this post was submitted on 13 Jan 2025
362 points (93.9% liked)
Linux
49069 readers
923 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Former OS security guy. Fuck no. Nope nope nope nope.
Yes, who would want sandboxed apps which restrict the app's access to the system. /s
I can see why it’s “former”.
I can see where you're coming from because of outdated libraries and flatpak sandboxing not really being a thing (it's an illusion, really) but you can't deny that this is the direction we're moving in, and we need to get flatpak sandboxing and permissions right, to ensure a proper base level of security.
For those unaware:
Many flatpaks use older, outdated, or end-of-life libraries
Flatpak permissions are messed up because most applications ask to bypass the sandbox at install-time
How come?
You're definitely out of date on your knowledge then. Nothing inherently insecure about any of these. Only download software you trust, just like you should be doing with any software format!
If you trust it, why not just install it like a y other app?
Oh wait, it's generally pushed for binary only blobs, no source... so why are you even trusting it?
I don't really know what you're saying. Most software is distributed as binaries, that doesn't make them inherently untrustworthy, you just need to have trust in whoever is distributing it. It's trivial to look at the build process of a flatpak and verify that it is legitimate. Just because the binary isn't being built from source by every user doesn't make it insecure.
Who is mostly pushing these containerized apps?
Proprietary software vendors.
Same for who stands the most to benefit from immutable distros. Like Android and MacOS get shipped.
Flatpak is completely open source software and any proprietary software in it has a large warning about how it's proprietary. I don't know why you think proprietary software vendors are pushing these. Ublue, NixOS, and Fedora Silverblue are all community run, not being pushed by some malicious group pushing proprietary software.
Why companies even have anything to gain from their proprietary software being in a container? All that would do is make data collection more difficult.
Why do you think all phone makers push it?
Because it improves security and privacy, something they can advertise as a feature. There's no negative for them to implement, it's their phone, they can already collect all the data they want. It still prevents other apps from accessing data they shouldn't.
Why do you think phone makers push it? What possible malicious reason do you think proprietary software makers have to push containerization and sandboxing? What do they gain?
Correct about security. Unable to inspect the code running, unable to control your own device fully, and really secure at keeping the user out of their hardware.
And for apps shipped in containers? No need to be a part of the FLOSS community, because you can easily ship software to your users that provides no freedoms.
Those things have nothing to do with containerization. They can do those things without it. Containerization exists to improve privacy and security. It can do the same thing on Linux.
Even if you trust an app, it can have vulnerabilities you are unaware of. Containerization helps limit the effects damage from a vulnerability could have. They also simplify the distribution of software, which is the primary goal of Flatpak. There are benefits for using containers for open source software, you're just refusing to acknowledge them. Nobody is forcing you to use containerization, and I don't care to convince you to. I just think acting like Flatpak and other container based package formats is some corporate conspiracy is silly. Flatpak is FOSS and mainly distributes FOSS.
There is literally no arguing with people like you, haha
So, you cannot or will not answer. Got it.
Go back and look at all the good faith replies to you, and notice that you haven't replied in kind. You seem like you have a strong and incorrect agenda to push, without being willing to take on any new information which people are providing to you.
You only harm yourself by being fixed in your mindset. There is a very strong correlation between success and people who are able to take on information and grow.