- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
MVP
It is noteworthy that builds of Chrome, VLC, Dolphin, Steam and Spotify are created by third-party enthusiasts not associated with the main projects.
What great news, that’s why there is no trust in Flathub.
Why don’t you open an feature request on their git if you have an issue with volunteer work.
It’s funny thinking this guy uses a distro package manager potentially with unofficial patches applied to the package.
I mean it is still miles ahead of snaps and the snap store
i hope it does 20 billion
lol
You see I play both sides, that way I always come out on top
As a professor I have to say… the site admin skipped the class that taught them to include always the color bar.
Funny how it isn’t popular in countries with population several times larger than the USA. I guess every outside of the US can see through the bullshit of corporate-hijacked open-source.
Could you elaborate?
Narrator: “But no, they could not elaborate.”
Please check this comment.
average lemmy.ml mf
And your point being?
China blocked Flathub
Or maybe the two countries with a larger population than the United States have significantly lower per capita income and so fewer people own desktop/laptop computers. Most of the world probably has, at most, a smartphone.
If anything, Brazil seems like the outlier on the that map. You’d expect the U.S. to have the most computers. But Brazil and China are roughly similar in terms of income.
Wrong, India and China has the highest number of engineering grads. From NSF:
India awarded 2.5 million S&E first university degrees in 2020, followed by China (2.0 million) and then by the United States (900,000).
With a younger population that is more than ever, a need for laptop would be in the highest demands. In fact, if you check the desktop market share for Linux in India, it is the highest, at around 14%.
the bullshit of corporate-hijacked open-source.
???
I’ve written about this here already.
Do you maybe mean snap?
Snaps are a default no, obviously. Most of the points by Flatkill still hold true to this day. Apart from that, I have my own set of disagreements which I’ll not be talking about - basically, stuff like reproducibility, storage space, inconsistent permissions, inconvenient configurations, outdated runtime - well, you get the point, so I’ll not be expanding on that.
My primary disillusionment towards Flatpak has to do with how people with shared backgrounds and vested corporate interests have taken over open-source - in this particular case, I am talking about Big Tech. It’s almost as if the space for a community-developed organization is hijacked by them - by them occupying core positions of the organization.
These organizations do not follow a horizontal approach to decision-making, they often come up with decisions without consulting folks that aren’t within their direct circle, and worst, when they’re held in a tight-spot, they can evade any criticism by appealing to authority - that they’re the maintainers/contributors, and they know what’s best for the project’s future.
The same is true about funding - it is always through members of the company that they’re indirectly funding these projects, that I can’t help but feel that the “community”, aka the outsiders never had the chance to be a part of the decision-making.
Flatpak may have it’s share of poor features that can be fixed - sand-boxing can be improved by using permissive containers that allow particular shell variables, installation will throw dialogue, informing the users beforehand about the permissions these apps will need, developers may be forced to use proper run-times, and perhaps, some of the runtime be eliminated to use system dependencies, thereby complying with storage compliance - I don’t know, but it could be fixed. But this invisible, unspoken flaw in the governance? No way.
You’re complaining about corporate fundings. Without them, a lot of open source tech would definitely not be as advanced as it is today. Since everything’s open source, anyone can just fork a project when some “malicious megacorp” “hijacks” the project. Funny how a similar case happened “the good way” recently with Redis/Valkey, but the other way around.
There’s always some doomers only seeing potential bad futures in awesome stuff, huh?
Oh sorry, I should’ve mentioned why I hate RedHat. Well, I used to like it. Like is an understatement, I used to love them. Because I was one of those college grads who wanted to take part in RedHat’s Tev-Aviv program for the open-source AI and software stuff. I was so thankful and enthusiastic about contributing to Linux. And even though I was not selected, I would embrace their products, and related OSS projects - I ditched Ubuntu, and stayed with Fedora for almost four years, before I had a change of heart last September.
