Spectacle8011

joined 1 year ago
[–] [email protected] 1 points 4 months ago* (last edited 4 months ago) (5 children)

Looks like we frequent the same circles, then.

I thought a lot about tech resiliance in the last days, I am from germany and the people here are stupid. They literally elect people that will make a neofascist surveillance hell reality.

But hey, Germany was responsible for the Sovereign Tech Fund, which has made a big difference for GNOME and accessibility with the Newton stack. So it's not all bad. Not that I live there.

But relying on Github is insane, it is owned by Microsoft and they dont give a damn about freedom. It is pretty scary, 90% of my Android apps are also on Github.

That's the main reason I don't use uBlue. The idea of booting my entire operating system from a container created on Github's infrastructure is just...it scares me. Even though much of the free software I rely on is hosted on Github. And yes, most of my Android apps are also from Github.

I want to build my own variant, KDE and minimal only, maybe GNOME if contributors join. But no more, all the freedom is great but it is huge maintenance.

That's a nice idea. I wonder if Sourcehut does container registries...I know people praise their CI.

I wonder how Tor, Tails and others handle their code stuff.

I know Tor uses Gitlab. Seirdy has an article series on "Resilient Git".

I thought Ciscos trick could fix that? They are a huge company, pay the max amount of money already and can just share the software with their license to anyone.

Yes, however it only covers their implementation (which is lacking) and it only covers binaries they create.

Well… rpmfusion could do that? And act like a “3rd party auditor” ?

I'm thinking about Fedora including the build in their own repositories. It would be really nice if H.264 decoding was just default and you didn't need to do anything.

doesn’t have support for High 10 Profile video which is fairly common off the web

Interestesting, never heard that.

See the following thread for all of the research I did: https://discussion.fedoraproject.org/t/h-264-support-in-fedora-workstation-by-default/114521

Michael Cantazaro had a really helpful and enlightening response: https://discussion.fedoraproject.org/t/h-264-support-in-fedora-workstation-by-default/114521/5

I use Celluloid Flatpak which is pretty great

So do I. But keep in mind there are two Celluloid Flatpaks you can install; one is from Fedora Flatpaks which disables H.264/H.265/VC-1 decoding and the other is from Flathub with all features enabled.

GNOME Software tends to select Fedora Flatpaks first. So users can end up really confused; see: https://github.com/flathub/io.github.celluloid_player.Celluloid/issues/140

Nautilus supports that via a Flatpak right? Thats cool.

File previews are supported via the Sushi extension, which is available as a Flatpak. Obviously, it doesn't work on H.264/H.265/VC-1 media because it's a Fedora Flatpak.

I really need ffmpeg because it's a crucial part of my workflow because I convert so much media. But that's fine; I just use it in a Toolbox.

But Nautilus works really well as a Flatpak. It even seems faster than non-Flatpak Nautilus and I have no idea why.

True, Flatpak is cool. Dolphin is also available as one, I need to test if it works with Flatpak ark and all that, udisks2, mounting stuff, MTP, maybe SMB.

KDE made a big push to make all of their programs available as Flatpaks. And Snaps. Which I think is great. But you end up in a weird situation where the Krita Flatpak is not officially supported by Krita because no one at Krita works on maintaining the Flatpak. Rather, they support only AppImage officially, probably because it's easier to maintain their insane patchset than with Flatpak. Not having any experience with distribution systems aside from Flatpak, I really don't know what niceties Snap or AppImage provides.

Interesting, why? I need to try it again.

Nothing much has changed since last you commented on that Toolbox thread I was reading :)

I think Toolbox is the right way to solve the problem. It's using a real programming language (Go) instead of bash, it supports a small set of important container images, and those container images are only provided from quay.io, Red Hat's own infrastructure, instead of Docker Hub.

But it lacks some features intentionally (and some just because they haven't gotten around to it). Like distrobox export. Annoying to manually patch in but not hard. I use Toolbox for Signal and Steam because I don't want to use Unverified Flatpaks.

