About the image: The joke’s on you, I install my flatpaks via the terminal.
I’ve started using flatpaks more after starting using Bazzite and I liked them more than I expected. As a dev, I still need my work tools to be native, but most of my other needs are well covered by flatpaks.
Tip: Flatseal is a great config manager for flatpaks’ permissions.
I installed flatseal but I never understand what is essential and what is not.
Installing flatpaks via the terminal is so much faster for some reason, so I always do it that way.
I am definitely a fan. A lot of people say that flatpaks are bad because of sandboxing but I haven’t seemed to have any issues with it.
Although I do try to use dnf when a dnf package is available (I use fedora)
Certainly a fan, and I don’t understand the hate towards it.
Flatpaks are my preferred way of installing Linux apps, unless it is a system package, or something that genuinely requires extensive permissions like a VPN client, or something many other apps depend on like Wine.
The commonly cited issues with Flatpaks are:
- Performance. Honestly, do you even care if your Pomodoro timer app takes up 1 more megabyte of RAM? Do you actually notice?
- Bloat. Oh, yes, an app now takes 20 MB instead of 10 MB. Again, does anybody care?
- Slower and larger updates. Could be an issue for someone on a metered traffic, or with very little time to do updates. Flatpaks update in the background, though, and you typically won’t notice the difference unless you need something newest now (in which case you’ll have to wait an extra minute)
- Having to check permissions. This is a feature, not a bug. For common proponents of privacy and security, Linuxheads grew insanely comfortable granting literally every maintainer full access to their system. Flatpaks intentionally limit apps functionality to what is allowed, and if in some case defaults aren’t good for your use case - just toggle a switch in Flatseal, c’mon, you don’t need any expertise to change it.
What you gain for it? Everything.
- Full control over app’s permissions. Your mail client doesn’t need full system permissions, and neither do your messengers. Hell, even your backup client only needs to access what it backs up.
- All dependencies built in. You’ll never have to face dependency hell, ever, no matter what. And you can be absolutely sure the app is fully featured and you won’t have to look for missing nonessential dependencies.
- Fully distro-agnostic. If something works on my EndeavourOS, it will work on my OpenSUSE Slowroll, and on my Debian 12. And it will be exactly the same thing, same version, same features. It’s beautiful.
- Stability. Flatpaks are sandboxed, so they don’t affect your system and cannot harm it in any way. This is why immutable distros feature Flatpaks as the main application source. Using them with mutable distributions will also greatly enhance stability.
Alternatives?
AppImages don’t need an installation, so they are nice to see what the program is about. But for other uses, they are garbage-tier. Somehow they manage both not to integrate with the system and not be sandboxed, you need manual intervention or additional tools to at least update them/add to application menu, and ultimately, they depend on one file somewhere. This is extremely unreliable and one should likely never use AppImages for anything but “use and delete”.
Snaps…aside from all the controversy about Snap Store being proprietary and Ubuntu shoving snaps down people’s throats, they were just never originally developed with desktop applications in mind. As a result, Snaps are commonly so much slower and bulkier that it actually starts getting very noticeable. Permissions are also way less detailed, meaning you can’t set apps up with minimum permissions for your use case.
This all leaves us with one King:
And it is Flatpak.
I’ve been working on Linux for 15 years now and I perfectly remember the origin of many concepts. If you look at it through time, what would it be like:
- We can build applications with external dependencies or a single binary, what should we choose?
- The community is abandoning a single binary due to the increased weight of applications and memory consumption and libraries problems
- Dependency hell is coming …
- Snap, flatpack, appimage and other strange solutions are inventing something, which are essentially a single binary, but with an overlay (if the developer has hands from the right place, which is often not the case)
- Someone on lemmy says that he literally doesn’t care if the application is built in a single binary, consumes extra memory and have libraries problems. Just close all permissions for that application…
Well, all I can say about this is just assemble a single binary for all applications, stop doing nonsense with a flatpack/snap/etc.
UPD: or if you really want to break all the conventions, just use nixos. You don’t need snap/flatpack/etc.
I don’t mind other solutions, as long as they have the key features Flatpak offers, namely:
- Being open-source
- Having app permission system
- Having bundled dependencies
- Integrating decently with the system
Times are changing, and memory constraints for most programs are generally not relevant anymore.
Times are changing, and memory constraints for most programs are generally not relevant anymore.
But there are gaps in the libraries that, unlike distributions with dependencies, can no longer be managed. And all the security of your system depends on a small flatpack access control, which 99% of users do not understand at all and, with any problems simply opens access to the entire home directory.
