Ideally becoming an active contributor to the project would be better, maybe you can start with that and eventually contribute with more as time goes on, you can always join our onboarding Matrix room and say hi!
All of the Flatpaks mentioned on the post are available on Flathub though, we do recognize that most people use it, so we recommend apps available on it.
Disrto theme bugs occur if the dev doesn’t write the app theme agnostic enough. Nothing wrong with flatpak. Those “bugs” will disappear the more flatpak is used
Are those principle still relevant? Particularly with GUI apps? I feel the sandboxing along is a good reason to switch to flatpak (or even snap if you know).
Flatpak itself is a layer of software. You could do that for regular apps too - to take away the hassle of having to manually set it up for each app. I already have two software that implements that logic in parts.
Not everyone values the same things you do. Flatpaks aren't the cause of the fact that different applications don't function correctly with different versions of libraries; they're just the solution.
Flatpak is better for normal people. It's better for most advanced users who don't want to micromanage compatibility issues. And it really doesn't have an impact on people who do want to micromanage because all your alternative ways to install software are still there.
Flatpaks aren’t the cause of the fact that different applications don’t function correctly with different versions of libraries
This problem has been solved by Nix and Guix. Nix is as popular among developers as flatpak is. Add bubblewrap to all applications, and you get nearly all the features as flatpaks. Flatpaks, meanwhile are huge and a bit slow to start - problems that Nix and Guix don’t suffer from.
I do use flatpaks extensively. But they are probably not the best solution to the problems you mention.>
Tbh, for me the value of flatpak is in the isolation (great for how easy it is to achieve), rather than the compatibility.
For example, I run obsidian with no network access and fs access to just the path where my notes are stored. This is really reassuring considering I am not really sure what all the plugins might do. While it is not perfect, it’s much better than having it running natively in my box (I.e. root namespaces).
Isolation is easy to achieve. Flatpak’s sandboxing layer is bubblewrap. It’s an independent software. It wouldn’t be too hard to write a wrapper for bubblewrap that acts like flatpak and launches applications in a carefully constructed sandbox.
It’s also not too hard to cook a Dockerfile for it, or even write a systemd wrapper with security settings. However, with flatpak you get this out of the box and mostly in a transparent way, plus you get all the usually annoying aspects (like having GUI applications work in containers) taken care of.
I like how Peek hasn’t been updated since like 2019, not even being developed or updated anymore and they recommend it… IT DOESN’T EVEN WORK ON FEDORA!
I jumped ship from Ubuntu to fedora last year and fedora is awesome. Fedora has a bit newer packages and the default felt right (albeit I missed system tray plugin from Ubuntu). Some hardware work better OOTB on Ubuntu, so always try with a live distro first.
You can always download it as an extension instead of a system package for the extension, but yeah, it’s available on our repos.
Also, pretty good. It will likely never be as many packages as there are in Debian’s repos, but even without Flatpak there was never a package I couldn’t find either in our repos or on COPR.
I see @joojmachine already answered some of your questions, but regarding “why would hardware work differently on fedra”, I assume it has to do with what kernel is being shipped, and what drivers that is also shipped with the distro by default. Sometimes drivers aren’t shipped due to legal reasons, and a distro can be shipped with a kernel that dosen’t have certain support for certain hardware.
As a contributor, I’m biased, but let me put it this way: it’s the distro that made me so comfortable using it and with a community so welcoming, I became a contributor 😅
Good that these finally have a unified name now, rather than people just being expected to know that Fedora + [obscure mineral you probably haven’t heard of] means immutable, plus having no idea of what mineral corresponds to what DE.
Silverblue and Kinoite are cool names, but really they should be renamed to Fedora Gnome (or Workstation, to line up with their standard desktop naming) Atomic, and Fedora Plasma Atomic, like they’ve done with Onyx >> Budgie Atomic
I understand why they wouldn’t want to suddenly change the branding of existing projects though.
I understand why they wouldn’t want to suddenly change the branding of existing projects though.
I’m not sure if I agree, I feel like the long term damage of keeping the names is greater than changing them now to Fedora Plasma Atomic (Formerly Kinoite) / Fedora Atomic Workstation (Formerly Silverblue). Leaving them as is, is just going to create more confusion in the future to new users who won’t immediately understand why the naming convention is different for the other spins and will create more confusion for documentation / support threads online.
I feel that I am 50:50 on it, immutable at least conveyed more information about what it is while Atomic feels a lot more “buzz-word-y” and does not convey as well what it means. Regardless, I’d say the bigger issue is keeping the old Silverblue & Kinoite names, they really should change them even if it means having a ~2 year period of having “Formerly Silverblue / Kinoite”.
Issue is that Immutable also conveyed a different type of information. When I first heard of it, I genuinely thought it was something like DeepFreeze for Windows
Are you familiar with the concept of “atomicity” in relation to database systems? It’s actually a very appropriate term, and the article touches on its use over “immutable”.
