Flatpak packages should ask for every permission they need, and the user needs to approve every one of them.
Right now, we have this weird in-between state where some flatpak packages ship with limited permissions (like Bottles). That’s because every permission the package asks for is immediately granted. The user doesn’t get a chance to refuse these requests. This current model serves to make life more difficult for non-malicious flatpak packagers while failing to protect users from malicious packages.
Also, GNOME needs a Flatpak permissions center like KDE. You shouldn’t need to install a third party program to manage permissions.
Absolutely, permissions should be disabled by default, and only when the app needs to do something that requires a certain permission should it ask for it.
Maybe even do something like Android, where permissions automatically get revoked if you don’t use an app for a certain time. I love that feature.
I think it’s enabled by default, but you can also just disable it for specific apps.
But if you leave it enabled and permissions get revoked after a while, you’ll get a notification telling you about it. I think that’s fair.
There’s always going to be a debate on whether something like this should be opt-in or opt-out, but for the purpose of privacy and data security, it makes sense to be on by default, I reckon.
I don’t doubt it, but this is a good place to start.
This claim has interesting phrasing:
Adding X11 sandboxing via a nested X11 server, such as Xpra, would not be difficult, but Flatpak developers refuse to acknowledge this and continue to claim, “X11 is impossible to secure”.
If you look at the GNOME post, you’ll see they haven’t argued against including a nested X server at all:
Now that the basics are working it’s time to start looking at how to create a real sandbox. This is going to require a lot of changes to the Linux stack. For instance, we have to use Wayland instead of X11, because X11 is impossible to secure.
I’m not saying they haven’t refused to acknowledge this elsewhere, but it’s strange to point to this blog post which acknowledges that the sandbox is very much a work-in-progress and agrees with Madaidan that X11 is hard to secure.
Does Xpra provide better sandboxing than XWayland? If not, I think the Flatpak developer’s solution to this is: just use Wayland. And obviously, there’s plenty of room to improve with the permissions Flatpak does offer.
I did some searching on the Flatpak Github for issues and found that you can actually use Xpra with Flatpak, and the answer is “just use Wayland”:
As odd as this may sound, you should not enable (blind) unattended updates of Flatpak packages. If you or a Flatpak frontend (app store) simply executes flatpak update -y, Flatpaks will be automatically granted any new permissions declared upstream without notifying you. Using automatic update with GNOME Software is fine, as it does not automatically update Flatpaks with permission changes and notifies the user instead.
It’s great that GNOME Software notifies you when permissions change! I don’t use Flatpak enough to know, but I hope flatpak update notifies you too if you don’t use the -y option.
I’ve tried to combat this a bit with a global Flatpak override that takes unnecessarily broad permissions away by default, like filesystem=home, but apps could easily circumvent it by requesting permissions for specific subdirectories. This cat-and-mouse game could be fixed by allowing a recursive override, such as nofilesystem=home/*.
But even then, there is still the issue with D-Bus access, which is even more difficult to control …
I think it is sad that Flatpak finally provides the tool to restrict desktop apps in the same way that mobile apps have been restricted for a decade, but the implementation chooses to be insecure by default and only provides limited options to make it secure by default.
I think the main reason why the implementation is insecure by default is simply because when it started most applications did not use portals and many portals we have today did not exist. You had to poke holes in the sandbox to make anything work cause all applications expected to run unconstrained. In the future as more apps become flatpak aware this should stop being an issue.
Linux in corporation fails in multiple ways, the most prevalent is that people need to collaborate with others that use proprietary software such as MS Office that isn’t available for Linux and the alternatives such as LibreOffice aren’t just good enough. It all comes down to ROI, the cost of Windows/Office for a company is cheaper than the cost of dealing with the inconsistencies in format conversions, people who don’t know how to use the alternative X etc etc. This issue is so common that companies usually also avoid Apple due to the same reason, while on macOS you’ve a LOT more professional software it is still very painful to deal with the small inconsistencies and whatnot.
