Nixos and Guix are the (my) future.
this post was submitted on 23 Nov 2021
36 points (86.0% liked)
Linux
47362 readers
1033 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
Same here. Reproducibility and declarative configuration are the future!
same
Imo they're right, but theres some weird (pro proprietary software) claims in there.
If I ship an app for Windows I don’t have to include the entire Win32 or .NET runtimes with my app. I just use what’s already on the user’s system.
Those cases are rare on windows, most apps package their own versions of dependencies just like with snap/flatpak/appimage (just not so neatly organized) and it sucks.
Backwards compatibility is a major part of why Windows is still the dominant desktop OS.
But thats also a major part in why it sucks and is insecure. Microsoft knows that and has started to break stuff with higher frequency too. You should only freeze interfaces when there is a consensus that there isn't anything to be improved anymore. You can only build this consensus when you have a clear use case.
I'd argue, that this is impossible for operating systems with desktop and all. So best you can do for backwards compatibility is to only put breaking changes in major versions and still maintain older ones. Of course that means you can't have major versions to often and now people will complain that your software sucks because it can't even do X.
Microsoft does this too, but they often release a whole new product instead of version bumps. And by that they accumulate even more technical debt.
Businesses actually care about this! They use ancient proprietary software that is critical to their business whose source code has long been lost to the sands of time.
This isn't a case that should be handled by FOSS developers, but by courts fining them for putting their employees, customers and business partners at risk! Running software that isn't maintained by you or a third party is a liability.
I find those points of theirs to be pretty weak.
- With Flatpak most of the runtime stuff is packaged separately, so on Flathub for example you have most of the applications using common runtime components. Sometimes you need multiple versions of one of them, but the same goes for a lot of Microsoft's stuff.
- I don't find Windows to be any more backwards compatible than Linux is. On Linux you get the advantage of having access to the source more often, so source is going to be compatible for longer than binaries will. Source can be updated for compatibility too, giving it infinite life. (Of course, binaries could have infinite life if you take into account all the compatibility methods like virtualization.)
- Yeah I'm sure business just love using ancient proprietary software and not being able to upgrade their systems. Oh wait, I thought compatibility was strong on Windows. (Not that all such software runs on Windows, but of course a major chunk of it does.) Businesses will eventually have to replace that old stuff, whether it's sooner or later. It would have been better if they had the source code in the first place and could use that to help them upgrade or replace it.
With Flatpak most of the runtime stuff is packaged separately
They mentioned that not all flatpaks use the same separate runtime. Ideally they could just use the one my distro packages.
I don't find Windows to be any more backwards compatible than Linux is. On Linux you get the advantage of having access to the source
You can run (a lot of) really old (late 90s) windows binaries with the modern libraries. You can also probably run really old linux binaries, but only if they use syscalls directly, not if they are (dynamically) linked against e.g. libc or x-stuff. Of course if the source is open, you can make it work.
There are two problems these are "solving": API incompatibility and isolation. Both of this issues are a real problem when you want to run proprietary software.
When you have a source code of all applications and libraries you can compile them and otherwise patch them to get things working together most of the time. This way we don't have to worry about changing libraries that much.
When you can trust your software you don't need isolation. For programs like Firefox things are a bit different since it is, by default, running untrusted software and it's sandbox will never be perfect. You can get isolation without duplicating all dependencies using process isolation (what Android does) or even using namespaces where you share your root files system but not your home directories.
So for open source software these systems are creating more problems then solving. For running potentially malicious system on Linux I don't think we have a good solution yet, or if we even should waste time solving it. There are better OS designs that would make this easy (Plan9, object-capability bases security, etc.)
As for Windows the business model that MS is trying to support is vendor locking combined with licensed closed source binaries. In such case the long term backward compatibility is a must. And consequences of such models we are all aware of.
if needed, whats wrong with static linking?
You can statically link binaries. Plan9 does only that, Rust and Go only support static linking (by default). The problem is that you need a good meta-data system that will allow you to track what was linked into each binary, so that if there is a security issue you know exactly what needs to be rebuilt. I don't think we have such a system yet. If I have a bug in OpenSSL I just update that, restart servers using TLS and it is patched.
The problem is that you need a good meta-data system that will allow you to track what was linked into each binary
Fantastic idea! This would be a really important project to see developed!
Just nitpicking here, but last week i learned golang binaries are not statically-linked (at least not completely).
That's correct. Flatpak is the present. It's happening right now.
Is it though? is it integrated by default in your desktop environment? Can you easily add 3rd party repos from GUI? Can you finely edit the sandboxing settings for an app from GUI?
