this post was submitted on 20 Sep 2024

351 points (90.9% liked)

linuxmemes

21160 readers

1532 users here now

Hint: :q!

Sister communities:

LemmyMemes: Memes
LemmyShitpost: Anything and everything goes.
RISA: Star Trek memes and shitposts

Community rules (click to expand)

1. Follow the site-wide rules

Instance-wide TOS: https://legal.lemmy.world/tos/
Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html

2. Be civil

Understand the difference between a joke and an insult.

Do not harrass or attack members of the community for any reason.

Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.

Bigotry will not be tolerated.

These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.

3. Post Linux-related content

Including Unix and BSD.

Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.

No porn. Even if you watch it on a Linux machine.

4. No recent reposts

Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

Please report posts and comments that break these rules!

founded 1 year ago

MODERATORS

[email protected]

351

Snap bad (midwest.social)

submitted 1 month ago by [email protected] to c/[email protected]

80 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 114 points 1 month ago (5 children)

I think most snap haters mostly hate, that Canonical forces snap upon them, an wouldn't hate so much about it if they had the choice.

[–] [email protected] 83 points 1 month ago

Yeah, who'd hate using a package manager that increasingly slows down your boot time with every package installed, or that uses a closed source store to provide you FOSS

Maybe there's a reason canonical has to force it on their users

[–] [email protected] 74 points 1 month ago (1 children)

I also hate that it creates a loopback device for every installed snap

[–] [email protected] 48 points 1 month ago

There's a lot I dislike about snap. This is the thing I hate.

[–] [email protected] 21 points 1 month ago

Yeah typing "apt install firefox" and getting the Snap version does loudly and obnoxiously disqualify Ubuntu from any devices owned by me or my family.

[–] [email protected] 9 points 1 month ago

Thanks to snap I switched to arch. It gave a linux beginner so much drive to learn the terminal and install a harder os lol. The firefox snap was the worst shit.

[+] [email protected] -16 points 1 month ago* (last edited 1 month ago) (4 children)

Isn't that kinda the same with, for example, Fedora and Flatpaks? Or Debian and debs? Or Ubuntu and debs? Or Fedora and rpms?

The packaging system that your distro provides gets you the packages you get. For a small number of packages that were a maintenance nightmare, Ubuntu provides a transitional debs to move people over to the snaps (e.g. Firefox, Thunderbird), but if you want to get it from another repo, you can do exactly what KDE Neon does by setting your preferences.

[–] [email protected] 60 points 1 month ago (1 children)

No, Debian doesn't take your apt install ... command and install a snap behind your back...

[+] [email protected] -21 points 1 month ago (1 children)

I don't understand how a transitional package that installs the snap (which is documented in the package description) is any different from a transitional package that replaces, say, ffmpeg with libav.

$ apt show firefox
Package: firefox
Version: 1:1snap1-0ubuntu5
Priority: optional
Section: web
Origin: Ubuntu
Maintainer: Ubuntu Mozilla Team <[email protected]>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 124 kB
Provides: gnome-www-browser, iceweasel, www-browser, x-www-browser
Pre-Depends: debconf, snapd (>= 2.54)
Depends: debconf (>= 0.5) | debconf-2.0
Breaks: firefox-dbg (<< 1:1snap1), firefox-dev (<< 1:1snap1), firefox-geckodriver (<< 1:1snap1), firefox-mozsymbols (<< 1:1snap1)
Replaces: firefox-dbg (<< 1:1snap1), firefox-dev (<< 1:1snap1), firefox-geckodriver (<< 1:1snap1), firefox-mozsymbols (<< 1:1snap1)
Task: ubuntu-desktop-minimal, ubuntu-desktop, kubuntu-desktop, kubuntu-full, xubuntu-desktop, lubuntu-desktop, ubuntustudio-desktop, ubuntukylin-desktop, ubuntukylin-desktop, ubuntukylin-desktop-minimal, ubuntu-mate-core, ubuntu-mate-desktop, ubuntu-budgie-desktop-minimal, ubuntu-budgie-desktop, ubuntu-budgie-desktop-raspi, ubuntu-unity-live, edubuntu-desktop-gnome-minimal, edubuntu-desktop-gnome, edubuntu-desktop-gnome-raspi, ubuntucinnamon-desktop-minimal, ubuntucinnamon-desktop
Download-Size: 77.3 kB
APT-Manual-Installed: no
APT-Sources: http://us.archive.ubuntu.com/ubuntu noble/main amd64 Packages
Description: Transitional package - firefox -> firefox snap
 This is a transitional dummy package. It can safely be removed.
 .
 firefox is now replaced by the firefox snap.

