As someone whose only experience with linux is servers and Raspberry Pi, can you tell me what's wrong with snaps? I've only used them on a self-hosted NextCloud and my experience with them has been decent, but I see a lot of dislike for them on HN.
There's pros and cons. It helps developers because they aren't restricted to the distro's shipped library versions, they can build against what they need. It also confines the app to a sandbox. The downsides are that the packages end up larger because they ship with all of the necessary bundled libraries (which can also increase memory usage of the application because it can't share the libraries loaded in RAM by the native operating system), and there's a lack of trust that the developer can keep up with bundled library security updates.
Also I think snap is an Ubuntu thing vs flatpak and appimage which are more distro agnostic. That's my issue with it/Ubuntu. They are doing good things, but at the same time I don't feel they are as "open" as other linux distros.
Also, snapd is installed by default on their servers and it's not as to remove as it should be.
This is one of the reason that I will always choose a different distro if I have the choice.
Does its sandbox work yet on distros that don't use apparmor? Last time I checked, snap apps were essentially unconfined on Fedora, and sandboxing is one of snap's most important selling points.
You have skipped quite a few downsides. Anyway, the biggest one is that what was previously an app is now a separate environment that is sometimes hard to control. If I wanted to run an app in a sandbox, I would have run it in a sandbox. People have run into all possible problems with snaps in the past, it has been discussed on HN ad naueseam [0] [1].
> Anyway, the biggest one is that what was previously an app is now a separate environment that is sometimes hard to control. If I wanted to run an app in a sandbox, I would have run it in a sandbox.
I see sandboxing as a major upside. Users expect sandboxing by default nowadays. Some game they downloaded shouldn't be able to intercept your online banking browser session. Yet, in the traditional Linux desktop model, they can.
Having app sandboxing by default is long overdue. Not having it makes the environment a second class citizen for user safety and security when compared to iOS and Android, for example.
> The downsides are that the packages end up larger because they ship with all of the necessary bundled libraries (which can also increase memory usage of the application because it can't share the libraries loaded in RAM by the native operating system), and there's a lack of trust that the developer can keep up with bundled library security updates.
This has basically been happening with browser debs anyway. Browser upstreams bundle their libraries, and distributions have increasingly been unable to unbundle them.
Background daemon that takes up CPU, proprietary store, slow startup, and automatic updates in the background. Flatpak is much better if you need some sort of sandboxing, or updates outside what your distro can provide.
Automatic updates are great, when I release security fixes like new Node.js version to Wekan https://wekan.github.io . It has worked well for me for many years.
Update install is very fast, with very small downtime, automatic database schema upgrades, etc.
Sandboxing is great, code can not write outside of app's own writeable directory.
Does Flatpak have any kind of automatic update ability?
Or is there any automatic update ability for some other package system on Linux/Windows/Mac ? Is Snap the only one?
Automatic updates are great until they kill your running app [1]. Flatpaks can be updated automatically through gnome-software or a cron job, but the user can decide whether to enable automatic updates. Snaps will forcibly update after 60 days even on metered connections.
Snaps are Ubuntu specific and the server side/repo is closed source.
Snaps pollute the df/mount points with per snap lines.
They rolled out in a LTS release with minimal testing. Caused quite a few problems like not being able to boot as multiple snaps drained /dev/random (instead of /dev/urandom) and waited on more entropy, which was god awful slow since the boot hadn't finished.
There was no automatic cleanup of older snaps.
Generally it just seemed like a silly proprietary setup that Canocial tried to claim had wide industry support, despite not having that support. I'm not against the ideas, but why not docker? Flatpak? AppImages?
I had some issues with one app not reading its config file, and wanted to strace it to see if it finds the config or not. Big surprise, cannot strace snap apps..
Unfortunately the container breaks certain extensions (e.g. keepassxc-browser). And that's ignoring the fact that, at least on my machine, the flatpak fonts look terrible for some reason and I often run into issues with the Gnome theme not being properly inherited.