I’m not saying Flatpak is perfect, but it appears to be the best we have.
I absolutely agree more needs to be done to explain permissions and have sane defaults. Flatseal in particular could introduce more warnings, and this is where non-technical users set their permissions.
In my experience, most Flatpaks do not request full home folder access by default, and making Flatpak access everything everywhere typically requires user intervention.
Native apps, meanwhile, just run with full system-wide access; I get it that they’re more vetted and more properly updated, but this is an unhealthy and insecure arrangement.
this is a system for work tasks. Of course, I understand what the developers are going for. that is Android. And it’s really nice to read the Internet on android. But try to do something more complicated than that and you’ll realize that it’s hell. However, I don’t mind if such distributions appear. Why not? I just don’t understand people who voluntarily limit their abilities. And why you don’t just install Android 64?
The flatpack approach automatically remove everything low-level from the equation. Do you want to write directly to the graphics card buffer? Read the input? Do I set the fan rotation parameters directly in the /proc? All these applications will never work in flat pack.
On the other hand, flatpack is superfluous and for convenience. You can simply build an executable file without dependencies and configure firejail for it yourself… That’s all. Or run the file from another user. That is so popular exactly bacause RedHat pushed them. Literaly like Canonical pushed snap.
All these applications will never work in flat pack.
They don’t have to! Flatpak doesn’t remove all other ways to install software. But for 95% of use cases, it will do just fine.
Firejail is good, but it only solves sandboxing part of the equation, and there’s so much more to Flatpaks than that. Also, it’s more painful to configure and is more sysadmin-oriented.
The few things I don’t like about flatpaks (which become a problem on atomic distros that use almost all flatpak by design):
-
Some types of embedded development is essentially impossible with flatpaks. Try getting the J-link software connected with nrftools and then everything linked to VScodium/codeoss
-
Digital signing simply doesn’t work, won’t work for the foreseeable future, and is not planned to get working,
-
Flatpaks sometimes have bugs for no reasons when their package-manager counterparts don’t (e.g. in KiCAD 8.0, the upper 20% or so of dialog boxes were unclickable with the mouse, but I could select and modify them with the keyboard, only the flatpak version)
-
The status on whether it is still being actively developed or not (at least I hear a fair amount of drama surrounding it)
But besides those small things, it seem great to me.
Thanks for the input! Yes, there are still certain issues with Flatpaks (for me it was aforementioned VPNs which also don’t work through Distrobox, and it would be quite odd anyway). But overall, they manage most apps well, just as you say.
-
Flatpaks, appimages, snaps, etc: why download dependencies once when you can download them every time and bloat your system? Also, heaving to list installed flatpaks and run them is dumb too, why aren’t they proper executables? “flatpak run com.thisIsDumb.fuckinEh” instead of just ./fuckinEh
No thanks. I’ll stick to repos and manually compiling software before I seek out a flatpak or the like.
This shit is why hobbies and things should be gatekept. Just look at how shit PC design is these days. Now they’re coming after the OS.
As I said, dependencies typically don’t take that much space. We’re not in the '80s, I can spare some megabytes to ensure my system runs smoothly and is managed well.
As per naming, I agree, but barely anyone uses command line to install Flatpaks, as they are primarily meant for desktop use. In GUI, Flatpaks are shown as any other package, and all it takes is to push “Install” button.
If you want to enjoy your chad geeky Linux, you still can. Go for CachyOS, or anything more obscure, never to use Flatpaks again. At the same time, let others use what is good and convenient to them.
It’s not the 80s, and I can save a few megabytes to keep my system running smoothly and well-managed.
And then it turns out that you have 18 libssl libraries in diffirent fpatpacks, and half of them contain a critical vulnerability that any website on the Internet can use to hack your PC. How much do you trust the limitations of flatpack apps? are you sure that a random hacker won’t hack your OBS web plugin and encrypt your entire fpatpack partition (which some “very smart” distributions even stuff office into, and your work files will be hidden there). People have come up with external dependencies for a reason.
Fair criticism!
However, the extent of the damage is limited by flatpak and whatever permissions you have set, and, if I understand it correctly, you cannot attack one flatpak through the other unless they share access to some files.
Also, I haven’t seen this kind of attack in the wild (maybe I’m not informed enough?) as opposed to rogue maintainers injecting malware into packages.
On an unrelated note: apparently, there is finally some Russian Lemmy instance? That’s a welcome change.
However, the extent of the damage is limited by flatpak and whatever permissions you have set, and, if I understand it correctly, you cannot attack one flatpak through the other unless they share access to some files.
there is a problem here that permissions are also set by the packages developers. User in most cases click accept all and alll done.