How US Big Tech supports Israel’s AI-powered genocide and apartheid
IBM’s Role in the Holocaust – What the New Documents Reveal
Genocide profiteer IBM wins big on EU funding
A Marriage Made in Hell: An Introduction to Microsoft’s Complicity in Apartheid and Genocide
I didn’t want to go on a political rant, but here we are. The world ain’t single-dimensional, chief. It is the culmination of every factor that makes me hate Fedora, Flatpak, systemd - am I forgetting something else? I hope not. Not every opposition to corporate support of open-source is some unhinged boomer rant about the good ol’ days of X11 and POSIX-compliant shell - well, I’m a Gen-Z kid, to begin with. I couldn’t give a rat’s ass about the advancement of open-source, if the cost is supporting another corporation responsible for the Holocaust, Nakba and Apartheid. Those injustices and deaths were avoidable. As someone from a former colony, I can not, and will not tolerate enabler of these atrocities.
Well you do you. I don’t see the point in hating open source software made by them, you’re not paying them unlike with regular products and boycotting them.
It could also he that those people aren’t using computers with Linux
With the largest group of people graduating with an engineering degree, you’re telling me they don’t use Linux? Just check the stats at NSF for the number of degrees awarded in S&E.
India alone has 14% in the desktop market share for Linux. China’s market share is not easy to tell, thanks to the firewall, but 90% of government computers use Kylin and other Chinese-developed distros.
The tone here is surprisingly negative. Personally I’m happy with the efforts of the Flathub team 🤷
For me on Arch, Flatpaks are kinda useless. I can maybe see the appeal for other distros but Arch already has up-to-date versions of everything and anything that’s missing from the main repos is in the AUR.
I also don’t like how it’s a separate package manager, they take up more space, and to run things from the CLI it’s
flatpak run com.website.Something
instead of justsomething
. It’s super cumbersome compared to using normal packages.fwiw those simple names exist, you just haven’t added it to your PATH
I also prefer to get my software from the distro’s repos, but for software from third parties, flatpak adds a security layer, making it more secure when compared, for example, to aur.
Can you please elaborate on the security layer that flatpak adds? Some commentators here suggest Flathub is not secure.
Flatpak sandboxing (bubblewrap)
Agreed, flatpaks are great for desktop apps. I use Nix for the majority of my packages, but I use flatpak for proprietary for the sandboxing.
I honestly prefer Ansible. It can do lots of configuration and setup and install flatpaks.
I honestly prefer Ansible.
I use Ansible all day. For work. Oh, god, is it sad compared to everything else in the space. RedHat had the choice between two in-house products and they chose poorly.
It can do lots of configuration and [set up] and install flatpaks.
We had that 20 years ago, just with a different product. The state of the art is now two generations newer.
Well I know Ansible and it works for my needs. I briefly used Nix and it was worse. Ansible is nice because you can just install ansible and then apply a playbook.
Lemmy (and phoronix) people are generally extremely repelled by new stuff in the Linux world
Lemmy people are generally extremely repulsive.
As a newer Linux user I really like flatpaks.
I don’t use them for most things I install but proprietary apps I want sandboxed or programs that have weird issues with dependencies I grab the flatpak.
Flatpak’s usecase for me is Alpine Linux and other distributions that use musl or other libc implementations. I don’t love it, I think its cli interface and the way you add flatpak servers to be obtuse and annoying, but it is useful for getting glibc dependent software.
Another alternative is distrobox and bedrock linux.
North Korea: 316 downloads
Interesting…
In all seriousness, in both my home country and the country I live in, the number of downloads surpasses the population numbers which is kinda insane.
I think they count every download of every package, every version, every time. It’s not the number of unique users or even packages.
If you install 3 apps you might need to download 3 versions of graphics driver, 3 versions of desktop environment libraries and so on, It won’t count as one user installing 3 apps, it will show up as 10 -20 downloads. And that’s just the initial install, every time you update them it counts another 10-20.
It is per download not per person.
It could be simple download requests, rather than MAC or IP address downloads.
Crazy, how our “free world” is centralized
Flathub is not the entirety of Free World, just a little small slice of the pie. You can say Flathub is quite centralized. But our Free World have so much more. Every country will have a certain focus of what is freely available. It’s an optional server and package format. You are free to install it or use another free package. Nothing crazy here.
Touche. Centralized and un-mirrorable.
Unmirrorable? The whole thing, including the configs are open source?
Unmirrorable
Yes, unlike apt repositories, it wasn’t designed to be mirrored around, run isolated servers etc.