Hell, i can't even find how to make flatpak apps respect my keymap for keybindings. Inside a flatpak run'ed app, typing respects AZERTY but pressing Ctrl+A will trigger quit dialog (Ctrl+Q) as if i used QWERTY keymap.
is it integrated by default in your desktop environment?
It creates .desktop files and even sandboxes dbus, what more should it do?
Can you easily add 3rd party repos from GUI?
Why would GUI users need to do that?
Can you finely edit the sandboxing settings for an app from GUI?
Your response was far more accurate that I could do. 👍
Meh, I've been using the official Firefox flatpak, and I love that my web browser has no access whatsoever to my ~/.ssh private keys, or anything else I don't want it to be able to read
You could store it via KeePass and ~/.ssh can only read out by your Browser if you are using the same user account to run both, so I would recommend storing ssh-keys in the home directory of another user account. Another way would be to encrypt ~/.ssh if you store your keys there.
I was sort of cheeky with my ~/.ssh example, because I'm actually 100% on Yubikeys for my SSH private keys, so there's only public keys in that directory now
But, with my setup ( https://gitlab.com/jokeyrhyme/dotfiles/-/blob/main/packages/flatpak-update.sh#L66 ) I run flatpak override --user --nofilesystem=home ... for a few things like flatpak web browsers (really, I should run this for everything)
It's all about defense-in-depth: putting up as many barriers as I can before the getting inconvenienced more than I'd like, and flatpak is so easy for me to use that there isn't any inconvenience at all
As a user of arch btw for many years, does anyone have any link to anything that fully goes into why a lot of distros such as arch don't have this problem? Packages, runtimes, and dependencies have been a non-issue on arch (and I'm sure other distros with proper package managers) for a long time.
Dependencies can absolutely be a problem. Let's say you have a Python program that relies on an older version of a package due to a breaking change. With Arch those packages are installed in a per-Python interpreter global namespace. So if two applications have conflicting version requirements for a package, you're kind of screwed. Yes, there are ways around the issue, but it's not customarily used in Arch.
This is just not a problem with Flatpak. The dependencies can be installed directly with no fears about causing a conflict. Even if the Flatpak itself uses a runtime, that runtime allows the Flatpak to add its Python dependencies as a simple layer on top. This happens independently of any other Flatpaks.
If you use your distro's up-to-date built and packaged from source applications it's unlikely you'll have a problem. Those start when you want to use old packages or packages from a different distro (with different or patched libs) with your system.
Flatpak, AppImage etc. packaged apps will run on (almost) any system and you only need to build them for different processor architectures. So it's the ovious choice for lazy or profit oriented developers.
There has never been a better time to ship a binary app that targets the Linux desktop. And I don’t mean targets its own bundled runtime; I mean truly targets the user’s runtime environment. The time is now.
I have my doubts. If I compile something for Linux today, I don't believe the chances are great, that this binary will run on an arbitrary Linux.
If that is true, am I able to download some binaries from any distributing package repository unpack it, and run it? Can I just run an Arch-Linux KCalc and run it on an Ubuntu 20.04? Will it be able to run in 25 years?
I think this is the one thing that those package managers will be able to solve.
I understand the critics, but I do not see an alternative as of now.
In my experience they usually do work cross distribution if you build them on relatively standard and not bleeding edge system. But sure, they will probably not work 25 years from now, but that is really only a problem for software without the source available, which I consider the bigger issue.
Portage
Just in case you are not a native English speaker, the correct way to write your title is, "Flatpak and Snap are not the future"
This is because the subject of the sentence, Flatpak and Snap, is plural. I have some students who get confused with this since the subject is made of two singular nouns.
Mass containerization and alternate runtimes cannot possibly be the future of desktop apps on Linux. If this is really the direction it’s going, the future will be so shitty that we’ll all end up back on macOS or Windows.
This posts features great complaints but really shitty reasoning. Very immature perspective on things.
If you are so upset about it, name the perfect alternative, contribute to one, or go make one. This post barely approaches solutions and spends all of it's time whining about the outcome of technology choices without even touching on what they would change.
There's more precise criticism in the article. For example, that the "portals" system tries to be transparent to applications instead of exposing an explicit API. Or that maintaining multiple huge runtimes makes it likely you'll need a lot of storage just to run new apps (contrary to a system like guix/nix where only specific deps would have to be duplicated). Or that the drivers/graphics stack should be part of the OS for consistency, not be bundled with applications. Or that layering many forms of containerization is not sustainable/debuggable.
There's an entire "Is Flatpak Fixable?" section full of recommendations.