corsicanguppy,

Still not worth dependency hell.

OsrsNeedsF2P,

Relevance?

TheGrandNagus,

Flatpak reduces dependency hell… and proper sandboxing has nothing to do with dependency hell.

soulfirethewolf,

It’s nice to see good app security being praised. Sometimes it feels like some people on lemmy (and the fediverse) throw security to the wind.

Like one time I had heard someone over on Mastodon say that they thought that HTTPS was too overused and shouldn’t have been everywhere because it makes older apps unable to access sites and also made adblocking just ever so slightly harder.

Which yeah, I love adblockers, but I’m definitely not comfortable with all traffic having to go unencrypted just for it.

JustARegularNerd,

But my 1998 Windows CE device that’s made obsolete by those meddling modern security practices!

MonkderZweite,

Does it have to be sandboxed?

IverCoder, (edited )

An app should not be able to access stuff the user did not consent to letting access.

MonkderZweite, (edited )

deleted_by_author

  • Loading...
  • lukas,
    @lukas@lemmy.haigner.me avatar

    Software supply chain attacks exist, you know?

    IverCoder, (edited )

    Well, no matter how I trust my photo editing app, it has no business accessing my thesis documents. Proper filesystem sandboxing does security properly.

    SuperIce,

    Even if I trust the app, it may have security bugs. Still better to have it sandboxed.

    mdurell,

    I would argue this is only for apps you CAN trust. Bad actors gonna act badly.

    stella,

    Isn’t that what file system permissions are for?

    IverCoder, (edited )

    The file picker API is there to allow apps to access and save files with the user’s consent, while bot having any filesystem access. So a properly sandboxed app would be able to open, edit, and save files wherever the user wants, while not having access to any other irrelevant files, such as your .bashrc or memes folder.

    Drito,

    This is useful for proprietary software.

    IverCoder, (edited )

    As well as FOSS too. Sandboxing is a security standard that should be followed by every software how open their code may be.

    adam_b,

    The verified feature on flathub is a double edged sword, it makes me lean towards verified apps, even if the alternative is better and made by the original Dev ( but they just didn’t verify themselves )

    Next up is user rating and comments…

    bizdelnick,

    What is this? A solitaire game?

    IverCoder, (edited )

    This could well be an advanced video editor or an office suite if they take full advantage of the portals API without losing any functionality. Well, they can have the network permission, it would still be safe anyway.

    owsei,

    I agree with you

    however this program can’t even create files, although I may have misunderstood it

    how are you supposed to save your work?

    IverCoder, (edited )

    As I mentioned in my previous comment, they use the portals API to access and save files.

    Blackmist,

    Likes like Hello World is ready to ship.

    IverCoder, (edited )

    With a bit of modifying code to use the color picker and maybe rearranging the workflow to adapt to the new system, apps as advanced as DaVinci Resolve and LibreOffice can have permissions as restrictive as this (the network permission would of course may be needed but it would still be marked as Safe by Flathub).

    You can use the file picker API to open the files or folders your app would need to access while having no filesystem permissions at all. You can access the camera, microphone, and GPS without the user devices portal, by simply using the respective portals where the user has the power to allow or deny access to such devices as they wish.

    You can record the screen, take a screenshot, and pick a color in the screen by simply calling the proper portals, with the bonus that the user will be able to select if they want the entire screen, a specific window, or a specific area to be recorded/captured and whether the cursor should be shown or not.

    Heck, even TeamViewer can be as this restricted without losing any functionality if they use the Screen Cast portal which allows apps to mirror input from a remote device! They would of course need the network permission, but that’s still safe.

    areyouevenreal,

    Does all of this require flatpack specific APIs?

    Markaos,
    @Markaos@lemmy.one avatar

    Yes in the sense that the APIs were made because of flatpak, but not in the sense that devs would need to keep two separate code paths for flatpak vs non-flatpak - portals work everywhere.

    areyouevenreal, (edited )

    Does it work with snapcraft?

    Markaos,
    @Markaos@lemmy.one avatar

    Yep

    areyouevenreal,

    There is no need to downvote someone over a question.

    Markaos,
    @Markaos@lemmy.one avatar

    I haven’t done that, lemmy.one doesn’t even have downvotes

    areyouevenreal,

    Ah fairs

    kuneho,
    @kuneho@lemmy.world avatar

    this sandbox craze is slowly pushing things back to the point where we used cartridges and booted off from them straight to the program. who needs an OS at this point? it’s bundled with the app anyway 😆

    /s, somewhat

    Gentoo1337,
    @Gentoo1337@sh.itjust.works avatar

    Why is it censored lol

    bingbong,

    !peepee !< is safe

    IverCoder,

    It’s actually Dippi but I don’t want to look like I’m advertising it here

    possiblylinux127,

    Cool

    darth_tiktaalik,
    @darth_tiktaalik@lemmy.ml avatar

    I like how the app name is blacked out so as not to dox the flathub app.

