Quoting: Linux_RocksYay, more royal incest and intrigue! XD

Ha, it used to be tradition to keep a bloodline more pure to marry a half-sister. It was always gross to go full sister apparently. But if the Sister shared a father but a different mother? (I think? I don't know, it's too confusing, so just stay away from anyone that is up to and including cousins. :P )

View this comment - View article - View full comments

Ha, now if only my VR treadmill would work for this game, that would be some good exercise.

View this comment - View article - View full comments

Quoting: whizse

Quoting: slaapliedjeOn the bright side of that, this would be ran via Wine, which itself is sort of sanboxed in ways where you'd still have a separate folder structure that particular install is only aware of. So the most that would be trashed is the install directory of that particular game.

I think Proton still maps Z: to / for game prefixes. I would assume Windows malware would happily make a target of that.

Yeah, what I was saying is it doesn't 'have to'. It's definitely something you can turn off in wine. Might be worthwhile to see if it does and request that it stop.

View this comment - View article - View full comments

Quoting: MayeulC

Quoting: Kimyrielle

Quoting: TiZNot even one? I have an easy one. First, Steam is proprietary. Valve does do a lot of great FOSS work, and they are generally trustworthy, but Steam itself is still proprietary at the end of the day. And it has made catastrophic mistakes before. Containerizing it limits the scope of the damage it can possibly do.

That's not it, either. I have about... 800+ additional reasons, at least in my Steam library. A whole litany of proprietary, closed-source games. Only a fraction of them are native, and would have hypothetically unfettered access to the whole filesystem when unsandboxed, but that's enough to prefer to be safe rather than sorry. Steam does have its own container runtimes, Soldier and Sniper, but most native binaries don't use them. Proton is their main consumer, actually.

I love open source software as much as anyone, but let's be real here. There are plenty of super serious bugs in OSS applications, too. Saying that anything proprietary is untrustworthy by design is a bit over the top. With your logic, you'd need to containerize EVERYTHING, and the result of this would be a a fairly unproductive and ineffective system. I get containerization for high-risk applications (yes, like the internet browser), but locking software from trustworthy vendors inside a container is a bit much on the paranoid side.

I didn't read the whole comment thread, but let me give you a more specific example: try to play an online match of Unreal Tournament 1999 (on Steam). It will download a few DLLs from the server when connecting, then happily execute whatever code is inside. Remote code execution by design! Great for server-provided mods, isn't it?

As someone wrote above, games are usually not written with security in mind, especially decade-old games. They often connect to the network, and are quite often never updated past release, except maybe to fix game breaking compatibility issues. I believe even Steam is looking into containerizing games (possibly with thermal Linux runtime?), even on Windows.

On the bright side of that, this would be ran via Wine, which itself is sort of sanboxed in ways where you'd still have a separate folder structure that particular install is only aware of. So the most that would be trashed is the install directory of that particular game.

Could the sandboxing of that be better? Certainly. But can you make it so the rest of your filesystem is invisible to it? Pretty sure you can.

View this comment - View article - View full comments

Quoting: LoudTechie

Quoting: slaapliedje

Quoting: LoudTechie

Quoting: slaapliedje

Quoting: LoudTechie

Quoting: hardpenguinI went from a flatpak vocal sceptic to a regular user and supporter. I like having that much non-free modern software at hand. Can't find where I can support flathub monetarily though. The repo maintainers deserve our full support.

While I don't agree with you about parties spreading non-free software in desktop GNU/Linux deserving full support, here's the donation link of flathub https://flathub.org/donate for those who agree with you.

Unfortunately there will always be non-free software. While the ultimate idea of RMS was that even games would be open source, and in essence you'd just pay for the graphics / sounds assets is great, only a few projects have made that a reality (like OpenMW, the Doom engines, etc.)
I think of Flathub more of a solution for the various package formats. But as I said earlier, flatpaks aren't always made by the upstream project (like Firefox is, but Discord is not) and using some of these can be bad, as people can modify things to put up there.