Try flatseal and see if you can tweak the permissions.
Re: terrible look, I face the same thing with Telegram (the mouse reverts to whatever is the default in Qt and ignores the system settings). I haven't been able to fix that.
When installing distro, I usually remove some included packages and install newest Firefox, LibreOffice, Gimp, Inkscape etc from Flatpak, because Flatpak has newest versions. Many packages do not update .deb anymore, they have moved to Flatpak.
I uninstalled the snap, then did apt install firefox, worked fine. In principle I am all in favor of more sandboxing for my browser, but when I opened FF on the machine I'd upgraded to Impish, it didn't import anything, open tabs, bookmarks, nada. Not what I'd call friendly onboarding...
Possibly getting Firefox from Debian Sid (unstable). Will require some advanced apt configuration to make sure that nothing else accidentally comes from sid, and might break or require further apt configuration changes if it starts requiring library versions that aren't in Ubuntu.
I use Ubuntu and I sometimes install Debian Sid packages by downloading them in a browser and installing them with dpkg.
If you run stable, which is released as snapshots ala Ubuntu, the packages are ancient.
If you run testing, which is a rolling distro ala Arch, they're a lot newer and pretty solid, but security updates lag.
If you run unstable, which is also rolling, things can (rarely) break.
Additionally, Ubuntu has decided to incorporate non-free software and drivers right into the base product, which gives a better out-of-the-box experience. In Debian this is all opt-in and requires a bit more effort.
Now, I run Debian testing on my laptop, and I'm a huge fan of the distribution, not the least because Debian is the bedrock on which at least a half a dozen other distros are built. But I can acknowledge that their more conservative approach to packaging does have its downsides.
Exactly, Debian has you covered depending on your needs. I run Debian Stable on servers and Debian Sid on my desktop and laptop. Had 2 or 3 non-booting Sid systems over the course of 20 years, none or which weren't solved in 10 minutes after asking for help on IRC.
I doubt Ubuntu offers newer packages than my Debian Sid installation.
As for drivers and firmware etc as I've mentioned below I've installed a new state of the art desktop in recent weeks and everything simply worked. From the wifi to Bluetooth to the Nvidia gpu. I wouldn't call enabling the non-free repo "work" since it's just a question to answer during the installation...
> Exactly, Debian has you covered depending on your needs. I run Debian Stable on servers and Debian Sid on my desktop and laptop. Had 2 or 3 non-booting Sid systems over the course of 20 years, none or which weren't solved in 10 minutes after asking for help on IRC.
Oh sure, has Debian testing or unstable resulted in a non-booting system for me in the 15-20 years I've been using it? No. But that's an incredibly low bar to set. Issues absolutely pop up that, while not that catastrophic, remain problematic.
Just recently (like, in the past 2-3 weeks) the move from pipewire 0.3.36 to 0.3.37/38 broke bluetooth audio for me, which is a dealbreaker as I use a headset every single day for work. No idea why, but I had to go pull the previous package versions from /var/cache/apt/archives (thank goodness I didn't run a purge!), manually install them with dpkg, then pin them in my apt policy until the issue is fixed.
Similarly, the wifi drivers that ship with the kernel have periodically broken and worked again across major kernel versions.
These sorts of intermittent surprise issues are far less likely to happen with a snapshot distro due to the stability of the package set and the additional testing those snapshots undergo before being released.
The problem is the Debian snapshot distro is stable which, again, has an ancient package set.
Ubuntu strikes an interesting middle ground, giving you up-to-date packages that are vetted and then the whole distro is snapshotted which minimizes the potential for surprise breakage.
Now, again, I use Debian testing. I'm fine dealing with the intermittent issues that pop up. I know the system well enough to diagnose issues, manually downgrade packages if needed, pull things from sid if I have to, or even build packages by hand when absolutely necessary.