Linux desktop is great, I love it, but it gets it even worse than Apple, here some use cases that aren’t easy to deal in Linux:
People who need the real MS Office because once you have to collaborate with others Open/Libre/OnlyOffice won’t cut it;
Designers who use Adobe apps that won’t run properly without having a dedicated GPU, passthrough and a some hacky way to get the image back into your main system that will cause noticeable delays. Who wants to deploy GPU passthroughs for others? Makes no sense;
People that run old software / games because not even those will run properly on Wine;
Electrical engineers: Circuit Design Suite (Multisim and Ultiboard) are primarily designed for Windows. Alternatives such as KiCad and EasyEDA may work in some cases but they aren’t great if you’ve to collaborate with others who use Circuit Design Suite;
Labs that require data acquisition from specialized hardware because companies making that hardware won’t make drivers and software for Linux;
Architects: AutoCAD isn’t available (not even the limited web version works) and Libre/FreeCAD don’t cut it if you’ve to collaborate with AutoCAD users;
Developers and sysadmins, because not everyone is using Docker and Github actions to deploy applications to some proprietary cloud solution. Finding a properly working FTP/SFTP/FTPS desktop client (similar WinSCP or Cyberduck) is an impossible task as the ones that exist fail even at basic tasks like dragging and dropping a file.
If one lives in a bubble and doesn’t to collaborate with others then native Linux apps might work and might even deliver a decent workflow. Once collaboration with Windows/Mac users is required then it’s game over – the “alternatives” aren’t just up to it.
Windows licenses are cheap and things work out of the box. Software runs fine, all vendors support whatever you’re trying to do and you’re productive from day zero. Sure, there are annoyances from time to time, but they’re way fewer and simpler to deal with than the hoops you’ve to go through to get a minimal and viable/productive Linux desktop experience. It all comes down to a question of how much time (days? months?) you want to spend fixing things on Linux that simply work out of the box under Windows for a minimal fee. Buy a Windows license and spend the time you would’ve spent dealing with Linux issues doing your actual job and you’ll, most likely, get a better ROI.
From a more market / macro perspective here are some extra reasons:
Companies like blame someone when things go wrong, if they chose open-source there’s isn’t someone to sue then;
Buying proprietary stuff means you’re outsourcing the risks of such product;
Corruption pushes for proprietary: they might be buying software that is made by someone that is close to the CTO, CEO or other decision marker in the company, an old friend, family or straight under the table corruption;
Most non-tech companies use services from consulting companies in order to get their software developed / running. Consulting companies often fall under the last point that besides that they have have large incentives from companies like Microsoft to push their proprietary services. For eg. Microsoft will easily provide all of a consulting companies employees with free Azure services, Office and other discounts if they enter in an exclusivity agreement to sell their tech stack. To make things worse consulting companies live of cheap developers (like interns) and Microsoft and their platform makes things easier for anyone to code and deploy;
Microsoft provider a cohesive ecosystem of products that integrate really well with each other and usually don’t require much effort to get things going - open-source however, usually requires custom development and a ton of work to work out the “sharp angles” between multiple solutions that aren’t related and might not be easily compatible with each other;
Open-source requires a level of expertise that more than half of the developers and IT professionals simply don’t have. This aspect reinforces the last point even more. Senior open-source experts are more expensive than simply buying proprietary solutions;
If we consider the price of a senior open-source expert + software costs (usually free) the cost of open-source is considerable lower than the cost of cheap developers + proprietary solutions, however consider we are talking about companies. Companies will always prefer to hire more less expensive and less proficient people because that means they’re easier to replace and you’ll pay less taxes;
Companies will prefer to hire services from other companies instead of employees thus making proprietary vendors more compelling. This happens because from an accounting / investors perspective employees are bad and subscriptions are cool (less taxes, no responsibilities etc);
The companies who build proprietary solutions work really hard to get vendors to sell their software, they provide commissions, support and the promises that if anything goes wrong they’ll be there. This increases the number of proprietary-only vendors which reinforces everything above. If you’re starting to sell software or networking services there’s little incentive for you to go pure “open-source”. With less companies, less visibility, less professionals (and more expensive), less margins and less positive market image, less customers and lesser profits.