This is also why the various GUIs for flatpak have warnings on the page.

True there will always be proprietary software, but
A. That doesn't mean I'm a fan of actively paying for distributing it. If proprietary is so profitable as is often claimed those writing it can pay someone to distribute it from their profits.
B. That doesn't mean it has to come this close to home as to be spread through the software stores in desktop Linux systems.

I don't think flatpack will serve as a fix for package standard proliferation. I think it will just add another package format.(xkcd 927)
My experience with standardization is as such. Only large parties can instantiate a standard. Large consumers tend to prefer open standards, large sellers tend to prefer proprietary standards.
That having said I think flatpack will bring something good.
I expect that much like SElinux it will strengthen the GNU/Linux reputation of being really secure and that this time the security will be useful for more parties than large organizations with a clear hierarchy and taking software freedoms.

The key take away here is that flatpak is an OPEN standard, vs Snap, which only Ubuntu can run a 'store'. There is definitely a time and place for 'paid' apps, like say Steam has for Games. Though in all honesty, there are so many open source programs out there that would be perfectly fine to replace proprietary stuff (like office suites, for example).

Oh, I agree with the the statement that it will snap snap.
I just don't think it will(or should) make a dent in package proliferation, because it won't do anything to .deb, .rpf, appimage, etc.
Also we're having a miscommunication and that is my fault.
I use the term free, but I didn't mean free as in 0 cost, but free as in freedom(basically open source).
Inkscape has long been unknown to many Linux users paid software, just also open source. If you wanted to obtain it from the Microsoft store you had to pay a small fee to a central party defending the goals of the developers(including paying them directly, but not only that) the SFC.
Paid software has its place inside the ecosystem and I have nothing against distributing and helping paid software.
I argued that helping distribute non-open source software was something I can't actively

I kind of look at the potential of having 'pay for' software in Flathub to be somewhat of a benefit, because then there could be a percentage of the purchase of software to fund improvements to other open source software.

Imagine if Flathub did a 'OSS Software of the Month' selection, that was voted on each month for the next month (so a poll would run through January for February's software) and during that month, proceeds from any 'pay for' software percentage would go to the developers of that piece of software. Even if they did a percentage of a percentage (like say they take 30% of Photoshop profits, then take 25% of that for the Software of the Month and then 5% goes to the development / services for Flathub). Would be a great way to turn funds from proprietary software into funds for open source software!

View this comment - View article - View full comments

Quoting: LoudTechie

Quoting: slaapliedje

Quoting: LoudTechie

Quoting: hardpenguinI went from a flatpak vocal sceptic to a regular user and supporter. I like having that much non-free modern software at hand. Can't find where I can support flathub monetarily though. The repo maintainers deserve our full support.

While I don't agree with you about parties spreading non-free software in desktop GNU/Linux deserving full support, here's the donation link of flathub https://flathub.org/donate for those who agree with you.

Unfortunately there will always be non-free software. While the ultimate idea of RMS was that even games would be open source, and in essence you'd just pay for the graphics / sounds assets is great, only a few projects have made that a reality (like OpenMW, the Doom engines, etc.)
I think of Flathub more of a solution for the various package formats. But as I said earlier, flatpaks aren't always made by the upstream project (like Firefox is, but Discord is not) and using some of these can be bad, as people can modify things to put up there.

This is also why the various GUIs for flatpak have warnings on the page.

True there will always be proprietary software, but
A. That doesn't mean I'm a fan of actively paying for distributing it. If proprietary is so profitable as is often claimed those writing it can pay someone to distribute it from their profits.
B. That doesn't mean it has to come this close to home as to be spread through the software stores in desktop Linux systems.

I don't think flatpack will serve as a fix for package standard proliferation. I think it will just add another package format.(xkcd 927)
My experience with standardization is as such. Only large parties can instantiate a standard. Large consumers tend to prefer open standards, large sellers tend to prefer proprietary standards.
That having said I think flatpack will bring something good.
I expect that much like SElinux it will strengthen the GNU/Linux reputation of being really secure and that this time the security will be useful for more parties than large organizations with a clear hierarchy and taking software freedoms.