Do you know btw how to upgrade a F39 distrobox to F40? Distrobox has some “assemble” function to rebuild it with a config file. But traditional dnf system-upgrade doesnt work.

I don't think upgrading Distroboxes or Toolboxes is supported. They're meant to be destroyed and re-created. Really inconvenient, but I guess the proper way of maintaining toolboxes/distroboxes is through Containerfiles.

So I don't use Fedora containers. Or Ubuntu containers. Or Debian containers.

I use Arch because it's a rolling release and you just keep updating it. No upgrade problems so far...aside from all the errors I ignore (everything seems to work fine). Also, I really like the Arch userland and it has Signal Desktop in the official repositories.

It really makes me feel at home on Fedora.

It’s probably the same reason you use KDE and I use GNOME (most of the time).

Why? Curious.

I think GNOME provides a more coherent and consistent experience for users. I'm okay with not having features like a system tray, desktop icons, or window buttons I never use. I really love GNOME. It's changed the way I use computers and has made everything aside from KDE feel like a completely inferior experience in comparison.

But I use KDE for my multi-monitor system because frankly, GNOME is an awful experience if you have more than one monitor with different resolutions. KDE kind of sucks too, but it's not completely broken. KDE is practical by solving problems we have now, like letting XWayland applications scale themselves. Because even if it's a total hack that works inconsistently, it works very well for most of the software I use. I find parts of KDE overwhelming (especially the System Settings) but hey, it works.

I like both KDE and GNOME and think each has their own strengths. It's nice to see KDE adopt one of GNOME's killer features (partially), the Overview. It'd be nice to see GNOME adopt a KDE feature like CTRL+META+ESC so I can kill windows graphically even on Wayland.

But god GNOME is annoying when it comes to protocol standardization. At least they're finally implementing DRM Leasing for VR users (not me).

Huh. I thought I was supposed to be sticking up for GNOME. Alright, I use GNOME everywhere else and it's still my favorite desktop by far. They focus on a great experience with what works great now. There are very few hacks in GNOME land. I just think they need to catch up to KDE with Wayland and other areas like the multi-monitor stuff.

[–] [email protected] 1 points 4 months ago

I heard of that one a while back. Not being someone who enjoys music often or has very demanding needs, I just use Amberol. But fooyin might be nice to look into for my KDE desktop.

[–] [email protected] 1 points 4 months ago (7 children)

I maintain a list of recommended Flatpak apps.

I'm very familiar with you, haha. You keep popping up wherever I go these days. You're everywhere. Maybe not quite as omnipresent as Neal Gompa.

I can think of a few Flatpaks that could fit on that list.

They dont include that? I thought they would…

It's the same old story with codecs. Fedora would love to support as many codecs as possible, but H.264 is patent-encumbered so they can't. They had hardware decoding support through Mesa a few years ago but then they...changed it.

Fedora Atomic wants to include the OpenH264 enablement package for Firefox inside the Fedora Flatpak eventually which will solve most of the problem as that is where people are playing H.264 most often.

So this is an issue with reproducability? I dont think so? Cisco builds the binaries for Fedora and it gets installed. The packages are not from their repos, but the typical sync issues would not occur on Atomic.

My understanding is OpenH264 is provided in binary-only format to Fedora because otherwise the royalty-free license cannot apply (i.e. Fedora can't build it from source). Fedora only ships free software. OpenH264 is free software. But it's binary-only. So they need to trust Cisco has built the binary correctly. I assume the reason they don't include it by default is because the only way to trust it's built from the same sources is to reproduce the build. Otherwise, I really don't see the issue.

OpenH264 is not a part of the base system so you need to layer it on. OpenH264 doesn't have support for High 10 Profile video which is fairly common off the web and is generally inferior to x264, I've found, but at least it's something.

And the reason I mention "5 years" is because by then, most of the patents on H.264 will have expired. With the exception of the new ones from just a few years ago that no one really uses. Maybe Fedora can enable x264 in their ffmpeg build then and we can stop talking about it. I am so sick of talking about H.264.