Unfortunately things are really poised and rigged against open-source solutions and anyone who tries to push for them. The “experts” who work in consulting companies are part of this as they usually don’t even know how to do things without the property solutions. Let me give you an example, once I had to work with E&Y, one of those big consulting companies, and I realized some awkward things while having conversations with both low level employees and partners / middle management, they weren’t aware that there are alternatives most of the time. A manager of a digital transformation and cloud solutions team that started his career E&Y, wasn’t aware that there was open-source alternatives to Google Workplace and Microsoft 365 for e-mail. I probed a TON around that and the guy, a software engineer with an university degree, didn’t even know that was Postfix was and the history of email.
For what it’s worth, my company issues macs by default, but allows Linux or Windows if you request it. We just use Google Suite. Zero problems collaborating, and I work in a customer facing role.
Lots of justification in this. Just be the change you want to see.
I only work with libre formats at work. If someone wants to collaborate, they can easily install libre office or gimp or freecad or gnu cash or whatever. Most libre software is free and cross-platform.
I only work with libre formats at work. If someone wants to collaborate, they can easily install libre office or gimp or freecad or gnu cash or whatever. Most libre software is free and cross-platform.
Okay so tell me, you’re working on a budget with a potential customer that uses MS Office. You want to win that customer and do a big project for him, would you “bitch” about him about using MS Office and ask him to install LibreOffice whenever the spreadsheet formulas don’t work properly?
What if said potential customer is a big company with strict IT policies? What if the person can’t even install software or is older and unable do it but very proficient with Excel?
Are you willing to lose a potential big customer, a project that will pay your bills for months just because a boomer can’t or won’t be able to install LibreOffice?
I tell customers to use Libre Office. I tell them its free, cross platform, give them a link to download it, and ask if they have any further questions.
If they said IT issues, I’d ask to talk with their IT department. Its not difficult to get IT to install trusted, open-source software.
You’re delusional or only deal with very low stakes because frankly if your costumer is a 1000+ employee company on industries like banking and whatnot you’ll just lose the customer right there.
I have worked for companies with thousands of employees, yes. It helps to be right about the cost, security, and usability benefits of using FOSS and be able to stand your ground and argue valid points.
But I do prefer companies with less than 100 people.
I salute you. Not many that are willing to do so. Maybe because most people don’t have very deep convictions on using FLOSS. It is easier to just do what everyone else does, after all.
I think the opposite. Working on windows is a pain in the ass. Like the system is not made for working and barely support it for actual computer work.
If you only use office or play video games, it’s good, certainly, and it’s good for the security team to have everyone with it because the system is built to only allow specific actions to be done. It’s completely inapt for actual engineering and technical work.
Like the system is not made for working and barely support it for actual computer work.
Have noticed the same.
One example why windows is bad for a developer. Lets say you work with node.js Eventually you’ll end up with node_modules directory in you project with tens of thousands of files and thousands of directories. If you delete that directory in windows it takes minutes. In Linux it’s instantaneous.
You can’t do whatever you want if you’re an employee in a big enterprise, there are company-wide rules and standards that you have to respect, you can’t expect your colleagues to adapt to you nor you can decide which OS to install on your company PC.
That’s not to say you can’t use Linux at all, you can ask your IT to be allowed to install Virtualbox and use Linux in a VM, that’s what I do, there are a lot of things that don’t strictly require Windows and I use Linux for those.
I make it very clear at the interview stage that I use Linux. Its never been an issue.
If someone tried to force me to use proprietary software, I’d say no. If they wanted to fire me over that, it would be ridiculous. It’s free and easy to support FOSS. Its costly & difficult to support proprietary software, so its not a hard sell.
