this post was submitted on 03 Nov 2023
51 points (84.0% liked)
Linux
48216 readers
628 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Officially supported doesnt mean its more stable. They can just take binaries, add dependenciesy tadaa.
Bubblewrap is not insecure. But I am not an expert
Never implied that anyways. Official merely ensures that the amount of trusted parties can be minimized.
Bubblewrap, when properly applied is indeed excellent; perhaps the best utility to sandbox applications on Linux. I'm thankful that flatpaks makes use of bubblewrap, namespaces and seccomp to offer relatively safe/secure apps/binaries, I'm unaware of any other '(universal) package manager' within the Linux-space that offers similar feats in that regard. Unfortunately, Chromium-based browsers just happen to have an even stronger sandbox -if properly configured- than flatpaks are currently capable of.
Okay true. I am not so much into this Browser sandbox thing and dont really get it. Its a different way than bubblewrap, as from Firefox RPM for example I can open any file and save anywhere. But its process isolation right?
For Firefox, the verdict on its native sandbox vs Flatpak's native sandbox doesn't seem conclusive. With -assumingly- knowledgeable peeps on both sides of the argument, which indeed does raise the question how knowledgeable they actually are. Nonetheless, for myself, I've accepted Flatpak's sandbox to not be inferior to Firefox' native one. Thus, I don't see any problem with using its flatpak.
Apart from having all the nice KDE integration and things like Keepass integration, Fido2 keys, drag and drop and some more things...
Also afaik the Fedora Firefox has a good SELinux profile and it runs damn fast. I did a speed test and it was best, along with Mozillas all-together-binary.
I'm a sucker for GNOME :P , but I'll keep it in mind.
The flatpak does allow integration, but isn't built-in unfortunately; so one has to fiddle a bit themselves to set it up.
I should rely more on those. Do you have any recommendations? I've been hearing good things about Nitropad and Yubico, but I honestly don't know if they're actually good and how they would fare amongst eachother.
Overrated anyways /s :P .
It's probably better configured with the native package than the flatpak one indeed. I wonder if this will change as Fedora is interested to ship Firefox as a flatpak by default on Silverblue (and variants).
I haven't had the best internet speeds since I've been relying on free VPN. But that's on me :P .
Fedora packages a Flatpak Firefox themselves, based off the RPM. So its good too, but lacks codecs with currently no way to enable them so yeah. They would need am extension of some sort hosted on Flathub. So simply using Firefox Flatpak from Flathub makes more sense.
I got a Nitrokey for Heads but for some reason it never arrived? I can say these things are very expensive. And Heads uses PGP and not others.
I somehow forgot that Fedora also had Firefox in their flatpak repos.
You know what's good, fam.
That's messed up, though.