[–] [email protected] 9 points 1 month ago (2 children)

Well, that's your problem for not understanding the massive difference, not mine.

[–] [email protected] 13 points 1 month ago (1 children)

If you don't want to explain, you're perfectly welcome to not explain. But saying what amounts to "if you don't know I'm not telling you", especially when you weren't specifically asked, is a pretty unkind addition to the conversation.

[–] [email protected] 19 points 1 month ago (2 children)

One selects a different package, same source repo.

The other completely changes the installation, invisibly to the user, potentially introducing vulnerabilities.

Such as what they did with Docker, which I found less than hilarious when I had to clean up after someone entirely because of this idiocy.

The differences seem quite clear.

[–] [email protected] 0 points 1 month ago (1 children)

In both cases, the packages are owned by the same people? (Fun fact: mozilla actually owns both the Firefox snap and the firefox package in the Ubuntu repos.) I'm non sure how that "potentially introduces vulnerabilities" any more than "having a package which has dependencies" does.

I'm not sure what you're referring to with Docker. Canonical provides both the docker.io package in apt and the docker snap. Personally I use the snap on my machine because I need to be able to easily switch versions for my development work.

[–] [email protected] 5 points 1 month ago (1 children)

Because the separate installation means you can actually end up with both an apt installed and a snap installed.

My comment about docker was a specific example of such a case, where vulnerabilities were introduced. It was actually a commonly used attack a few years ago to burn up other CPU and GPU to generate crypto.

Yes, canonical provides both. Guess what? They screwed up, and introduced several vulnerabilities, and you ended up with both a snap and apt installed docker.

The fact that they are both packaged by Canonical is both irrelevant and a perfect example of the problem.

[–] [email protected] -1 points 1 month ago

Because the separate installation means you can actually end up with both an apt installed and a snap installed.

This is something that can happen any time you have multiple package managers or even multiple repositories in the same package manager. Google's official Chrome apt repo has debs for google-chrome-stable, google-chrome-beta and google-chrome-unstable, quite intentionally.

My comment about docker was a specific example of such a case, where vulnerabilities were introduced. It was actually a commonly used attack a few years ago to burn up other CPU and GPU to generate crypto

Can you provide a link to a source about that? I can't find anything about it.

and you ended up with both a snap and apt installed docker

If you installed both the docker.io package from apt and the docker snap, yes you wound up with both. Just as if you install both google-chrome-stable and chromium you'll end up with two packages of (almost) the same browser.

The fact that they are both packaged by Canonical is both irrelevant and a perfect example of the problem.

Then I'm gonna ask that you elaborate what specific problem you're trying to explain here, because these seem pretty contradictory.

[–] [email protected] 1 points 1 month ago

you are the reason people hate Linux users, so high and mighty.

[–] [email protected] 36 points 1 month ago (2 children)

the thing people dislike about that is that you're silently moved from an open system to a closed-source one.

Debian's .deb hosting is completely open and you can host your own repository from which anyone can pull packages just by adding it to the apt config. fedora, suse, arch, same thing.

only Canonical can host snaps, and they're not telling people how the hosting works. KDE seems to upload their packages to the snap store for Neon, judging from their page.

also, crucially, canonical are not the ones doing the maintenance for those apt packages. the debian team does that.

[–] [email protected] 13 points 1 month ago* (last edited 1 month ago)

the thing people dislike about that is that you're silently moved from an open system to a closed-source one.

Yeah. I didn't realize I had fallen for it until I tried to automate a system rebuild, and discovered that a bunch of the snap back end seems to be closed and proprietary.

And a lot of it for no reason. Reasonable apt and flatpak alternates existed, but Canonical steered me to their closed repackaged versions.