I use Fedora kinoite-main from uBlue which is very close to upstream but fixes many issues for me.

Call it a personal challenge or whatever but I'm sticking to Fedora Silverblue for the foreseeable future. uBlue is almost certainly a better experience for most people.

Yeah for sure, I think for Intel and AMD too, hardware h264 for example.

That's not true if you're using Flathub packages. Flathub ships userspace Mesa drivers which enable hardware decoding for Intel and AMD GPUs even with H.264 and H.265.

but their base images have a ton of stuff I dont agree with (toolbox, missing random packages, too simplistic installer…)

uBlue does solve the two big issues with Fedora, which is codecs and proprietary NVIDIA drivers. Any other issues are tiny in comparison. I will say I prefer Toolbox to Distrobox, despite using Distrobox first. I certainly understand that's an unpopular opinion and not one a lot of people share. It's probably the same reason you use KDE and I use GNOME (most of the time).

I've always hated the Fedora installer. Does uBlue do something different?

[–] [email protected] 6 points 4 months ago* (last edited 4 months ago) (4 children)

Hot take: If you claim to be against all the big tech abuses and value software and computing freedom, but a handful of PC games is enough to stop you from leaving an abusive proprietary OS, you weren’t very serious about it to begin with.

The guy in the video actually talked about how FL Studio isn't on Linux, and that's how he makes his living. He then goes on to say he has spent thousands of dollars on plugins and samples that only work on Windows. He then talks about how Asperite doesn't work very well on Wayland compared to Windows. The first segment was about how not all mods work on Linux. The last segment was about how Foobar2000 doesn't work on Linux and even through Wine some of the features are broken, and there's no true replacement for it but "if you're not as fussy as me, any of these native Linux software are great".

He also runs Debian 12 on his laptop part-time and seems quite knowledgeable about how Linux works, and is willing to invest the time.

He makes a point about he "wants to make things better, not sacrifice things".

[–] [email protected] 1 points 4 months ago (9 children)

It matters as the security rating is based on that, apps like KDE Systemsettings or Flatseal show that etc.

That's a good point.

Linux has a tiny marketshare people dont care about security that much permissions on Linux are more complex than on the actively restricted Android. External media, devices, filesystems etc

That's true.


I think my issue with the Flatpak sandbox is I understand how it works and what its limitations are (and I'm mostly fine with them), but the average user doesn't. I was reluctant to try Flatpak before understanding how it worked, but now that I know how it works, I think it's fantastic! But it's also a work-in-progress. What we have now is good, but I think it could be better. Not entirely sure how it gets better though.


Thats why I like Fedora Atomic. The core is as small as possible, the apps are just base stuff or upstream stuff like the Desktop. Everything else is a Flatpak.

I'm still not really sure where I stand on Fedora Atomic. Lack of H.264 decoding by default is a damaging choice. They should just include openH264 in the base image, reproducibility be damned. Give it 5 more years and maybe this will be revisited...

Nova + Zink + NVK will solve some of the problem with NVIDIA (maybe even very soon), but not hardware decoding currently, which is a big one.

Gamescope doesn't work great in a Toolbox. It works fine in Flatpak, but Bottles doesn't let me use Gamescope options. I think Lutris does, but I haven't tried it out yet.

And how am I supposed to install fonts without layering them on?? I've been copying them to ~/.local/share/fonts manually.

I think the idea is cool. But I think a few more parts of the ecosystem need to be in place first. I'll keep using it for now.

[–] [email protected] 2 points 4 months ago

It doesn't describe me either, but I had nothing meaningful to contribute to the discussion.

[–] [email protected] 3 points 4 months ago

I'm surprised there was any female participation at all.

[–] [email protected] 2 points 4 months ago (11 children)

The default is completely sandboxed. Developers need to allowlist exactly what they want. So it is transparent.

