App Store, but when I realized the functionality I needed to use in the software just didn't exist seemingly because of some weird App Store regulations, I gave up on it. I had a sample size of 2 programs, and they were both lacking something from memory. Of course, I didn't use it at all after that, so I can't say anything for other programs. I say this as someone who used an iPhone for 10 years and macOS for a little longer. It also doesn't have a great selection compared to say, homebrew. I think this is partly because open source programs aren't allowed on the App Store.[^1]

But in principle I agree with all your points. What better marketing strategy is there than to have your program displayed in the App Store, directly accessible compared to trying to find the developer's website? That's certainly reason enough to list your program in the App Store.

[^1]: I've tried to look into the situation. The developer for Raivo OTP claims the app can't be open source because Apple won't accept it. The FSF said 10 years ago that only the GPL/LGPL family of licenses weren't accepted. I don't really know what's going on here, but I'm assuming open source programs aren't allowed for some reason.

Apple allows programs published under(some) open source licenses in their appstore, but the rules of the appstore are written so incompatible with the open source principles that all versions of those programs that are actually on the app store aren't open source.
Apple wants all developers to actively forbid some forms of usage of their programs. This doesn't match the 0th software freedom or the open source principles.
The gpl is incompatible with it, because it forces all distributors of the code to allow their users to do whatever they want with the program.

As for why your choice of homebrew in the appstore is so bad. The reasons for that are more holistic. The smaller the developer the less resources they can put toward complying with store policies. Apple has the strictest store policies for general purpose computers(yes, your smart tv has stricter rules, but it's trying to be only a tv).
Same reason exists for Xbox(comparably strict rules, just not for general purpose), Playstation and to a lesser extend Nintendo Switch(yes, Nintendo is actually the least bad of the lot).
PC users just don't know how good they have it with their relatively open platform.
Microsoft has failed multiple times to cripple sideloading, thanks to interference of USA regulators Microsoft has to allow installing alternate OS'es and browsers, Intel had to allow AMD to compete, because IBM build that level of openess in it from the start.
Sure X86 is still proprietary, replacing your OS is hard, IntelME, etc., but compared to anything else on the market it's a breath of fresh air.
It's even possible to build a completely open source laptop.

View this comment - View article - View full comments

Quoting: constMy take on some of the arguments here:

1. Chromebooks are pretty much an US thing. I know no one who owns a Chromebook here in Germany and when I looked for their prices, I know why. You get a pretty good Business Laptop for the price of a cheap tablet with a bad keyboard.

2. Not so sure about the Appstore. I can see that for single player titles, but for multiplayer? I really don't know. My guess is Apple Users tend to prefer console gaming.

1. Chromebooks are also sold in Europe. Schools attempt to force them on students. My first dedicated school laptop was a Chromebook(and shit), my younger family members interact with unfortunate Chromebook using classrooms everyday. Yes, those things are hot garbage and for half the price I can get a superior machine in every way from the second hand market and 3 quarters the price I can get a superior machine new, but with enough pressure from teachers thousands of Chromebooks get leased every year.
(Sorry, for the rant. Chromebooks really frustrate me. They don't work well, they're being actively targeted at children, they're actively locking people in and they've shown me deep teacher computer illiteracy.)

2. The trick is much easier. The multiplayer games that get launched on Mac don't use store dependent hosting and rely on the user restrictions of MacOS to protect them against online cheating. This only works for the big studios, but the small studios couldn't afford to launch anything on MacOS anyway.

View this comment - View article - View full comments

Quoting: razze

Quoting: LoudTechie

Quoting: razze

Quoting: slaapliedje

Quoting: Purple Library Guy

Quoting: ElectricPrism

Flathub has served just about 1.6 billion downloads, has over 2,400 apps

Very impressive, congratulations to @all. The quality of FOSS on the store is great, and while predicting the future is hard -- I am modestly optimistic about their efforts to make a commercial area of the store someday.

I've long thought that one of the most potentially important things about Flatpaks is about closed, mostly non-game software. That stuff can't be packaged by your distro, so the ability for vendors to build their stuff in a fairly easy, pretty solid, distro-agnostic way could go a long way towards reducing complaints about Linux fragmentation.

It is this! Flatpak shouldn't be used to replace the distributuion software. The reason why is that it is tightly integrated and you will have security updates and bug reports you can send to your distro. The vast majority if Flatpaks are not officially packaged by the upstream project, and cannot be easily verified they haven't been messed with.