Yeah and sometimes it’s not even just about customers, some people don’t realize big enterprises (as in dozens of thousands of employees) are very different from smaller companies, they’re like a “different world” on their own, not everything you can do on a smaller scale is feasible. They would probably need to work in one to really understand.
i mostly agree except its leagues ahead for sysadmins and devs, it isnt even a contest. to counter your specific example, filezilla works great. i havent used a tool for this specific niche on linux that wasnt much better.
affinity photo is great on linux too if you are not too stuck with adobe. cant say much about other usecases you mentioned.
also wine runs old software better than windows in some cases. i have better luck with it on linux. funnily enough old linux software is a pain on linux in the rare situations where i need it.
I’ve been a sysadmin for years and I worked longer on Linux than I did on Windows.
Many of your points are management bullshit. The proof? In France the gendarmerie (country police) moved to Linux about a decade ago.
The thing with windows is usually that management want a whole solution out of the box, from a renowned editor, so basically Microsoft. The key point is that they want a contract with a company so they can discard the responsability of failures on someone out of their own company. The second feature is that they are boomers or anti-nerds, so they are never going to be seen using something on a computer that’s not mainstream.
The last problem is from Microsoft that worked hard these last years to remove any compatibility between office and other softwares of this kind. They also enshitified office365 very hard so that is doesn’t work well on Linux.
The question of the price is a fraud. Large companies need an it service for Windows on top of the licences and infrastructure. It’s way cheaper with Linux. The biggest work with an enterprise Linux is to make it compatible with the shitty Windows environment, and the compliance with the useless security thought for windows.
Yes, they are and I never said they weren’t management BS. Nevertheless management pays the bills, management makes the decision.
The key point is that they want a contract with a company so they can discard the responsability of failures on someone out of their own company.
You’re just saying what I said before…
The last problem is from Microsoft that worked hard these last years to remove any compatibility between office and other softwares of this kind
Yes, but the end result is that nobody sane would even risk not using MS Office and that’s what it is.
Large companies need an it service for Windows on top of the licences and infrastructure. It’s way cheaper with Linux.
It depends, integration between MS products and services usually comes out of the box or working with minimal setup while with open-source solutions / Linux that isn’t always the case. Also Windows sysadmins are usually cheaper because you can get more and they require less training to be “efficient” than Linux ones.
The biggest work with an enterprise Linux is to make it compatible with the shitty Windows environment, and the compliance with the useless security thought for windows.
Yes but you still have do it and it has a cost. Simply going full Windows is cheaper at that point.
That’s where we disagree : anybody sane would use Linux rather than windows. Windows usage is based on ignorance.
You have zero idea about Windows system integration if you think it comes out of the box. Or you live in America. In Europe, data safety is a concern, and it raises many, many problems with Windows “out of the box”.
There are still use cases for windows. We have a predominately Linux environment (server and desktop), and a development team that build 80% of our operational software. That team are not fans of windows, but come across quite a few use cases where they have to use it because a 3rd party program won’t run on Linux; or an external connection requires a windows service; or there is no comparable product available on Linux (MS Excel is the one thing keeping me on windows). Even ignorance plays a part, because end users can still have had limited access to technology over their lives and in Australia that usually means windows computers in schools. I deal with staff in their 20’s and 30’s who know nothing of how technology works outside of “push that button and the thing happens”, if that button is a different colour, or shape, or location, shift is over, go home - they don’t care why it’s changed and definitely don’t want to learn a new way to do it. We’re somewhere between American data cowboys and the GDPR when it comes to data safety in Australia, which MS can be BS at and the integration burns more of our teams time than it should, but it’s still a necessary evil - even if it’s just when dealing with customers and vendors
If excel is keeping you on Linux, you’re doing it wrong. The problem here is undoubtedly ignorance and nothing else.
If it’s another program, wine made immense progresses these last years. You want to check about it.
Now, if you’re saying Linux is not ready out of the box, that’s true, but neither is Windows. Not if you have any important need. Windows is good for a customer, not for a company.
BTW Linux changed in the last ten years. It’s not the neckbeard system it used to be.
Now that I have a work laptop, I’ve installed Linux on my home computer and it was simple and runs fantastically - actual results may vary as I work in IT and have grown up with a high tech involved family. However, the hill I’m happy to die on, is the fact that using Excel above a basic level in business, where information needs to be shared with non-technical staff cannot be replicated in Linux, and that Excel is still the best product to do this.