Yeah I had a similar experience when logging on to Sway - I had no clue what to do. Did you ever figure out how to bring up a menu or launcher? All I could do after googling was launch a terminal
I’m running Onyx (sorry… Fedora Budgie Atomic) on my Thinkpad and love it. Last night I decided to give Sway a shot and, when I was done with that, rolled back to Budgie without any of the cruft of installing additional DE’s alongside each other.
If you are a modder that wants to do stuff like replace the kernel, add in rust coreutils etc, then I think NixOS is indeed better. Have not used it but really want to try.
Image based Distros are just perfect for people that want to have perfectly reproducible bugs, or in general not many.
It is a good community concept, but tbh a preset of shared Nix config files could do the same thing too, with ease. Just dont deviate from those configs and you will have multiple people with the same systems.
Damn, rust really embrace the “Hey, Can I copy your homework?” Meme. I like rust btw, it’s just funny how often I see something along the line of “it’s like X, but in rust!”
This shows something else. The traditional languages are all more common than Rust.
I suppose Go could be a good competitor, and I read a thread comparing C=Go, C++=Rust.
I just see a lot more rust in many projects, and it is well integrated with GTK for example. I also know of several drivers and modules written in Rust.
At least in Linux, Go seems to be used for WebTech more than for other things.
I am interested in a discussion about that, as I would like to learn one of these languages, but Rust seems to have a better ecosystem with more adaption, ready GUI toolkits, a Linux Desktop, multiple GTK apps etc. in the making, while for example “Fyne”, Go GUI toolkit (that I found in the Flatpak “Rymdport”) doesnt even have Wayland support yet.
Exactly. The concept is great, but my Guix system (Nix fork from GNU) is already reproducible and capable of rollbacks and transactional upgrades (and declarative system configuration !)
The learning curve is quite steep tho (the Nix leaning curve is even higher, at least it used to be IMO). If the sway spin of Atomic Fedora was available earlier I probably wouldn’t have switched tbh. Both solutions are great.
Overall I’m quite happy with my Guix configuration. I’ve got roughly the same configuration on all my systems with ease, all config files (also sway for example) in the same language: Guile Scheme (LISP dialect), and the whole thing is in git. I don’t imagine going back to a regular distribution anytime soon.
Scheme is a more mature and more expressive language than Nix imo. And you can write your home configs in scheme too.
The differences aren’t that big, nix is great but I find (at least I did two years ago) the documentation a bit confusing. Both are great. I like scheme a lot better than Nix (the language), and the tooling is a bit less confusing to me.
Agreed. I used to use Silverblue and it was very stable but did not solve all the problems that Nix addresses. Once you experience the first reinstall with NixOS you will wonder why we did things any other way. It’s amazing to just run one command and have things set up exactly how you like.
I like them a lot, switched to Kinoite⏩uBlue: (Kinoite-main, -nokmods (until that got silently dropped), -main again; 37-39)⏩Secureblue kinoite-laptop-userns
The biggest Problem is that Fedoras Images are not usable.
Filemanager movie thumbnails dont work
Flatpak browsers are not feature-complete and probably not secure (because they can’t create usernamespace-isolated processes for tabs)
they have no NVIDIA support
powerusers will miss ffmpeg
The idea of immutable images is, to have a base that most people dont need to change. You can, but the moment you add NVIDIA proprietary drivers or full ffmpeg, you are in unprotected territory again.
So I like the Distros for their reproducible bugs and future possibility to be a very secure base (you could just verify the hash of the root system to check for viruses). But they cannot be produced in the US.
Fedora is nice but just like with rpmfusion, ublue is the key part that makes it work. And on immutable images this cannot just be added in a welcome dialog, as you need massive overrides by default.
I can’t find an open issue regarding security with flatpaks on librewolf codeberg.org/librewolf/issues/issues it would be nice if you could open one such that it may get adressed.
Just install ffmpeg in a distrobox or layer it if you desire
Filemanager thumbnails - I usually don’t use big icons (or thumbnails) hence, I don’t remember it too well but that should depend on the file manager, right? And aren’t there tools for thumbnail creation in case they are missing? (I remember something from my time when I used arch)
You cant layer ffmpeg, you need to override-remove everything libav and then install everything new from rpmfusion. I did that, its a mess.
If you just want video playback thats just libavcodec-freeworld, thats why I specifically mentioned ffmpeg.
I am not a fan of Distrobox for small tools. For sure possible but unnecessary and the workflow is a pain. And trust me, I use it daily and even ran libvirt in a rootful one, virt-manager in a rootless one, connected over ssh.
Chromium uses namespaces. Nowadays unprivileged user namespaces, but the legacy suid namespaces are still integrated.