On an unrelated note: apparently, there is finally some Russian Lemmy instance? That’s a welcome change.
Well… Appeared 2 years ago. It’s just that practically no one needs it. =)
Permissions are also set by the packages developers
True, and I don’t think it is healthy not to let them to. But it would be nice to either have some vetting on the matter, or ask user about which permissions they agree for when they install Flatpak.
Appeared 2 years ago
Ого, то есть примерно когда я сам здесь очутился. Никогда не слышал о ру инстансах, хоть и искал. Теперь, кажется, нашёл)
Берёте человечка на борт? Не обещаю сделать Рекабу главным инстансом, но всегда полезно быть по обе стороны Чебурнета, а то последнее время с забугорными беды бывают.
I’ve heard Flatpaks aren’t great at CLI tools, is that true ?
As a Nix user, I’m glad Flatpaks exist for other people, but I only ever use them when a package is not available from Nix directly. Seeing as Nix is literally the biggest package manager out there, it’s a pretty rare occurrence.
Yes it is true. Flatpak is for gui apps only, at least as far as I know.
Honestly, I am a little scarred from snap.
Otherwise I’m agnostic on flatpaks - I’ve used a couple and they’re ok? They just remind me of old windows games that dump all their libraries in a folder with them.
On a modern system the extra space and loss of optimisation is ok, but on older hardware or when you’re really trying to push your system to run something it technically shouldn’t, I can see it being an issue.
I kinda like flatpaks being an option, not sure when they are the only option though.
I like them as an option, there are some programs like Bottles or specific game launchers that work under flatpak better than the versions available via native package manager (with Bottles in particular, you can use various built-in sandbox features via flatpak which makes things a bit more secure), but it’s also a bit of a pain because it’s an additional package manager you have to update separately now, or tweak if things go wrong.
My favorite part of the linux experience is the FREEDOM, but also being talked down to for not using my freedom correctly, I should only do things a specific way or I might as well just use windows.
Because using your freedom to promote options that restrict freedom means helping to remove your freedom. But hey, what do the Linux elders know? Clearly the new people into Linux are far smarter…
You don’t have to do as they say but doing so lets you talk down to others who aren’t. So it’s a fair trade.
Most of us refugees just want windows but cool.
Not a fan. There’s often trouble, and some settings is hassle, and sometimes not even working.
I’d take a well-maintained native package for my distro over a Flatpak, but sometimes, a Flatpak is just the the easiest way to get the latest version of an application working on Debian without too much tinkering - not always no tinkering, but better than nothing.
This is especially true of GIMP - Flatpak GIMP + Resynthesizer feels like the easiest way to experience GIMP these days. Same with OBS - although I have to weather the Flatpak directory structure, plugins otherwise feel easier to get working than the native package. The bundled runtimes are somewhat annoying, but I’m also not exactly hurting for storage at the moment - I could probaby do to put more of my 2 TB main SSD to use.
I usually just manage Flatpaks from the terminal, though I often have to refresh myself on application URLs. I somewhat wish one could set nicknames so they need not remember the full name.
Idk how, but one time I tried installing something as a flatpak and it took like 300+MB and a very long time. I figured something was wrong, found a way to install it normally and it took like 10MB and installed quickly. Idk what went wrong, but I’ll never touch this garbage again
Edit: oh they’re not for arch. Maybe they should have told me before the 300mb slog
If i got it right, flatpacks gather all of the dependencies of the package and bundles them with tha package. Maybe those extra 290mb were from dependencies that you already had installed but that flatpak wanted to install another copy.
I prefer Arch Linux’s use of flatpaks, which is none at all ever
Joke’s on you, I use Flatpaks on Arch
Me pretty much only ever using arch Linux: “what the fuck is a flatpak”
I once had to install Firefox into wsl (Ubuntu) and I wanted the kms on the spot.
But maybe it’s not that bad for newer people to get started with Linux.
Flatpaks together with “immutable” distributions, Wayland and systemd are a heresy, a crime against the UNIX principles, a disgrace in the eyes of of SED and AWK. REPENT! Save your immortal core dumps and return to the one true /home !
If it’s a mostly self-contained app, like a game or a utility, then Flatpak is just fine. If a Flatpak needs to interact with other apps on the host or, worst case, another Flatpak it gets tricky or even impossible. From what I’ve seen though, AppImage and Snap are even worse at this.
Flatpak doesn’t support dev device access no matter what I use flatseal and all the shabang, so bottles is useless to me for a lot of the wine applications I would like to “not emulate”