Flatpak was designed to be decentralised, Flathub is just the main repository offering flatpaks and yes, probably 99% of all Flatpak applications are downloaded via the main repo but it is technically possible to just launch your own if you are unhappy with the main repo. The Flatpak team literally has this info page for hosting a repository
I for example, am taking AAGL from their own flatpak repo because they are not offering their launcher via the main one (even tho they also tell you to link the main repo - I guess for dependency reasons - but theoretically you could open your own repo and throw all dependency related packages in there or am I getting something wrong here)
I agree with everything you said, however there are a few details.
it is technically possible to just launch your own [repo]
The ability to create repositories ≠ from mirror existing ones.
Unlike apt repositories Flatpak ones aren’t simply a directory tree with a bunch of files that can get mirrored using rysnc or other efficient means, it’s a clusterfuck of HTTP-only requests that need to be backed by specific metadata and there aren’t tools to manage those.
flatpak create-usb
may be promising but the name says its all - the priority wasn’t to create a way to mirror repositories but a quick and dirty hack for some situation.theoretically you could open your own repo and throw all dependency related packages in there or am I getting something wrong here
Theoretically yes, in practice things are bit more nuanced. That tools only considers your current architecture, it’s a pain to get dependencies in an automated way and most of the time you’ll end up with broken archives. You’ll also need to hack things a lot.
Ah, thx for the explanation :)
FOSS keeps winning it’s Insane!
I’m gonna be honest I’ve never had a flatpak version of something ever work properly.
There was even one popular media player that only came in flatpak form or otherwise build from source.
So obviously, for no reason at all, it barely functioned compared to other applications I had already tried.
Congrats to you people put there somehow running things like Steam with no problems lmao.
I have like 20 flatpak software products running without any problem for 2 years now.
Here only the core OS and the basic part of the DE is from the Linux repository. The rest are all flatpaks.
I’m gonna be honest I’ve never had a flatpak version of something ever work properly.
As someone once involved with OS Security, I beg you not to use FlatPaks.
Flatpak is not perfect security-wise but is a step in the right direction
Why?
You can’t just make a statement like this without giving a hint of evidence or justification
Your system might be messed up
Sorry to ask, I’m not really familiar with Linux desktop nowadays: I’ve seen Flatpak and Flathub talked about a lot lately and it seems to be kinda a controversial topic. Anyone wanna fill me in what’s all the noice about? It’s some kind of cross-distro “app store” thingy?
Was controversial when it was new and full of problems. Now it is mostly the standard for apps.
Well, just by looking at responses in this thread, the controversy most definitely still exists. Some seem to like it and others hate it fiercely.
I think the haters are louder than the people who just use it occasionally
yes it’s cross distro, it’s controversial becaune some people don’t want to install apps with their own libraries or dependecies, and some apps are not oficial so they break with the flatpak sandbox
Flatpak is the best - thats all you need to know!!!
But seriously, apart from obvious things other people have said, I would like to add that the HUGE advantage of flatpak is that each app is using its own dependencies, this way you can avoid dependency hell, which is mostly time-consuming and hard to fix.
I don’t hate flatpaks, but flatpaks require more disk space than the same apps from traditional repositories, and they only support a handful of the most common default themes. Since I only ever use older and slower computers, my disk space is limited, and I like to rice my desktop, I personally avoid them. But your use-case may differ.
Flatpak is a universal application packaging standard for Linux. It allows devs to create a single application that gets bundled with all necessary dependencies including versioning.
These apps run in their own semi-isolated “container” which makes immutable distros possible. (Distros like Fedora Silverblue that are effectively impossible to break by installing or removing critical system files.)
This means that a Linux app doesn’t have to have a .deb version, an .rpm version, or be pre-compiled for any other distros. A user can simply go to Flathub, (the main repository for Flatpak apps), download the flatpak, and install it on their distro of choice.
It’s quickly becoming the most popular way for users to install apps on Linux because it’s so easy and quick. But there are a few downsides like size on disk, first party verification, per-distro optimizations, and the centralization of application sources. That’s why some users aren’t fully endorsing or embracing how popular they are becoming.