    Helmic,

    Wouldn’t want bad actors to find privacy respecting software.

    radioactiveradio,

    Sanboxed from prying eyes, it’s completely safe.

    fafok20662,

    Why does it look like itoddler ui?

    Infiltrated_ad8271,
    @Infiltrated_ad8271@kbin.social avatar

    They successfully applied the gnome design guidelines.

    fafok20662,

    Yikes it looks just like a mobile or tablet.

    Spotlight7573,

    And that’s a bad thing?

    The desktop is finally catching up with the more restrictive permissions model where an app doesn’t just have the ability to do anything the user can do but instead only has access to what it needs.

    Going with a familiar interface style like the ones people already use on mobile just makes sense.

    What would you want it to look like instead?

    bingbong,
    Rustmilian, (edited )
    @Rustmilian@lemmy.world avatar

    I’m not a fan of all the blank space in their design language, it doesn’t look bad or anything but I don’t have a touch screen and having to move the mouse around so much for long periods of time physically hurts, especially on laptops.
    I wish it was more… desktop friendly… If they took more advantage of the dynamic layout capabilities of GTK4 to have a better desktop layout based on their already existing design language while still having this mobile esk layout for other devices, we’d be golden.
    If they don’t want to do that, they should at least increase the default mouse speed so it feels better out of the box.

    shea,

    looking nice and readable is just cool and good

    TheAnonymouseJoker,
    @TheAnonymouseJoker@lemmy.ml avatar

    Here is the way to 4chan >>> ___

    Luccus, (edited )

    Linux users (sometimes):

    sees an extremely user-friendly interface - so good that everyone and their grandma can use it perfectly right away without any explanation

    “Ugh, why doesn’t this look more complicated?”

    Edit: This was in response to someone commenting “Why does it look like toddler UI?”. The comment seems to be deleted now.

    1984,
    @1984@lemmy.today avatar

    Haha so true, and I say this as a Linux user for like 20 years. There are some Linux users who value functionality over form so much that they prefer cluttered user interfaces with tiny borders to maximize screen space.

    Spectacle8011,
    @Spectacle8011@lemmy.comfysnug.space avatar

    What really needs to happen:

    Flatpak packages should ask for every permission they need, and the user needs to approve every one of them.

    Right now, we have this weird in-between state where some flatpak packages ship with limited permissions (like Bottles). That’s because every permission the package asks for is immediately granted. The user doesn’t get a chance to refuse these requests. This current model serves to make life more difficult for non-malicious flatpak packagers while failing to protect users from malicious packages.

    Also, GNOME needs a Flatpak permissions center like KDE. You shouldn’t need to install a third party program to manage permissions.

    miss_brainfart,
    @miss_brainfart@lemmy.ml avatar

    Absolutely, permissions should be disabled by default, and only when the app needs to do something that requires a certain permission should it ask for it.

    Maybe even do something like Android, where permissions automatically get revoked if you don’t use an app for a certain time. I love that feature.

    oldfart, (edited )

    It’s the first time I hear someone praise Android messing with user’s settings. Care to elaborate why you like it?

    miss_brainfart,
    @miss_brainfart@lemmy.ml avatar

    There is very little reason any app should keep its permissions if you never actually use it, is there?

    Especially when most people use apps that phone home every last piece of data they give them access to.

    oldfart,

    I don’t agree but I see your point, that would certainly be useful to some people. Thank you for explaining.

    miss_brainfart,
    @miss_brainfart@lemmy.ml avatar

    I think it’s enabled by default, but you can also just disable it for specific apps.

    But if you leave it enabled and permissions get revoked after a while, you’ll get a notification telling you about it. I think that’s fair.

    There’s always going to be a debate on whether something like this should be opt-in or opt-out, but for the purpose of privacy and data security, it makes sense to be on by default, I reckon.

    JoYo,
    @JoYo@lemmy.ml avatar

    it’s weird that android and ios already provide this but THE container standard doesn’t

    anon5621,
    @anon5621@lemmy.ml avatar
    Spectacle8011, (edited )
    @Spectacle8011@lemmy.comfysnug.space avatar

    I don’t doubt it, but this is a good place to start.