Why can't they be verified? And how can you verify a distro package?

The answer is(ofcourse) multiple ways.
The GNU, Linux, bsd, FOSS, etc. security model is build heavily on source code availability and subsequent peer review.
One way to verify is with reproducible builds. Build a package the advised way and hash it and compare it to the hash of the binary package.

A second way is with signature checks. This could work given that you've a party that you trust to produce a trustworthy indication of which developers produce trustworthy proprietary code. This is uncommon under developers of FOSS associated projects(self selecting), so there aren't a lot of tools for it. Also it is hard to generalize, because that trust is a lot more variable in a world of a thousand distros than one Microsoft/Sony/Apple.
This is how basic distro security works. The distro maintainer signs their package and you check if the signature matches theirs. This doesn't work, because distro maintainers have no way to distinguish modified proprietary packages from non-modified ones and because they simply never trust proprietary packages.

A third way is with self compiling and source code checks(this is how the distro maintainers do it themselves).

So flathub is at least doing 1. And 3 is done but by the app author. I'm very unsure if distro maintainers actually do it, tbh I don't believe that.

Flathub doesn't do 1, because they've nothing to compare the hash against. They only got the binary package provided by the uploader who may or may not be the developer and to fit into a flatpak the binary file probably had to be different anyway.

The app author does indeed number 3, but that doesn't help, because they can't scalable proof they're the author(s) to flathub, he isn't necessarily a trusted actor and nobody else can check their work.
Explanations of the statements in the summary:
The spoilers are examples.
"they can't scalable proof they're the author(s) to flathub"
It's really easy to claim you wrote a piece of software when you didn't. It's even easier to claim you wrote software with an arbitrary name when you didn't.

Spoiler, click me

"I wrote Photoshop here you got it and no it's not a cracked version of photoshop with a cryptominer embedded in it. Why would you even think that?"

"He isn't necessarily a trusted actor"
If the author can compile and read their program without it raising alarms to them it means they think it does what they want, but if they want malicious things it's still an issue.

Spoiler, click me

"I wrote a cool app that allows you to achieve Nirvana and no it isn't just a random yellow circle generator with ransomware embedded in it. Why would you even think that?".

This is why people want verified code in the first place.
"nobody else can check their work"
The fact that the author of a program can compile and read a program doesn't mean it's not a virus. The fact that someone else can compile and read a program without concluding that it's a virus means it at least has been hidden well and indicates that it's not virus.

Spoiler, click me

"I wrote a cool app that allows you to achieve Nirvana and no it isn't just a random yellow circle generator with ransomware embedded in it. No you can't see what it's doing."

The trick of flathub is twofold:
A. they render verification of lesser importance by placing the program in a sandbox, so that if it's malicious it can only inflict harm through direct user interaction.
and
B. they use the second method to try and become that one party for providing trusted proprietary code
(this is better verification than it looks, because if the market comes to agree with them that they're such a trusted provider, they will start providing unscalable verfication and proof of ownership through by flathub trusted actors(lawyers, judges, investigators and notaries)).

Also the way flatpak works allows for a 4th method of verification that used to only comfortably work with foss applications, which I forgot to provide.
Logging
By keeping track of what a program is doing one can catch generic malware and/or reverse engineer any form of software.
This is actively battled by both malware and proprietary authors by obfuscating what the software is doing, but flatpak puts enough restrictions on how the software may function that de-obfuscating and logging behavior becomes a lot easier.

A distro maintainer has to do 3 at a certain level, because getting something to work with a package manager means obtaining a full list of relevant dependencies and declaring them in the package.
If the source code is available compiling it on a bare system is really the fastest way of doing this(unless the original programmers have kept track of all the dependencies, but that's very rare).
Also self compiling is more normal under people with programming skills(like distro maintainers) than you might think. Ask Linux_rocks or any of the old timers on this forum. Gentoo used to require self compilation of everything and had still thousands of users.
Having said that after two or three layers of downstream most packages have the full list and compiling is still more work than copying, so you're right that not all of them use method 3 all the time.

Also my excuses for the long post.
I wasn't fully certain what exactly you meant with your post, so I provided all the information and explanation needed for all the interpretations I could come up with.

View this comment - View article - View full comments

Quoting: slaapliedje

Quoting: LoudTechie

Quoting: slaapliedje

Quoting: LoudTechie

Quoting: hardpenguinI went from a flatpak vocal sceptic to a regular user and supporter. I like having that much non-free modern software at hand. Can't find where I can support flathub monetarily though. The repo maintainers deserve our full support.