If you want to run Chromium (and I think all Electron apps too) as Flatpak, you replace those namespaces with zypak, which instead isolates processes using flatpak and its seccomp filters.
These are the seccomp filters for every app though, so they are probably way too unrestricted. Also it has a small performance hit.
That is the reason why no Chromium Browser Flatpak is official.
Now the thing with Firefox is, I have no idea what isolation they use. Everyone says its less secure. And they adopted Flatpak as if it was nothing, without any comment on that topic.
The issue is that Flatpak uses a single seccomp filter for bubblewrap, that is used by every app. But browsers would need a different one, with just the added permission to create user namespaces.
Currently this is not even possible when using a seperate repo. Really, no idea. Bubblejail is an alternative with custom seccomp filters and usernamespace permission. But it is very different, uses system packages and is very alpha.
Jorge Castro has been the head of this project and I am excited by his vision. Bluefin aims to be the immutable desktop distro with the most sane defaults that also supports Nvidia.
It’s a mascot for brand recognition purposes, just like Tux the penguin. I don’t quite understand what the problem is. I feel like if I were to call anything about it weird, it would be the use of a derpy, chonky dinosaur rather than the gender of said derpasaurus.
if I were to call anything about it weird, it would be the use of a derpy, chonky dinosaur
Bluefin is a Deinonychus antirrhopus, a theropod dinosaur whose name means “terrible claw”. Discovered in the 1960s, she revolutionized our understanding of dinosaurs. Before Deinonychus, dinosaurs were often seen as slow, dim-witted creatures. However, she shattered these misconceptions, offering insight into the dynamic world of hot-blooded, rapidly evolving animals that were masters of their domain. We aim for our desktop to embody a similar nimbleness. Power and adaptability.
Fedora may receive backing from RH, but it’s still community-ran. Similar to how Linux itself is backed by the likes of Google/Meta/Huawei/etc but is isn’t ran by them.
And they didn’t close-source RHEL. I don’t like the license changes they made either, but calling it closed source is inaccurate.
If you’re a customer of theirs, you can see the source code. The license customers agree to is certainly a restriction, but it’s not all of a sudden closed/proprietary software.
And finally, despite that recent move, RH remains probably the biggest contributor to desktop Linux. If you want to avoid their work… good luck. It’s literally everywhere.
I’m saying their source code is available to its users for auditing, changing, redistributing without risk of being sued for intellectual property violations.
That’s fine as far as the GPL goes. It doesn’t have to be public to non-users.
You’re basically saying that something isn’t wet, it just has water on it.
I’m saying their source code is available to its users for auditing, changing, redistributing without risk of being sued for intellectual property violations.
We’re saying the same thing, you just refuse to attach “closed source” to its definition. So answer me this: can anyone freely use it? Can only licensees use it? If the answers are no and yes respectively, that’s closed source.
I’m saying nothing of the sort.
You absolutely are. You’re using the word’s definition (source code available only to licensees), but won’t say the actual word (closed source).
No, we aren’t saying the same thing, because you’re talking nonsense and I am not.
Closed source means computer programs whose source code is not published except to licensees
Nowhere in your link does it actually say that. And amusingly, by that definition, software where the source code isn’t provided to licensees isn’t closed source. What? So software where the code is a total black box that nobody other than the programmer knows isn’t closed source in your mind?
But here’s something it does say:
Proprietary software is software that grants its creator, publisher, or other rightsholder or rightsholder partner a legal monopoly by modern copyright and intellectual property law to exclude the recipient from freely sharing the software or modifying it
Let’s go through the two listed criteria, shall we?
Legal monopoly to exclude the user from sharing the software: RHEL doesn’t have this. They can’t sue anybody for sharing the code.
Legal monopoly to exclude the user from modifying the code: RHEL doesn’t have this. RHEL users are free to modify the code as they wish.
Saying “if you clone and republish RHEL, taking advantage of our work to undercut us with minimal effort, we reserve the right to not have you as a continued customer” is perhaps against the spirit of many open source licences, on that I agree, but it’s a far cry from being closed source. RHEL isn’t like MacOS or Windows.
It’s hard for me to take you seriously when it does and I literally copy/pasted from the link. Even if you don’t read the whole page, you can’t even do a CTRL+F correctly.
It literally doesn’t. Please stop lying. Everybody can see you lying. It just makes you look like even more of an idiot. You don’t want to look like even more of a idiot, do you?
I’ve used your own source to dismiss your argument.
But here’s another, just to drive the point home even more:
Calling me a liar (when it’s easily provable I’m not, I even included a screenshot for you) devolving to insults, calling me a kiddie and an idiot? If you can’t even formulate an argument without insults and you fail twice to read a link, yep, we’re done. Enjoy your day/night.
fedoramagazine.org
Oldest