The key take away here is that flatpak is an OPEN standard, vs Snap, which only Ubuntu can run a 'store'. There is definitely a time and place for 'paid' apps, like say Steam has for Games. Though in all honesty, there are so many open source programs out there that would be perfectly fine to replace proprietary stuff (like office suites, for example).

View this comment - View article - View full comments

Quoting: redneckdrowThe recent Tales & Tactics malicious update in Steam, thanks to their discord being compromised, is a good reason why updates should be checked before install. Admittedly, the devs fixed that pretty quickly, before the Winter update. Thank God I checked the forum when I couldn't find release notes at the time.

Huh, what happened with this? How does getting their discord compromised lead to a malicious update on Steam?

View this comment - View article - View full comments

Quoting: LoudTechie

Quoting: hardpenguinI went from a flatpak vocal sceptic to a regular user and supporter. I like having that much non-free modern software at hand. Can't find where I can support flathub monetarily though. The repo maintainers deserve our full support.

While I don't agree with you about parties spreading non-free software in desktop GNU/Linux deserving full support, here's the donation link of flathub https://flathub.org/donate for those who agree with you.

Unfortunately there will always be non-free software. While the ultimate idea of RMS was that even games would be open source, and in essence you'd just pay for the graphics / sounds assets is great, only a few projects have made that a reality (like OpenMW, the Doom engines, etc.)
I think of Flathub more of a solution for the various package formats. But as I said earlier, flatpaks aren't always made by the upstream project (like Firefox is, but Discord is not) and using some of these can be bad, as people can modify things to put up there.

This is also why the various GUIs for flatpak have warnings on the page.

View this comment - View article - View full comments

Quoting: Purple Library Guy

Quoting: ElectricPrism

QuoteFlathub has served just about 1.6 billion downloads, has over 2,400 apps

Very impressive, congratulations to @all. The quality of FOSS on the store is great, and while predicting the future is hard -- I am modestly optimistic about their efforts to make a commercial area of the store someday.

I've long thought that one of the most potentially important things about Flatpaks is about closed, mostly non-game software. That stuff can't be packaged by your distro, so the ability for vendors to build their stuff in a fairly easy, pretty solid, distro-agnostic way could go a long way towards reducing complaints about Linux fragmentation.

It is this! Flatpak shouldn't be used to replace the distributuion software. The reason why is that it is tightly integrated and you will have security updates and bug reports you can send to your distro. The vast majority if Flatpaks are not officially packaged by the upstream project, and cannot be easily verified they haven't been messed with.

View this comment - View article - View full comments

Quoting: Fester_MuddValve could start collaborating with Canonical for the snap package. Also with who creates the flatpak mutually. These packaging formats are the present and future of Linux app packaging.

AppImage is just not it: they don't integrate with the system, don't have an automatic update by default and they need to be made executable manually (this is already too much for normal users).

This is not that much of a Canonical or a Ubuntu issue though as this same could happen easily with flatpak.

Flatpak cannot handle CLI and server side stuff for the record but snaps can. That said we have managed to narrow the packaging methods kinda to only 2. Snap and flatpak it is. Kind of like MSI and EXE in Windows world, i suppose.

Ultimately I think the best way to go about all of it is to have a mix. It is much more difficult for a distribution (and in this case most are community supported) to have 'official' repositories for the vast majority of software that can be the supported side, and then you have software that needs to be newer, installed via methods like Flatpak. Perfect example of this is Debian. They do not package normal Firefox for their Stable releases. Instead they have Firefox-ESR. If you want current Firefox, use their official flatpak.

Steam doesn't make much sense to do that, as the steam installer script installs it in the correct places, then sets up all the things in your home directory, and self-updates the bits there.

View this comment - View article - View full comments