It works out of the box for most hardware, install proprietary things easily, including drivers and codecs, and have more up to date softwares. It also have lots of usability tweaks.
You can, have all that with debian, but then you have to do the work.
I don't want to do the work if canonical can do it for me.
I installed debian just a few weeks ago on my brand new desktop. AMD Ryzen 5800x, MSI B550 motherboard, MSI Nvidia RTX 3060 Ti. Everything worked, out of the box, without adding anything magical. Including Ethernet, wifi, Bluetooth and hardware accelerated graphics. Have been buying Nvidia gpu's since forever and their (proprietary) drivers have never let me down.
So I'm not sure what you're talking about. Also, more up to date software, I'm quite certain my Debian Sid has more recent versions of everything compared to what Ubuntu has.
Yeah, I've met those kind of comments for 15 years.
There is always somebody to say that in those kind of threads. Same as Vi is easy, try Manjaro, Nix, this latest implementation of LISP, that NoSQL db, this DSL, etc.
I used to give them the benefit of the doubt, spend some time testing the alternative the person talked about, came out disappointed, and wasted time.
Now I just trust numbers. When 100 people like you will tell me the same for 3 years, I will try.
In their mind it makes sense: firefox is a user facing app that is frequently updated and requires a lot of dependencies. Perfect candidate for a snap.
But yeah, up to now, snaps really sucked, and flatpak is winning.
I've been fighting to keep Unity as long as I could, but it's now breaking too often so I accepted my gnome shell fate. It requires 10 plugins, one app, and manually crafted .desktop files to be usable, but ok, it's free software, I'll adapt.
I understand the rational to also push for wayland first now, but it breaks my workflow for things like autokey. We do need to move from X11, but once again, something I will have to work with.
And now Firefox is a snap, which is slow, has permissions problems all around (guaranteed the sandbox will break some addons), takes a lot of space, etc. Again, I get it, it's a perfect candidate to push the tech, and they need to solve user facing apps distribution problem with linux.
I like Ubuntu a lot. I donate to it. I don't want to migrate to Manjaro or something else. Ubuntu is the sweet spot for things working out of the box.
But with 21.010, I really feel like at least moving to Elementary or PopOS right now. Tried them, the first one can't install (EFI partition is too small), the second breaks on my machine.
I don't like KDE, so I guess, next is Xubuntu? Something else?
Isn't pop also gnome? You can install pop shell which is an extension. It adds tiling, which isn't for everyone.
I'm like you don't like the fact that defaul gnome is so bad that I need a bunch of extensions. But I don't like KDE either, looks so inconsistent, too much pointless blurring and animation. However, I guess other choices are worse because they would have some other flaws that you can't even find extensions to work around.
I tried to install the pop shell, but it worked out badly. Those distro are not made to just have the DE installed after the installation of Ubuntu. Something always breaks.
But it's not a DE just extension of Gnome? I've never actually tried Pop OS but after installing pop shell, I only got windows tiling. The only thing missing is the command palette which I don't really mind.
Canonical has been doing some great work with Ubuntu. Though now I wonder if the desktop Linux is dead. With WSL rapidly improving with each release, how many devs really want to deal with the configuration of a Linux system?
This comment made me laugh out loud. There's no way I'd prefer Windows + WSL to a proper Linux install. I can't stand my OS trying to advertise to me, Windows is a PITA to install/maintain, and I strongly prefer the Gnome UX to Windows (or Mac).
With the Steam deck motivating developers to get their games running on Linux (mostly via Wine), with better performance, I see the opposite potential. Linux share on Steam has been steadily growing.
To be fair Linux on laptops is still occasionally problematic from a battery life POV, but we're often comparing community support to vendor official support not just the operating systems. Increased motivation from vendors to support Linux should help round out hardware support.
Not the OP but fwiw I feel the same. Last I used WSL was probably 3 or 4 months ago, so very recently but before I had a chance to try graphical WSL. But tbh that hardly matters to me because I don't use many GUI applications.