    This claim has interesting phrasing:

    Adding X11 sandboxing via a nested X11 server, such as Xpra, would not be difficult, but Flatpak developers refuse to acknowledge this and continue to claim, “X11 is impossible to secure”.

    If you look at the GNOME post, you’ll see they haven’t argued against including a nested X server at all:

    Now that the basics are working it’s time to start looking at how to create a real sandbox. This is going to require a lot of changes to the Linux stack. For instance, we have to use Wayland instead of X11, because X11 is impossible to secure.

    I’m not saying they haven’t refused to acknowledge this elsewhere, but it’s strange to point to this blog post which acknowledges that the sandbox is very much a work-in-progress and agrees with Madaidan that X11 is hard to secure.

    Does Xpra provide better sandboxing than XWayland? If not, I think the Flatpak developer’s solution to this is: just use Wayland. And obviously, there’s plenty of room to improve with the permissions Flatpak does offer.

    I did some searching on the Flatpak Github for issues and found that you can actually use Xpra with Flatpak, and the answer is “just use Wayland”:


    This is also concerning:

    As odd as this may sound, you should not enable (blind) unattended updates of Flatpak packages. If you or a Flatpak frontend (app store) simply executes flatpak update -y, Flatpaks will be automatically granted any new permissions declared upstream without notifying you. Using automatic update with GNOME Software is fine, as it does not automatically update Flatpaks with permission changes and notifies the user instead.

    Source: privsec.dev/posts/linux/desktop-linux-hardening/#…

    It’s great that GNOME Software notifies you when permissions change! I don’t use Flatpak enough to know, but I hope flatpak update notifies you too if you don’t use the -y option.

    fossisfun,
    @fossisfun@lemmy.ml avatar

    I’ve tried to combat this a bit with a global Flatpak override that takes unnecessarily broad permissions away by default, like filesystem=home, but apps could easily circumvent it by requesting permissions for specific subdirectories. This cat-and-mouse game could be fixed by allowing a recursive override, such as nofilesystem=home/*.

    But even then, there is still the issue with D-Bus access, which is even more difficult to control …

    I think it is sad that Flatpak finally provides the tool to restrict desktop apps in the same way that mobile apps have been restricted for a decade, but the implementation chooses to be insecure by default and only provides limited options to make it secure by default.

    TeryVeneno,

    I think the main reason why the implementation is insecure by default is simply because when it started most applications did not use portals and many portals we have today did not exist. You had to poke holes in the sandbox to make anything work cause all applications expected to run unconstrained. In the future as more apps become flatpak aware this should stop being an issue.

    AnUnusualRelic,
    @AnUnusualRelic@lemmy.world avatar

    It’s not fully sandboxed if it can write to my screen! That filthy app, writing stuff all over the place!

    BautAufWasEuchAufbaut,
    @BautAufWasEuchAufbaut@lemmy.blahaj.zone avatar

    That’s why we have Wayland. :)

    onion,

    Sandboxes have been converted into quarantine bomb shelters, for child safety

    gentooer,

    Haskell programmers when you tell them the main function isn’t pure

    lemann,

    This kind of thing could work for a few apps, say a color picker utility or a QR code generator etc.

    Looking at the docs, it isn’t clear if apps can write to their own namespace (instead of writing to user folders directly), but if they can, we could expand the scope to games like supertuxkart, 2048 etc, which would then be able to save user milestones and progress in their own area - a bit like how Android apps do it

    docs.flatpak.org/en/…/sandbox-permissions.html

    It’s a great start IMO, although admittedly there is still work to do. Flatpak atm bridges the gap with allowing new apps, requiring new libs, to run on older stable/LTS distros

    themoonisacheese,
    @themoonisacheese@sh.itjust.works avatar

    Yes, they can. There are app-specific folders in .local that flatpaks can read and write to specifically for this purpose, and also the file picking dialog may give access to the one specific file you picked.

    Android IMO has great usability in exposing a database to apps, which means they aren’t required to ship their own database engine.

    andruid,

    Get a database, data que and service mesh and we can have an advanced k8s style platform.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • linux@lemmy.ml
  • localhost
  • All magazines
  • Loading…
    Loading the web debug toolbar…
    Attempt #

    Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 1175552 bytes) in /var/www/kbin/kbin/vendor/symfony/http-kernel/Profiler/FileProfilerStorage.php on line 174

    Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 638976 bytes) in /var/www/kbin/kbin/vendor/symfony/error-handler/Resources/views/logs.html.php on line 38