While I don't agree with you about parties spreading non-free software in desktop GNU/Linux deserving full support, here's the donation link of flathub https://flathub.org/donate [External Link] for those who agree with you.

Unfortunately there will always be non-free software. While the ultimate idea of RMS was that even games would be open source, and in essence you'd just pay for the graphics / sounds assets is great, only a few projects have made that a reality (like OpenMW, the Doom engines, etc.)
I think of Flathub more of a solution for the various package formats. But as I said earlier, flatpaks aren't always made by the upstream project (like Firefox is, but Discord is not) and using some of these can be bad, as people can modify things to put up there.

This is also why the various GUIs for flatpak have warnings on the page.

True there will always be proprietary software, but
A. That doesn't mean I'm a fan of actively paying for distributing it. If proprietary is so profitable as is often claimed those writing it can pay someone to distribute it from their profits.
B. That doesn't mean it has to come this close to home as to be spread through the software stores in desktop Linux systems.

I don't think flatpack will serve as a fix for package standard proliferation. I think it will just add another package format.(xkcd 927)
My experience with standardization is as such. Only large parties can instantiate a standard. Large consumers tend to prefer open standards, large sellers tend to prefer proprietary standards.
That having said I think flatpack will bring something good.
I expect that much like SElinux it will strengthen the GNU/Linux reputation of being really secure and that this time the security will be useful for more parties than large organizations with a clear hierarchy and taking software freedoms.

The key take away here is that flatpak is an OPEN standard, vs Snap, which only Ubuntu can run a 'store'. There is definitely a time and place for 'paid' apps, like say Steam has for Games. Though in all honesty, there are so many open source programs out there that would be perfectly fine to replace proprietary stuff (like office suites, for example).

Oh, I agree with the the statement that it will snap snap.
I just don't think it will(or should) make a dent in package proliferation, because it won't do anything to .deb, .rpf, appimage, etc.
Also we're having a miscommunication and that is my fault.
I use the term free, but I didn't mean free as in 0 cost, but free as in freedom(basically open source).
Inkscape has long been unknown to many Linux users paid software, just also open source. If you wanted to obtain it from the Microsoft store you had to pay a small fee to a central party defending the goals of the developers(including paying them directly, but not only that) the SFC.
Paid software has its place inside the ecosystem and I have nothing against distributing and helping paid software.
I argued that helping distribute non-open source software was something I can't actively

View this comment - View article - View full comments

Quoting: slaapliedje

Quoting: LoudTechie

Quoting: hardpenguinI went from a flatpak vocal sceptic to a regular user and supporter. I like having that much non-free modern software at hand. Can't find where I can support flathub monetarily though. The repo maintainers deserve our full support.

While I don't agree with you about parties spreading non-free software in desktop GNU/Linux deserving full support, here's the donation link of flathub https://flathub.org/donate [External Link] for those who agree with you.

Unfortunately there will always be non-free software. While the ultimate idea of RMS was that even games would be open source, and in essence you'd just pay for the graphics / sounds assets is great, only a few projects have made that a reality (like OpenMW, the Doom engines, etc.)
I think of Flathub more of a solution for the various package formats. But as I said earlier, flatpaks aren't always made by the upstream project (like Firefox is, but Discord is not) and using some of these can be bad, as people can modify things to put up there.

This is also why the various GUIs for flatpak have warnings on the page.

True there will always be proprietary software, but
A. That doesn't mean I'm a fan of actively paying for distributing it. If proprietary is so profitable as is often claimed those writing it can pay someone to distribute it from their profits.
B. That doesn't mean it has to come this close to home as to be spread through the software stores in desktop Linux systems.

I don't think flatpack will serve as a fix for package standard proliferation. I think it will just add another package format.(xkcd 927)
My experience with standardization is as such. Only large parties can instantiate a standard. Large consumers tend to prefer open standards, large sellers tend to prefer proprietary standards.
That having said I think flatpack will bring something good.
I expect that much like SElinux it will strengthen the GNU/Linux reputation of being really secure and that this time the security will be useful for more parties than large organizations with a clear hierarchy and taking software freedoms.

View this comment - View article - View full comments

Quoting: pbI wonder what's keeping Valve from just officially releasing SteamOS for general use.

The same what keeps Microsoft from releasing the Windows source code and Google from releasing google play services, they like the control it gives them.
Also it places them in a position to negotiate with patent holders and DRM companies.

View this comment - View article - View full comments