The problem for me is that to use WSL, I still have to use Windows, which is odious to me for reasons that WSL can't ameliorate. Additionally every time you get set up on Windows you still have to deal with its deficiencies in getting to your desired WSL setup, namely deficient package management and terminal emulation solutions. (Windows Terminal is pretty good, and it's what I always go with for now.)
WSL will never help Windows with being slow or huge (20+ GB for an install, even without any applications? what the absolute fuck) or rude or unpredictable or opaque.
As for my toolchain: for people like me who use distros a bit off the beaten path, the fact that WSL is more or less incompatible with a real init system gets in the way, too. Nix support has also been spotty, coming and going and being blocked and unblocked at various times since WSL1.
Idk, dude. I actually like Linux on the desktop, Windows does a ton of things I don't like, and setting up a Windows machine seriously sucks. I don't think WSL is or wants to be for me.
The reason I run desktop Linux isn't because it has a particular feature I want. It's to get away from all the Windows features I don't want — bloat, bundleware, ads, telemetry, forced AV, forced cloud features, forced reboots...
I think the linux marketshare among devs is still increasing, even with WSL available. WSL is in fact one of Microsoft's attempts to lure back developers to their OS, or never make them switch.
For some folks, like you, this might actually work. But they've lost me as a user since more than a decade and I doubt I'll come back out of my own volition. Even with WSL, Windows is full of bloat, slowness, and I am fully exposed to Microsoft's user-harming antipatterns.
Maybe, I'm a minority on HN, but I want my OS to be as transparent as possible while I do my work. Each time I login, I don't want to be greeted with Audio doesn't work, or your email client broke because Outlook Server changed something. My hunch is low code or no code users are also similar, if someone uses Python for some data wrangling tasks, they don't want to deal with a full fledged Linux installation.
My developer tool chain generally involves writing backend services. I made a toy project using WSL and VSCode's remote extension and the experience was almost seamless. I was able to get Docker to work, installed GoLang, built my services, use the terminal to push code.
Obviously, if a developer sees it as "deal with the configuration" then no, go with macOS, Windows or any other zero-config operating systems. But many see that part as a feature, not something to "deal with", and for those Linux is rescue in a sea of the infantilization Apple and Microsoft engage with.
Oh, I really wish macOS and Windows were more zero-config.
On Linux, I can install many dev tools at once. It's easiest to dev on Linux. Harder on Windows. Hardest on macOS. Yes, I did spend many hours debugging macOS to show local website at work.
macOS and Windows shows all kinds of extra confirmation questions if I try to run executeable I compiled.
> macOS, Windows or any other zero-config operating systems
??? Windows and Mac are way more work to set up than Linux because they fundamentally lack systems for managing software comparable to a decent package manager. Everything is a manual, pointy-clicky nightmare, sometimes lightly papered over with hacky hodgepodges like Chocolatey or supplemented with third party tools that are a bit better on macOS but still have to fight against an indifferent base system that cyclically breaks them (Nix, Homebrew), but ultimately still a mess.
I feel the opposite way. What does Windows have to justify the thousands of dollars necessary to put Windows on every machine in my organization outside of its deadeye security updates team?
Excited for the new changes that kernel 5.12 and 5.13 bring. Especially NVidia+Wayland and the hotplugging of AMD GPUs. Let's hope NVidia will follow soon with this functionality (but I doubt it).
Yes, Windows uses it for suspending discrete GPUs on laptops to save on power, for designs like surface book, for external GPUs and some more server scenarios.
I have a macbook air with an egpu connected by a thunderbolt 3 port. I unplug the gpu when I want to take the laptop somewhere, and plug in back in when I'm at my desk.
Updated a bit ago and it is a fantastic release so far. Yaru is very mature by now and the speed improvements for animations in Gnome 40 are very evident.
Canonical finally managed to make me switch back to Debian.