🔜fosdem
Put that in packages, otherwise you're probably going to have some binary-compatibility horror.
Most people use Arch, Ubuntu or Fedora. And all of them are just purely bad.
If I'm missing a package for anything, it's a nightmare to grab it.
So to me they are failed distros, and I don't see why I should have to bear the pain of other people's choices.
Quite like how with python you need to at least bump your packages every 6 months in most distros.
i guess. I havent messed with packaging yet. Currently, as just a user who loves the concept of flatpak but still hates how messy it is, arch and its aur work greatly.
Learn static linking if you want to ship blobs that ignore the distro.
@lanodan @MischievousTomato @a1ba Wasn't isolation by using chroot the main point? It ensues bringing all the dependencies in, but that wasn't the primary objective. Am I wrong?
@lanodan @MischievousTomato @a1ba I agree with you, it is broken. Crappy integration is a major problem — but it is actually what they wanted to achieve with isolation. Static linking is not the same as what *they* wanted to do with flatpak — that's what I was talking about.
@MischievousTomato @a1ba @lanodan That's the price you have to pay for sandboxing/isolation, you can't have it and perfect integration at the same time 🤷
Well on linux you basically can't, it's a Unix system.
Namespaces are an afterthought, it's not part of the system design, this is why user namespaces are often a security issue, they weren't there ~10 years ago.
And filesystems overlays also have been pretty much always broken in linux, it's kind of wonderful to see them still being broken after all this time.
(I think it's better on illumos and BSD)
Meanwhile If you look into Plan9 system design, you access almost all APIs via files, making it simple to sandbox and isolate.
And I think more recent systems based on microkernels also do similar things.
@lanodan @MischievousTomato @a1ba P9 was way ahead its time. I hoped it would gain popularity given its distributed nature when all this "cloud" shit was gaining steam, but no workloads didn't shift from clients, you still have to have a powerful one, they've just used "the cloud" as a justification to steal your data.
@lanodan
And microkernels are of course good! I mean everyone resorted to this "hybrid" shit for performance reasons, but now computers and even smartphones have abundance of computing power and we still don't have microkernel-based OSes as the mainstream.
Weren't there any interesting experiments with L4 or something similar recently? There were some interesting ideas with running L4 on top of linux, but I don't remembner anything viable coming out of it.
wait for security patches to fix all excessive computing power :)
Not sure how good they are, it's so horribly academic hands-in-hands with proprietary software that I had no idea how to use it.
I've seen "Xen microkernel" few times as well but I'm not sure if it's people being wrong or if there is a microkernel-based system capable of being a Xen host somewhere.
@MischievousTomato @a1ba @lanodan Theoretically they could provide links to relevant files or copies, but I don't know how they actually do it.
No guys, I'm not defending this, I've never used flatpaks and I'm not going to. All I'm saying, they didn't make it this shitty by chance — it's this way by design.
@MischievousTomato Good for you! Same here.
I don't see how sanboxing improves security in the age of Meltdown/Spectre/Heartbleed/etc but some seem to like it.
That's why I think flatpak is the future.
But snap is not, it's probably going to die like everything else Canonical tried to push.
Just bringing libraries of some older distro and rebuilding all dependencies against them (is what AppImage devs suggest, like building on RHEL 6 or old stable Debian) is today.
Flatpak problem is mostly: Yeah, please ship me an entire distro as blob that can't be rebuilt/modified. So in practice, everyone looses the rights guaranteed by FOSS licences.
(Also crappy integration in the host system, meaning broken accessibility)