Flatpak packages should ask for every permission they need, and the user needs to approve every one of them.
Right now, we have this weird in-between state where some flatpak packages ship with limited permissions (like Bottles). That’s because every permission the package asks for is immediately granted. The user doesn’t get a chance to refuse these requests. This current model serves to make life more difficult for non-malicious flatpak packagers while failing to protect users from malicious packages.
Also, GNOME needs a Flatpak permissions center like KDE. You shouldn’t need to install a third party program to manage permissions.
Absolutely, permissions should be disabled by default, and only when the app needs to do something that requires a certain permission should it ask for it.
Maybe even do something like Android, where permissions automatically get revoked if you don’t use an app for a certain time. I love that feature.
I think it’s enabled by default, but you can also just disable it for specific apps.
But if you leave it enabled and permissions get revoked after a while, you’ll get a notification telling you about it. I think that’s fair.
There’s always going to be a debate on whether something like this should be opt-in or opt-out, but for the purpose of privacy and data security, it makes sense to be on by default, I reckon.
I don’t doubt it, but this is a good place to start.
This claim has interesting phrasing:
Adding X11 sandboxing via a nested X11 server, such as Xpra, would not be difficult, but Flatpak developers refuse to acknowledge this and continue to claim, “X11 is impossible to secure”.
If you look at the GNOME post, you’ll see they haven’t argued against including a nested X server at all:
Now that the basics are working it’s time to start looking at how to create a real sandbox. This is going to require a lot of changes to the Linux stack. For instance, we have to use Wayland instead of X11, because X11 is impossible to secure.
I’m not saying they haven’t refused to acknowledge this elsewhere, but it’s strange to point to this blog post which acknowledges that the sandbox is very much a work-in-progress and agrees with Madaidan that X11 is hard to secure.
Does Xpra provide better sandboxing than XWayland? If not, I think the Flatpak developer’s solution to this is: just use Wayland. And obviously, there’s plenty of room to improve with the permissions Flatpak does offer.
I did some searching on the Flatpak Github for issues and found that you can actually use Xpra with Flatpak, and the answer is “just use Wayland”:
As odd as this may sound, you should not enable (blind) unattended updates of Flatpak packages. If you or a Flatpak frontend (app store) simply executes flatpak update -y, Flatpaks will be automatically granted any new permissions declared upstream without notifying you. Using automatic update with GNOME Software is fine, as it does not automatically update Flatpaks with permission changes and notifies the user instead.
It’s great that GNOME Software notifies you when permissions change! I don’t use Flatpak enough to know, but I hope flatpak update notifies you too if you don’t use the -y option.
I’ve tried to combat this a bit with a global Flatpak override that takes unnecessarily broad permissions away by default, like filesystem=home, but apps could easily circumvent it by requesting permissions for specific subdirectories. This cat-and-mouse game could be fixed by allowing a recursive override, such as nofilesystem=home/*.
But even then, there is still the issue with D-Bus access, which is even more difficult to control …
I think it is sad that Flatpak finally provides the tool to restrict desktop apps in the same way that mobile apps have been restricted for a decade, but the implementation chooses to be insecure by default and only provides limited options to make it secure by default.
I think the main reason why the implementation is insecure by default is simply because when it started most applications did not use portals and many portals we have today did not exist. You had to poke holes in the sandbox to make anything work cause all applications expected to run unconstrained. In the future as more apps become flatpak aware this should stop being an issue.
You joke, but meteorite impacts causing large igneous provinces on the opposite side of the planet might actually be a thing.
(Uluru and Meteor Crater are provably not an example of this, though, for several reasons: they aren’t antipodes of each other, Uluru is five orders of magnitude older, and the phenomenon I mentioned would’ve been caused by way, way bigger impacts.)
It’s astounding that one can learn really cool and interesting stuff by posting random nonsense to the shitpost community, lol. Thanks for the link! That was indeed new to me ;)
There is correlation evidence on Mars too! I don’t think it’s been considered casual at this point, but Atlas Pro has a really cool YouTube video showing a lot of potential examples. The Hawaiian Islands were particularly convincing to me. I’ll try and find the video.
Do they have to be antipodal? If we imagine a clock face overlaid over an image of the earth, if a meteorite strikes vertically (i.e. parallel to the 12-6 line) at 11, could it result in a bulge at 7?
Nobody might want advice here and feel free to vote this down but go out into the real world and find something to do where other people are.
A little more than 7 years ago, after being single for 6 years, I went to a dog park with my dog and met a woman that interested me. We showed up at the same time and talked each time, I asked her out after a month. We went out New Year’s Eve and have been together since.
It doesn’t always work but you can do it, random meme watchers have done it, so it is possible.
It sucks such thing does not exist where I’m from. Even if she was earning 10x times more than you, she does not contribute a penny to your kids , house or bills. I’m not making this up
not possible due to our situation. me and my family are travel banned by the government, siblings in jail, and Im the only one with my mom. it sucks I know
I tried this once. Went to the dog park, chatted up a girl over a period of a month. I finally got the courage to ask her on a date, and she said yes! The date (dinner and a local concert) went great - we ended up back at my place and I can honestly say it was some of the best sex of my life.
Then she ghosted me and we never talked again. That was 2017, and I’m still not over it. Thanks for the advice though.