Cool, thanks for the explanation.
a single application that gets bundled with all necessary dependencies including versioning
Does that mean that if I were to install Application A and Application B that both have dependency to package C version 1.2.3 I then would have package C (and all of its possible sub dependencies) twice on my disk? I don’t know how much external dependencies applications on Linux usually have but doesn’t that have a potential to waste huge amounts of disk space?
Essentially yes, if you start using lots if older applications or mixing applications that use many different dependency versions, you will start to use lots of extra disk space because the different apps have to use their own separate dependency trees and so forth.
This doesn’t mean it will be like 2x-3x the size as traditional packages, but from what I’ve seen, it could definitely be 10-20% larger on disk. Not a huge deal for most people, but if you have limited disk space for one reason or another, it could be a problem.
It CAN get pretty wild sometimes, though. For example, Flameshot (screenshotting utility) is only ~560KB as a system package, while its flatpak version is ~1.4GB (almost 2.5k times as big)
no, that number don’t reflect the shared runtimes and deduplication
Flameshot is 3.6MB on disk according to
flatpak info org.flameshot.Flameshot
Weird, the software manager (using LM 21.3) reports 1.1GB dl, 2.4GB installed (which is different from when i checked yesterday for some reason?).
flatpak install
reports around 2.1GB of dependencies and the package itself at just 1.3MBEDIT: nvm im stupid, the other reply explains the discrepancy
It’s not quite that simple.
Each package can choose one from a handful of runtimes to use, each of which include common dependencies (like gnome or qt libraries), and if multiple flatpaks use the same runtime, that runtime is only downloaded once.
It is less space efficient than your typical package manager, but brings other benefits like sandboxing.
Most dependencies are bundled in the “runtime” images, and it uses file deduplication to reduce the size of the dependencies, but it’s still a little more than a normal package manager.
Not necessarily. GNOME and KDE dependencies and “base system” for flatpaks to run in are flatpaks themselves so apps that depend on them will not use duplicated dependencies. Storage usage may not be as efficient as using a traditional package manager but you don’t install a new OS per app either.
on a desktop it might not be significant but I tried using flatpak apps on a device with very limited root emmc storage (16 GB) and ran out of space really fast. Its really common to see a couple multi-hundred-megabyte library downloads for each new app IME.
I like them for some stuff but there are glaring issues that I don’t like. I’ve posted about it before, poor integration of apps/not getting the right permissions is a big problem, the people packaging them don’t often do as good of a job as someone like a distro maintainer.
But admittedly my experience using it probably isn’t representative (pop os through their shop and arch on a mobile device). Neither were amazing, but not having to compile shit myself or install with an untrusted shell script was nice for some apps. Without some significant improvements it’s not a good replacement for a distro’s package repos but it might be a good way to broaden the available applications without having to maintain 10x more packages.
Flatpak as a dependency system that allows use of specially packaged library type flatpaks. This significantly reduces the needed disk space.
What about those apps using out of date libraries? Wouldn’t that become a security issue - since containers usually aren’t that secure, right? And all app developers would have to update their container libraries separately, instead of just updating the system libraries?
So if a library is out of date you can just update it. As far as containers go they are fine for security as bubblewrap is pretty solid.
As containers are isolated - it’s mostly a security issue for the container itself. It may become an issue, though, if the container is allowed to freely interact with filesystem, for example.
Apps like Flatseal allow you to easily control such variables using a GUI instead of tinkering in the terminal.
Interesting breakdown, thank you.
Do you happen to know if the containerization is similar to docker containers? Or more like android apps?
I’m not an expert, but from my understanding, more like android apps.
They aren’t totally isolated like a docker or LXC container would be, but they are generally self-contained.
The Linux Experiment has a really great vid that goes into detail on all common packaging formats in Linux including Flatpaks:
It’s more like android apps from early versions of Android before the permissions became user-managable.
It won’t prompt you to give the application access to certain permissions, all the permissions are predefined in the manifest by whoever published the application to flathub. When you run the application you just hope it won’t cause too much havoc (you can of course verify the permissions before running it, but I guarantee most people won’t)
Flatpak supports sandboxing but due to how most desktop applications want access to your home folder, network etc many apps simply disable it.
