In my opinion, those warnings are not used to help users but to shame developpers for not trully sandboxing and verifying their apps. Developpers know that having this warning will decrease the number of users downloading it. The goal in the long run is to improve app sandboxing and security.
By not letting the user import/export addon settings, bookmarks?
Btw, i hate the opinion that the dev must babysit his users. It makes software worse, not better, look at Firefox’s profille folder for an example. If you have to, make an intro to train them.
You could but where is fails is when you open one html file that then needs to loads the other files that are needed by the first.
You can not allow chain loading like this, it would bypass the sandbox.
One way of working around this would to allow the option of passing a whole folder and sub folders to the program.
The other and much harder option would be a per program portal filter that can read the html file. then workout what files that html file needs and offer that list of files to the user.
The lazy work around is allow read access to $HOME and deny access to some files and folders like .ssh
Makes sense, but at least this would generally be out of a normal users usage case (multi-file documents), and so the power user could probably just open flatseal.
For things like bookmarks it’d work fine, and by extension make the sandbox more secure
Makes sense, but at least this would generally be out of a normal users usage case (multi-file documents), and so the power user could probably just open flatseal.
I would not be so sure. Firefox has a “save web page as…” option which saves the html page and all other files needed into a sub folder.
Without better handling of reading and writing files the sandbox will break that builtin function. another way of working around this. would be to change firefox to save the web page into one file. Maybe something a .html+zip file that firefox would know how to open. However that would lock other browsers out without manualy unziping it first.
Getting sandboxing right with powerful programs is very hard and I feel the tooling is still not here yet.
those warnings on mint and flathub are so ridiculous, there’s no difference between those and official ones, somebody could just as easily put something nefarious in any flatpak
Many flatpaks are not aware of their sandbox and thus have a bad ux.
E.g. flatpak Steam can’t access SteamLibraries at a non-default location, unless the user manually allows the path through flatseal. The same is true for other similar apps which don’t use the file portal.
Issues like this are unexpected for new users and thus it can be argued that flatpak aren’t a good recommendation for new users. I personally disagree because most flatpak work flawlessly and work everywhere independent of a users distro.
Flatpak is one extra step. If apt or rpm already has what you want, which is true for many new users, why would we push them towards scary click thru action?
beyond root processes, none that I am aware of. Hence I configured all my internet applications and steam to run in a jail :) firejail & bubblewrap come as native packages, unlike the flatpak contents
I like flatpaks and flathub, but this is just something they do badly. I think as well they also have “probably safe” which is just as unhelpful… And what does “access certain files and folders” even mean!?
I think they should just follow the example of every other app store; list the permissions in an easily understandable list and let the user decide whether or not they are comfortable with it.
I think they should just follow the example of every other app store; list the permissions in an easily understandable list and let the user decide whether or not they are comfortable with it.
Totally agree. The “verified” label will give new users enough comfort, and the ones who wish to know more will read the permissions.
When I look at Firefox in Discover, it only shows the list of permissions the flatpak will be given out of the box, with no warning of it being “potentially unsafe.” This certainly does seem like the better way to handle it.
Also, the warning on the Flathub website is clickable - it expands into the full permissions list. Why it defaults to “no information except maybe dangerous” is beyond me.
Yes but surely you’re aware that even the most new-user-friendly distros and their tools aren’t necessarily aimed at new users.
That warning is a perfect example of how Linux developers choose which hill to die on. They post a warning for an app that everyone knows can deliver bad times to two camps of users; those that know and don’t care and those that don’t understand the warning. If we could quantify the helpfulness of that warning, odds are that it saved 0 users from malicious action from that avenue of attack.
Never expect Linux as a whole to be “helpful” to the new crowd.
Which is why I said “linux as a whole”. Many distros will try to undo the nerdery and neckbeardism that is built into the parent distros but as a whole, linux is going to always be less welcoming to a new user than someone that’s used to useless warnings and repeated password entries for elevated privileges. Being safer and being new-user-friendly rarely go hand in hand.
Not all user friendly distros have a parent distro. Checkout Solus.
There are sometimes things upstream causing problems. The Linux kernel itself isn’t one of them though as Linus is pretty adamant that Linux distributions should be easy to setup and use. KDE is also designed to be pretty friendly while being customizable still. The main issues seem to come from apps and distributions.
On the one hand, you can read it as a parody of late 20th century life - like, haha imagine a caveman clocking into work
but on the other hand, Flinstones and its far future counterpart Jestsons kinda suggest an inability to imagine anything different. Automobile-ized suburban development frequently gets presented an the human ‘default’. As though we just default to this, rather than it being one of many ways cities and society could be organized.
I tried watching the Jetsons last year and it was pretty painful. The story moved really slow, the mother was claiming to be overworked pressing a button. Everything was a mildly linear improvement from the 1950s and it had very old ideas. It did not age well
programming.dev
Hot