221
submitted 1 year ago by mr_MADAFAKA@lemmy.ml to c/linux@lemmy.ml
all 47 comments
sorted by: hot top controversial new old
[-] enkille@lemmy.world 98 points 1 year ago

Hopefully both of the people using snaps can recover from this.

[-] manpacket@lemmyrs.org 32 points 1 year ago

Canonical make it hard not to use snaps so only those who took extra steps are not using them.

[-] rikudou@lemmings.world 36 points 1 year ago

For a while now the best way to experience Ubuntu is by using something based on it.

[-] Contort3860@links.hackliberty.org 28 points 1 year ago

Linux Mint is amazing if you want Ubuntu with less bad choices.

[-] HERRAX@sopuli.xyz 15 points 1 year ago

Pop!_OS is another great alternative!

[-] Caravaggio@feddit.nl 5 points 1 year ago

Reminds me to donate, been a while since I last did that. Thanks.

[-] caseyweederman@lemmy.ca 15 points 1 year ago

Why downstream when you can go upstream?

[-] wiki_me@lemmy.ml 11 points 1 year ago

Sadly that is not true, see snap vs flatpak usage in debian.

Keep criticizing snap (But do it in a way that is trustworthy and valuable), if somebody wants to use snap due to some advantage that is fine but he should make an informed decision

[-] ptz@dubvee.org 73 points 1 year ago* (last edited 1 year ago)

Good thing I can just install applications from apt instead...

user@pc:~$: sudo apt install app
The following additional packages will be installed:
    snapd

....oh.

[-] Lemmchen@feddit.de 11 points 1 year ago* (last edited 1 year ago)

The reason why I'll switch to Debian soon.

[-] lord_ryvan@ttrpg.network 3 points 1 year ago

IMO Linux Mint is a great replacement, too, although it does not come with the default-Gnome desktop layout

[-] pbjamm@beehaw.org 2 points 1 year ago

I always find myself going back to Mint.

[-] lord_ryvan@ttrpg.network 2 points 1 year ago* (last edited 1 year ago)

Same, I feel at home in the Cinnamon DE and no matter how tech savvy I am, the GUI software installer is so much more convenient than using the terminal

[-] manpacket@lemmyrs.org 10 points 1 year ago

Yea, not with firefox, at least not without switching to some third party repo.

[-] MasterBlaster@lemmy.world 10 points 1 year ago

I use the ppa because the snap version does not let me use the keypass XC Plug-In or my VPN plug in.

[-] SaltySalamander@kbin.social 3 points 1 year ago
[-] cmnybo@discuss.tchncs.de 25 points 1 year ago

KeePass 2 and KeePassXC are two different programs. KeePassXC is not affected by that issue.

[-] AbidanYre@lemmy.world 1 points 1 year ago

obtain a plaintext master password from a user workspace, even if the workspace is locked.

You had one job keepass.

[-] eah@kbin.social 2 points 1 year ago* (last edited 1 year ago)

I have the issue that the snap version can't browse files whose path includes a hidden dot file/directory in my home directory. It doesn't seem there's any clean way for me say "no, I give you explicit permission to read these files." My workaround was to sudo mount --bind ~/.foo ~/bar and then browse from ~/bar instead. I'm not sure what they think they were preventing me from doing but they failed.

[-] Draconic_NEO@lemmy.dbzer0.com 6 points 1 year ago

Canonical's changes to apt could be considered malicious in and of themselves because it installs from a source you didn't request for, sure seems malicious to me.

[-] ptz@dubvee.org 5 points 1 year ago

Agreed. Switching out .deb packages in the package manager for snap stubs was a bridge too far, and I went back to Debian.

[-] duncesplayed@lemmy.one 51 points 1 year ago

This is the major reason why maintainers matter. Any method of software distribution that removes the maintainer is absolutely guaranteed to have malware. (Or if you don't consider 99% software on Google Play Store the App Store to be "malware", it's at the very least hostile to and exploitative of users). We need package maintainers.

[-] wiki_me@lemmy.ml 15 points 1 year ago

The root of the problem i think is that the store is closed source, i don't think you will find a lot of people willing to work for a closed source store for some for profit company.

[-] inspxtr@lemmy.world 32 points 1 year ago

As much as I despise snap, this instance bring some questions into how other popular cross-linux platform app stores like flathub and nix-channels/packages provide guardrails against malwares.