Regardless of the level of sandboxing applied to the app, Flatpak is a great way for a developer to package once run anywhere. Prior to Flatpak, if you wanted to support multiple distros, you had to build a package for each distro or hope somebody working on that distro would do it for you.
Inb4 AppImage was here first. And if you mention Snap then GTFO
Keep in mind there are certain permissions that can lead to a sandbox escape. These permissions are banned on Flathub but can still be used by flatpaks files and custom repos.
Appimage is probably the most similar to a naked .exe in Windows. They are useful for small apps or simple indie games, but I prefer Flatpaks for my everyday big applications.
Agreed, Snaps are like Flatpaks but worse because locked down back end and Canonical’s sketchy nature. Imagine a really delicious pastry that anybody can make and sell, then imagine the same pastry but only one bakery in the world can make and sell it. Which would you prefer? Lol
Most of the issue is that they’re unreliable. Sometimes the app will work. Sometimes it doesn’t. Sometimes you have to fiddle blindly with flatseal settings, which ones? Who knows? Guessing is part of the fun.
It’d be a great thing if it just worked.
In over 3 years of daily flatpak use (of multiple apps) I’ve never had a single reliability issue with flatpak, the only ones being caused by me because I was trying out settings in flatseal that the app didn’t like. On the flip side I’ve found native packages to be broken more often than not, with .Deb files sometimes just not working and throwing an error or something. Package managers are better for sure but I’ve had dependency issues that I have never experienced with flatpak.
Good for you for not having any problems mate! I’m sure this invalidates the parent poster’s problems.
I guess mileage varies here because flatpaks have always just worked for me. I only use flatseal to revoke excessive permissions.
Google is better at advertising anyways. No sane being has ever heard of flathub. Qndroid has billion downloads every week.
I imagine the largest mobile phone operating system on the planet has a few more downloads than one of the several available package managers for the comparatively very small desktop Linux audience, yeah. This is the Linux community, not the Android or Google community, so I’m not sure what you’re yapping away about or why.
edit: i wanted to know how many devices run android and according to this it’s three billion so you’re wrong anyway lmao
To everyone saying you can’t mirror a flatpak repo… you’re absolutely right. There should be a far easier way to set up your own mirror without needing to build everything from scratch. That being said, if you wanted to try to make your own repo with every one of flathub’s apps, here you go: https://github.com/flathub https://docs.flatpak.org/en/latest/hosting-a-repository.html
Honestly I would prefer to just donate
It’s not about funding. Many prefer mirrors because the main instance isn’t globally available (the GitHub issue I linked, for example, is all about people trying and failing to access flathub in China) or because they can’t for compliance reasons (many businesses already mirror stuff like epel, too, which is what throws off Rocky’s stat counters). Neither of those issues can be assessed by throwing more money at a CDN.
Well that isn’t the fault of Flathub. If a country or organization blocks it that’s a local issue. This is especially true in China where they need to control the movement of information. Blaming flathub and Flatpak for censorship is frankly unfair.
I’m not sure if anyone said it was the fault of flathub. My point is that, regardless of fault, accessibility to the main instance is an issue for several reasons, and a good way to solve it is to build a system for mirrors.
Your bypassing restrictions that could get you in trouble. Tor is the right answer in that case. However, bypassing restrictions can have dire consequences.
There are existing mirrors for Fedora and Ubuntu packages in China, which are used because mirrors in other countries are often blocked. I’m sure there are no legality issues—the issue in the case of flatpak and china in particular is that China blocks Fastly because Fastly does not host any POPs in China. This is why Cloudflare, for example, has their own network in China that international users can pay to use. There’s no legal issues here, just logistical. Besides, as previously shown, people do (with great difficulty) managed to bring up their own flatpak mirror without any consequences for a few years now.
Besides, there shouldn’t be legality issues for businesses wanting to host their own mirrors for compliance issues.
Oh no, this is Flatpaks’ fault because they made this twisted repository system instead of doing sane things and then it is Flathub’s fault as well because they aren’t opening their storage to rsync or other sane syncing methods.
Twisted repo system
Oh no, the evil repos
Even Microsoft’s Winget repository is easier to deal with than Flathub.
Yeah no, it isn’t. I know that from experience. It constantly goes down and is controlled by Microsoft so it favors there way of thinking.