This is wrong about excel. Most thing excel do can be done with libreoffice. People are lazy to learn and convert their documents, and Microsoft does everything possible to make this harder.
Maybe you don’t know what empirically means? Your ignorance is not a proof for anything. I know what I can do with libreoffice, and I am very mediocre with it. I’ve never seen an excel document that couldn’t be done with libreoffice.
And I wrote most things that can be done with excel. Now, if you want something that can be debated, I posit that anything that can’t be done in libreoffice calc but can be in excel is not worth doing in excel.
People saying libre office is a full replacement for Excel haven’t seen what excel power users in offices can do. It’s usually people who in another life would be programmers but for whatever reason they can’t/won’t make the leap out of excel and into full fat programming. Expecting these same people to convert to a free clone of excel that uses slightly different syntax and has less polish is a great way to lose a very valuable employee extremely quickly.
I absolutely love the environment that Linux affords one, and I would financially support the developers of the tools I rely on (which of course includes libre office) if I were in the financial position to do so, but I’m not delusional when it comes to the role Excel plays in the 21st century office. The business world is run from poorly backed up, undocumented Excel spreadsheets on anemic desktops, and that ain’t changing anytime soon
I just looked up the definition of excel power user, and it’s mostly stuff I deal with on a daily basis, so I guess I’m a power user.
That being said I am switching to libreoffice currently because I’m tired of proprietary bullshit. I also like the idea of being able to change libre for my needs if I want. I haven’t seen any degradation other than a rough around the edges UI. What is libre lacking that MS has?
The uphill battle isn’t technical it’s social. The UI is a little less polished, the syntax is slightly different, and Excel has close to 30 years of market recognition. For 99% of excel users LibreOffice Math will absolutely cover their needs 100% with as much time spent figuring it out as they would spend figuring excel out. That last 1% of users however will complain that the syntax changed, they’ll complain that they have to entirely redo the formulas in every one of their old spreadsheets, they’ll feel undervalued and you better believe they’re some of the most valuable people in the company because they learned long ago about working smarter and not harder, plus they know how to automate their work and are therefore much more efficient workers.
As a small counterpoint, I am supposed to use Windows at work but I use Linux. I would say that I am a “very heavy” but intermediate Microsoft Office user. That is, while I am not expert level in Office, I have to create and consume multiple documents per day. I give ( or submit ) several PowerPoints per week. These typically use templates supplied by Marketing or others. I create and consume multiple Excel files daily which almost always have multiple worksheets. I must admit that I have gotten authoring Word files down to maybe one per week but I open 3 a day at least.
Of course, I do not actually use Microsoft Office most of the time. Most of the above is in LibreOffice. I spend a tonne of my day in Outlook which I use in a browser ( Office 365 ). If I am opening a document from an email, it will often open in Office 365 online ( in my browser in Linux ). So do I use Microsoft Office quite a bit but rarely author anything there. While I prefer Firefox, I use Microsoft Edge on Linux and most often that is where I have Outlook open. Sadly, I have at least 3 to 4 Microsoft Teams meetings a day. Teams and GoToMeeting are why I started using Edge. It is just a nicer workflow if Teams and Outlook are in the same browser.
Anyway, I have very little problem exchanging documents. I had to switch to default fonts that Windows users will have of course but that was long ago now. So, I would not say that “alternatives such as LibreOffice aren’t just good enough” is a fair assessment for everybody. If I was an expert user in any one app ( in Finance maybe ) I could see this being true but I bet most office workers could use LibreOffice just fine these days.
Outside of Office, most of what I use are web applications which work just as well on Linux. I use containers a lot and they work better on Linux. Linux is quite bit snappier on the same hardware.
I am just a datapoint though and the issues you raise are real. I would perhaps just be less absolute about it. Trying Linux can still make sense. Also, you can try LibreOffice on Windows before jumping all the way to Linux.
Yes but you still have some little annoyances here and there. Is it worth having to fight your software to get your job done? Isn’t just easier and more productive to use MS Office (ROI described above and whatnot).
