this post was submitted on 20 Mar 2024
302 points (98.4% liked)

linuxmemes

21389 readers
1310 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
  •  

    Please report posts and comments that break these rules!


    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't fork-bomb your computer.

    founded 1 year ago
    MODERATORS
    302
    submitted 8 months ago* (last edited 8 months ago) by [email protected] to c/linuxmemes
    top 25 comments
    sorted by: hot top controversial new old
    [–] echo64 38 points 8 months ago* (last edited 8 months ago) (5 children)

    I know we all like to hate on canonical for literally any reason, but this happens with every single software repository that is not a closed garden and some that are.

    And yeah, it's sandboxed, so the damage is far, far less than it could be.

    [–] RegalPotoo 60 points 8 months ago (1 children)

    Given that the snap store is a closed source proprietary component, I'd argue that snaps are a walled garden

    [–] [email protected] 22 points 8 months ago

    That was supposed to be their one thing.

    [–] [email protected] 54 points 8 months ago (1 children)

    Sandboxing does nothing for social-engineering attacks, which is what many of the malicious snaps were designed for.

    And the thing that makes the Snap Store uniquely bad is that there's no human review. Anyone can throw up a malicious snap, and there are very good odds that it'll get served there. Even the Flathub, a community-run project, has human reviews before new apps get published. Canonical, despite having money and resources that community projects don't, can't seem to be bothered to take basic steps to protect their users.

    [–] kautau 23 points 8 months ago* (last edited 8 months ago)

    Yeah, what’s important to note is snap just requires a web based submission process.

    https://snapcraft.io/docs/using-the-snap-store

    Flathub requires a PR in GitHub, visible to the community. Spammers know they will get caught opening PRs

    https://docs.flathub.org/docs/for-app-authors/submission/

    [–] [email protected] 25 points 8 months ago

    Canonical is a profitable corporation trying to convince people to use their actual closed garden software repository but they can't even be bothered to do even the most basic of sanity checks to prevent obvious scams from appearing on their store. Stop making excuses for them.

    [–] [email protected] 15 points 8 months ago

    I think the main issue here is they are telling users the software is safe without any due diligence.

    [–] [email protected] 4 points 8 months ago

    Closed garden has the same problem too, it's not immune

    [–] [email protected] 14 points 8 months ago (2 children)
    [–] [email protected] 15 points 8 months ago (1 children)
    [–] [email protected] 24 points 8 months ago (1 children)

    yeah she uses it for her flat feet

    [–] CodeHead 10 points 8 months ago (1 children)
    [–] [email protected] 2 points 8 months ago

    Hi there! Looks like you linked to a Lemmy community using a URL instead of its name, which doesn't work well for people on different instances. Try fixing it like this: [email protected]

    [–] ikidd 3 points 8 months ago

    I hear she goes.

    [–] [email protected] 13 points 8 months ago

    "Sandboxed"

    [–] CatTrickery 10 points 8 months ago

    has it happened again? lol

    [–] [email protected] 7 points 8 months ago
    [–] RickRussell_CA 7 points 8 months ago (2 children)
    [–] [email protected] 9 points 8 months ago (1 children)

    Canonical (Ubuntu)'s attempt at a software package format. Basically Flatpak but worse.

    [–] RickRussell_CA 2 points 8 months ago (1 children)

    I've been using Ubuntu for years and I literally had no idea. Admittedly, I don't deal with servers or anything, so I guess some of the stuff coming from their package respositories could be "snap" format and I wouldn't really notice.

    [–] [email protected] 4 points 8 months ago

    Actually yes, this is exactly the case. And they've done it in a really shady way if you ask me (or Clem, the main guy over at Linux Mint).

    I've been using Fedora on a little tablet I've got, and it uses either .rpm packages or flatpaks. The GUI package manager lets you select which repository it pulls from (either .rpm, or Flapaks can come from Flathub or their own repo, and clearly displays this). If invoked from the terminal, the DNF package manager gets you .rpms, and Flatpak gets you, well, flatpaks.

    Ubuntu uses the APT package manager with .deb packages, and Snap with snap packages. But sometimes if you do an apt-get install, it installs a snap instead. That's some Microsoft level bullshit.

    [–] [email protected] 7 points 8 months ago (1 children)

    Snaps are containerised software packages.

    They include all of the dependencies for the software to work.

    In my case, I use them when what I'm looking for is not available via apt but it is via snap.

    [–] [email protected] 3 points 8 months ago (1 children)

    Not all. There are common dependency snaps like several different simultaneous gnome versions.

    [–] [email protected] 3 points 8 months ago (1 children)

    True, but they're installed automatically.

    [–] [email protected] 8 points 8 months ago

    That sounds like packages but worse.