I’m definitely not promising it will work perfectly. I was single with a dog and going to dog parks for 5 years before that but was at first not ready to date as I had just separated from my partner of 9 years.
Dog parks are just good places to meet people, some you won’t know their names, some you will know them by their dog’s name, some you will know their names and meet outside of the dog park.
Being social is the key to whatever type of relationship you want.
Don’t get too high hopes about people until you really know them. So it was the best sex ever? Cherish that memory but don’t stop living. And 2017, and you’re still not over that? Really dude (or dudette?), don’t just get over that, get over yourself. Stop stop living, start living. Take risks, get hurt. Yes, you’ll get some bruises along the way, it will build character, you will learn and improve until you find that perfect person and by then it will not only be that that person is perfect for you, you will then also finally be perfect for that person because honestly right now you don’t sound perfect for anybody. Don’t that that last bit wrong, it just means you gotta work on yourself. Relationships are a lot of work, I spent huge amounts of time on reflecting, thinking about how I can make my wife smile, trying to improve myself, etc…
I make a point of it to smile. Every. Single. Time. That. I. See. Her. I do anyway because she’s fucking gorgeous, but even so, i make sure. It makes her day multiple times per day, and seeing her smile makes me smile even more. A real relationship is a lot of work and it’s so damn worth it, but you gotta be ready for it too. If you’re not willing to do the work now how are you supposed tondo the work once you find that special someone?
You gotta get out there, and get hurt. It’s part of the process. I got hurt (and unfortunately hurt others myself) on multiple occasions and I’m fine. You’ll be fine. It sucks in the moment, but you process it, give it a space somewhere in your memories and you go on to the next one. Believe me, you will get hurt a few more times (and build great memories in the process too, by the way, let’s not forget that), you will learn what to do, what not to do, you’ll learn not to immediately get strung up by the first girl and declare her your undying love within 5 minutes of meeting her, that usually doesn’t end well. Also not the second girl, nor the third , and not within 5 minutes… after a while you’ll find that super special one.
like that you will get better because it’s not only about the others, its about you too. Grow up.
As long as you stay safely on your shelter, you will stay alone for your entire life. If that’s what you want, fine. But I think it’s not, so this year go out, get out, take risks, get hurt, be happy.
Graphing is still necessary for the blind, but it’s more common to use a plastic sheet on a hard rubber clipboard with a stylus that causes the plastic to rise up when it’s pressed with a bit of force. (Though while googling for it I found plenty of examples like yours so maybe less common than I thought)
Say nothing. Stop sharing or seeding. But, above all, say nothing. You’re getting phished. Just comply and stop seeding the shit. Keep quiet. If you reply you’ll just have problems that cost money.
At least you get texted about properties you once owned. I get texted about some dude’s properties across the country even though this hasn’t been his number for a good decade now
Haha it’s just weird to get a txt asking if I want to sell x property I haven’t owned for twenty years.
It has to be a credit report thing as my gf gets txt about the properties and she has never been on the loans or titles. The properties are always in my name.
I had 800 credit working fast food because l carried extremely little debt.
Twenty years later, my score is fighting to stay about 750 because I make 6 figures, a few credit cards with zero debt. Because they WANT me to hold onto debt to show my trustworthiness? Fuck that.
No you don’t. Technically you get a small (~10 point) bonus for showing literally anything other than $0. But you get zero points for carrying that balance beyond the payoff date.
You should never ever ever pay interest on credit cards. It doesn’t help you in any way.
Nah, there’s something else that’s triggering it. Average length of credit matters a lot, so if you cancel cards and get new ones frequently that would do it.
Long term debt for sure is good, carrying balances on cards is never rewarded.
The reason they’re OK extending credit when you have debt is because they can see you are managing it. Mortgage or auto loans (asset backed) aren’t bad. Don’t carry balances on cards ever if you can avoid it.
As another poster said, there’s probably no functional difference for you between 750 and 830.
Yes, but also you don’t get good credit by entering into contracts you can’t afford. What I can and can’t afford are my decision to make.
Just like you can have good credit and low income, you can have high income and be shit with money. It really doesn’t prove anything by showing a pay stub.
well, you’re listening to one anyway. Your prejudiced behavior is oozing out, a map is your biggest enemy is a map, dear, and no, Taco Bell is not that hot - it’s a you problem. Your ignorance is in full display, you know nothing about the culture outside of your borders. Truly pathetic.
I’m just mirroring your energy scooter. If there is prejudgement it’s coming from your end.
That’s so weird. Why doesn’t he just fill the bucket with lava? That way he can place a lava source block wherever he wants! Maybe set fire to his friends creations in the process.
I mean, I sort of imagine it to be less the “rule on the books” part, and more the “do we actually have the physical capacity to enforce those rules” end of it. They cant really imprison him (I mean while he’s feeling guilty he might stay willingly, but they cant keep him in if he eventually changes his mind, so itd more be him imprisoning himself). Trying to despite the futility of it would seem somewhat dangerous, because again, if he should ever change his mind, you clearly dont want to seem hostile to something with that kind of power, especially when you dont have it. Saying “Our law is not sufficient for you” could just be interpreted as the most diplomatic way given his mental state to justify leaving and not returning.
i.imgur.com
Top