Teams and GoToMeeting are why I started using Edge. It is just a nicer workflow if Teams and Outlook are in the same browser.
See this is what most people feel about Office, its just nicer to use the Microsoft thing and not ever having to worry about anything.
While I agree that for some people LibreOffice might work, there’s the following simple test:
Id’ say your comparison pictured is not valid. It’s not the same document in both programs. On the left you have opened Lorem Ipsum.docs and on the right you have a new untitled document.
If one truly wants to share final documents use pdf not a draft format like docx.
There’s Lightworks, too, although it’s geared toward the editing process. I like it, though, and have been able to make it work for general video editing. The color correction tools are better than Kdenlive and not as good as DaVinci Resolve, but unlike Resolve, it will decode/encode H.264 and AAC. It’s powerful without being quite as overwhelming as Resolve can be for newbies. There’s no advanced setup involved unlike Resolve. The playback is responsive even with 4K footage. Kdenlive is great too, if you don’t need more advanced features or are working with a lot of 4K footage.
But how long did it take you to get there? I think the point he was trying to make is that GIMP has a steeper learning curve. If you’ve never used krita/pinta/etc, but you gave a lot experience with GIMP, then yes, GIMP will be easier
I’d never used anything & I tried them all. GIMP was by far the easiest for me to learn & I don’t know why. The rest are not in any way bad, I just found GIMP the easiest for whatever reason…
I think a lot of people have already learned some things about it when they try gimp, and then when gimp is completely different, it is rather unintuitive to them, but if you started with gimp, you don’t have that problem
Little known fact: A Stanford mainframe kept logs of the activities of the ‘wheels’ in a journal – the ‘journal of the wheels’. Young George Lucas, who briefly attended the university, found that journal, and became fascinated with the ‘Wheel Wars’. He later drafted a document that he called ‘Journal of the Whills’, based largely on what he read on those logs; this is the draft that later became ‘Whill Wars’, and ultimately, of course, ‘Star Wars’.
I use my Linux PC for gaming. Last time I tried Steam/Nvidia with Wayland I could only get one game to launch. So hopefully those 2 will work on making Wayland happen for us.
I have always liked Nvidia for years. When I moved to Linux, the Nvidia drivers have been working great on X11. I am currently playing Baldur's Gate 3 and I have DLSS 2 turned on and get frame rates at 100. Looks great and awesome game. But I know Wayland is the future and want Nvidia to work well with it and Steam. I will get an AMD if I have to but my card is still great and I am not looking for a new one yet.
When I first attempted to give Wayland a try, it just wouldn’t work. Did some troubleshooting but stuck with X11 for the time being.
About a month ago I gave logging into a Wayland session a try on a whim, and it just worked. Everything was fine, only difference was a change is mouse sensitivity.
There’s a lot of other stuff where Wayland improves the experience. Pretty much everything hotplug works to some extend on X, but it’s all stuff that got bolted on later. Hotplugging an input device with a custom keymap? You probably can get it working somewhat reliably by having udev triggers call your xmodmap scripts - or just use a Wayland compositor handling that.
Similar with xrandr - works a lot of the time nowadays, but still a compositor just dealing with that provides a nicer experience.
Plus it stops clients from doing stupid things - changing resolutions, moving windows around or messing up what is focused is also a thing of the past.
I was waiting for Nvidia drivers 545 to try again, but I checked last weekend and Ubuntu still had 535 drivers. I hear Nvidia did a lot of fixes for wayland on the new drivers.
All of them have premium prices, but not a single one of them freemium, or always-online, meaning you get what you pay for and what you pay for is high quality software.
Presonus if you need a pro tracker, or even the chance at mixing Atmos on Linux (though the hardware needs to be supported OS-side of things).
Mixbus 32C is cool, because it’s EQ’s and compressors are analogue modelled after their classic console. They got that real nice vintage sound.
Bitwig is basically a mixer/sequencer DAW, meant for electronic music and live performances.
Now if only Ableton Live could be ported to Linux :( pretty please?
linux
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.