The default before the developer touches it doesn't matter; compare this to Android, iOS, or macOS's permission system. An app needs to ask for permission to use the microphone or access your files. With Flatpak, all a developer needs to do is specify --filesystem=home or --socket=pulseaudio and if the user hasn't specified global options like --nofilesystem=home, then the developer gets access to it. Having a sandbox that is optional for the developer rather goes against the point of a sandbox, don't you think?

I'm not unsympathetic to Flatpak developers, though. The status quo on Linux for decades has been, "you get access to everything." If Flatpak enforced that sandbox, more than half of the apps on Flathub right now just wouldn't work because they don't support the filesystem portal.

I think GNOME and KDE need to do the work of manually restricting Flatpak apps' access to sensitive permissions like home by default, maybe in a few years when the idea of the filesystem portal has had time to gestate among developers. Kind of like how Firefox's HTTPS-only mode (which I think should be the default) prevents you from accessing the website unless you give permission.

That's something we can work on, I think. At least we have a way to get there.

KDE Plasma now includes a GUI settings page that allows to change these.

I think GNOME needs to integrate that into their settings, I mean just include damn Flatseal as a settings page…

I recall saying the exact same thing. They have a built-in area for it in the Apps section. They'll probably get around to it eventually...

There are packagers maintaining a shitload of apps at once.

It's pretty crazy. I think this is probably the craziest example: https://old.reddit.com/r/archlinux/comments/f3wrez/much_love_to_felix_yan_an_arch_maintainer_from/

Felix Yan is awesome to be maintaining thousands of packages for Arch. But man, that's a lot of work. If we could reduce the workload of our package maintainers who rarely receive any gratitude (usually only demands) and let them focus on the really important packages, I think that would also be awesome.

[–] [email protected] 1 points 4 months ago (1 children)

What storage expense? appimage are actually the smallest thanks to their compression.

I'm saying that Flatpaks use more storage for reliability, and that AppImages are less reliable because they rely on system dependencies in some circumstances.

but usually the issue is that you are missing a lib and not that the app itself is less reliable

This is why AppImages are less reliable. Flatpaks either work for everybody, or they don't work at all. AppImages might not work if you're on a "weird distro" or forgot to install something on your system.

And the support channel of yuzu in their discord was full of people having issues with the flatpak that were magically fixed the moment they tried the appimage, due to that issue with mesa being outdated in the flatpak.

Packaging your software with Flatpak does not mean you won't have issues. But when you do have issues, you know they'll be an issue for everybody. So when you fix it, you also fix it for everybody.

For example, the RetroArch package was using an old version of the Freedesktop Platform, which comes with an old version of Mesa. When they bumped the version (just changing it from 22.08 to 23.08), the problem was fixed: https://discourse.flathub.org/t/problems-with-mesa-drivers/5574/3

[–] [email protected] 39 points 4 months ago (2 children)

Tech Enthusiasts: Everything in my house is wired to the Internet of Things! I control it all from my smartphone! My smart-house is bluetooth enabled and I can give it voice commands via alexa! I love the future!

Programmers / Engineers: The most recent piece of technology I own is a printer from 2004 and I keep a loaded gun ready to shoot it if it ever makes an unexpected noise.

[–] [email protected] 1 points 4 months ago (1 children)

This is kind of a bad comparison. Theoretically, malicious authors could sign their Flatpak packages and Flatpak could verify it with cryptography. It doesn't matter if you're downloading a "crypto-wallet" that's really just a phishing exercise.

[–] [email protected] 2 points 4 months ago (3 children)

Will still be using 4.79 GiB?

It will use more, but not exponentially more if de-duplication works as well as is claimed. The problem with AppImages is that they don't include all of the dependencies, making them less reliable. At the expense of storage space, Flatpak bundles everything for reliability.

De-duplication works better the more Flatpak applications you have installed. e.g. de-duplication saves TheEvilSkeleton over 50GB of storage space here: https://tesk.page/2023/06/04/response-to-developers-are-lazy-thus-flatpak/#but-flatpaks-are-easier-for-end-users

view more: ‹ prev next ›