[+] [email protected] -6 points 1 month ago (1 children)

While Canonical's particular snap store implementation is closed source, all of the client software as well as the store API are open, and snap isn't even tied to using snaps from their store. One could easily make a client app that treats snapd much the way apt treats dpkg. (In fact given apt-rpm I think it would probably be feasible to quite literally use apt for that.)

KDE seems to upload their packages to the snap store for Neon, judging from their page.

KDE also maintains most of the flathub.org packages for KDE apps. Not sure what the point is here.

canonical are not the ones doing the maintenance for those apt packages. the debian team does that.

This is wrong in two ways. First, Canonical are the primary employers of a lot of Debian developers, including to do Debian maintenance or development. This includes at least one of the primary developers of apt. Canonical also upstreams a lot of their work to Debian. Second, of the three (!) whole packages that Canonical decided to make transitional packages to the snap, none were coming from upstream Debian. Firefox was being packaged by Mozilla (and Mozilla were the ones who decided to move it to the snap), Thunderbird's package had been something Canonical was packaging themselves due to the Debian/Mozilla trademark dispute that they never moved back to syncing from Debian due to technical issues with the port, and Chromium was, at least at the time, remaining frozen at old versions in a way that was unacceptable to Ubuntu users.

[–] [email protected] 8 points 1 month ago (1 children)

Good info. thanks.

One could easily make a client app

sure, and convince people to switch. it's been done before of course but it's a big effort. And anyway, the main point with the closed-server issue is that it's impossible to know what the server does other than serving packages. this is true for other package repositories to a certain extent since there's no real guarantee that they run the source code they show, but there's a distributed trust network there. as for the snap store, they could be doing anything in there.

KDE also maintains most of the flathub.org packages for KDE apps.

what i was trying to get at is that they're not hosting their own thing. they do host their own flatpak repo but it seems to be only for nightlies so that point wasn't as strong as i originally thought.

Canonical are the primary employers of a lot of Debian developers, including to do Debian maintenance or development. This includes at least one of the primary developers of apt.

that does not mean that the particular developer agrees with or even approves of the snap thing. it's good to know though. i know they upstream, but that's sort of the bare minimum expected of them.

i've not really used ubuntu desktop lately, but i've been hearing more complaints from friends about it deciding to install snaps instead of debs lately. steam was a big one that a friend had trouble with, and they just installed that though apt i'm pretty sure.

[–] [email protected] 2 points 1 month ago

sure, and convince people to switch. it’s been done before of course but it’s a big effort

I agree! But this, IMO, is a better argument for how flathub.org being (theoretically) open source doesn't actually make it any better than snapcraft.io. The technical hurdle, either of writing another snap store or of setting up a flatpak host, pales in comparison to the social hurdle of getting people to switch. Which is likely why the previous open snap store implementation died. Nobody wanted to host their own and convince people to switch, because at the end of the day there wasn't any benefit.

that does not mean that the particular developer agrees with or even approves of the snap thing.

Never said it did, although in the particular case of the developer I mentioned, he's also an Ubuntu Core developer, which depends entirely on snaps. I can't imagine he'd have put himself in that position if he were particularly anti-snap

steam was a big one that a friend had trouble with, and they just installed that though apt i’m pretty sure.

Ubuntu has never had a steam package in their apt repos, and the steam-installer package still behaves the same way as ever. Personally, I do use the Steam snap and haven't had any issues with it, though I do know that others have.

[–] [email protected] 24 points 1 month ago

Fedora with Flatpaks is open and up front about whether you're getting a Flatpak or a system installed package, and lets you choose if both are available. And installing through dnf/yum isn't going to do anything at all with Flatpak.

And what about Debian with debs? That's literally what apt was designed to work with. If it gave you Flatpaks, or the flatpak command installed debs, that would be more like what Ubuntu is doing.

The fact that Canonical shoehorned snaps into apt is the problem. I've heard bad things about snap, but I wouldn't know because I've never used it, and I never will because of this.

When I tell my computer to do one thing and it does something completely different without my consent, that is a problem, and is why I left Windows. I don't need that in Linux too, and Canonical has proven they can't be trusted not to do that.

[–] [email protected] -1 points 1 month ago

There are big differences between Snaps and Flatpaks.

both the flatpak server and the client are open source
flatpak does not publish 3rd party apps, promoting them as verified (https://news.itsfoss.com/valve-steam-snap-ubuntu/)