I’m aware flathub has a “verified” checks for packages from the same maintainers/developers, but I’m unsure about nix-channels. Even then, flathub packages are not reviewed by anyone, are they?

[-] 2xsaiko@discuss.tchncs.de 14 points 1 year ago* (last edited 1 year ago)

Nixpkgs submissions work through GitHub PRs which have to be reviewed, and packages usually build from source (or download binaries from the official site if no source is available, and verifying it against a checksum). It’s a much safer model since every user has a reproducible script to build the binary, especially if Flathub doesn’t have any reviews as you say.

[-] garam@lemmy.my.id 4 points 1 year ago

Same as flatpak, it's quite strict...

[-] spark947@lemm.ee 2 points 1 year ago

Wouldn't it go noticed quickly if a super popular flatpak distribution app is compromised? I love flatpacks for my 5 desktop apps that I actually use everyday, but it is definitely not suitable for general apps I install on a whim.

[-] amycatgirl 30 points 1 year ago

As a snap package maintainer i find it weird that there weren't any guardrails in place to avoid situations like this, considering that the main snap consumer are Ubuntu users and Ubuntu is from canonical.

I guess I should've set my expectations a bit lower

[-] caseyweederman@lemmy.ca 8 points 1 year ago

I've been... baffled... that all of Canonical's different products don't work better together.

[-] amycatgirl 4 points 1 year ago

It's not that they don't work better in conjunction, it's canonical's lack of moderation in the snapcraft store.

This could've avoided day one by adding a manual review process (like what they are temporarily doing right now)

I don't know how flathub handles new package submissions, but I think that they definitely need to have a process similar to what other distros have in place for native packages (heck, even Ubuntu's own repos have a review process)

[-] garam@lemmy.my.id 8 points 1 year ago

you confuse canonical with fedora or rhel standard... which... is sad... but at least flatpak is the savior in the end. haha..

[-] OsrsNeedsF2P@lemmy.ml 10 points 1 year ago

Red Had has 20x the employees as Canonical, I hope their product is better

[-] amycatgirl 4 points 1 year ago

Yeah, my bad 😅

I've forgotten that Canonical is not like Fedora or Red Hat

...but at least flatpak is the savior in the end.

Flatpak definitely has a potential, I use them daily. Haven't had any issues so far

[-] GustavoM@lemmy.world 19 points 1 year ago

What do we learned today, kids?

No user control = more malicious possibilities of infecting/screwing up your PC.

[-] PseudoSpock@lemmy.dbzer0.com 17 points 1 year ago

Ah hahaha! Take that Canonical and your stupid snap store!

[-] Pantherina@feddit.de 17 points 1 year ago

Wooow Ubuntu didnt expect that huh...

Having a proprietary store ran by a single Company has nothing to do with Linuxes security model

[-] autotldr@lemmings.world 15 points 1 year ago

This is the best summary I could come up with:


Stemming from reports of several fake crypto apps appearing in Canonical's Snap Store that aimed to steal user funds, temporary restrictions have been put in place while Canonical investigates the security matter.

A temporary manual review requirement has also been put in place on new Snap registrations.

This manual review is intended to thwart bad actors from registering names of legitimate applications (or at least legitimate sounding names) and using that as an avenue for pushing malicious Snaps to users.

"If you try to register a new snap while the requirement is active, you will be prompted to “request reserved name”.

Upon a successful manual review from the Snap Store staff, the name will be registered.

We want to thoroughly investigate this incident without introducing any noise into the system, and more importantly, we want to make sure our users have a safe and trusted experience with the Snap Store.


The original article contains 240 words, the summary contains 150 words. Saved 38%. I'm a bot and I'm open source!

[-] stinkpickle2013@lemmy.world 3 points 1 year ago
[-] lord_ryvan@ttrpg.network 1 points 1 year ago

That's a cute comment, but FYI it doesn't actually vote for the bot on Lemmy instances (yet?)

[-] Decker108@lemmy.ml 2 points 1 year ago
[-] beyond@linkage.ds8.zone 10 points 1 year ago* (last edited 1 year ago)

When will we learn? (Drew DeVault, May 2022)

This isn't even the first such incident with snap. https://github.com/canonical/snapcraft.io/issues/651

[-] sronweb@lemmy.world 8 points 1 year ago

And from "Ubuntu Software" I don't see a way to report a suspected app.

[-] HafizMuhammad@mastodon.social 8 points 1 year ago
this post was submitted on 30 Sep 2023
221 points (100.0% liked)

Linux

48705 readers
1283 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS