Your favourite Linux packaging format isn’t as secure as you think…

Рет қаралды 37,932

Күн бұрын

Head to squarespace.com/thelinuxexper... to save 10% off your first purchase of a website or domain using code thelinuxexperiment
Grab a brand new laptop or desktop running Linux: www.tuxedocomputers.com/en#
👏 SUPPORT THE CHANNEL:
Get access to:
- a Daily Linux News show
- a weekly patroncast for more personal thoughts
- polls on the next topics I cover,
- your name in the credits
KZbin: / @thelinuxexp
Patreon: / thelinuxexperiment
Or, you can donate whatever you want:
paypal.me/thelinuxexp
Liberapay: liberapay.com/TheLinuxExperim...
👕 GET TLE MERCH
Support the channel AND get cool new gear: the-linux-experiment.creator-...
🎙️ LINUX AND OPEN SOURCE NEWS PODCAST:
Listen to the latest Linux and open source news, with more in depth coverage, and ad-free! podcast.thelinuxexp.com
🏆 FOLLOW ME ELSEWHERE:
Website: thelinuxexp.com
Mastodon: mastodon.social/web/@thelinuxEXP
Pixelfed: pixelfed.social/TLENick
PeerTube: tilvids.com/c/thelinuxexperim...
Discord: / discord
Timecodes:
0:00 Intro
0:41 Sponsor: SquareSpace
01:45 App Verification and security
04:36 Distro packages aren't really safer
06:46 Sandboxing: no silver bullet
09:07 Distro dependencies are better?
13:07 It's your responsibility to check
14:50 Sponsor: Tuxedo Computers
15:43 Support the channel
Verified apps are an implicit guarantee that this thing is as the developer intended. What app verification isn't, is a guarantee that the package you're downloading is safe, or has no security problems.
If the repo has been hacked, if one of the maintainers for the app is malicious, then the official package will also contain that code.
The security argument will often be used to push people towards distro packages instead of flatpaks and snaps, but this is also not really how things work.
The general view of distro packages is that they can be safer, because there's a trusted maintainer that will create the package, and thus can detect any unwanted change, backdoor, or problem, and prevent you from getting the infected or buggy version of the package.
This is not really the case though.
Log4J, the recent SSH vulnerability, the XZ backdoor, and basically every CVE ever discovered points to the fact that maintainers DO NOT do security reviews on most packages they build. That's not what is expected of them either. A lot of maintainers aren't developers and couldn't conduct these audits in the first place.
unixdigest.com/articles/how-s...
flameeyes.blog/2022/02/15/on-...
Another big misconception is around the sandbox for Flatpaks and snaps. A sandbox basically just means that the app you're running has a system of permissions that limits what the app can do, and how it can interact with the system. It CAN be more secure than not having a sandbox, but it doesn't mean it IS always more secure.
Another example of the sandbox not doing anything to protect the user is with the recent scam crypto apps on the snap store: these WERE sandboxed, because they scammed you through a web view, a website basically.
Another common misconception around packages is how dependencies work. You'll often read that distro packages use the system dependencies, and thus use less disk space, and are more secure, because you know that the library the app relies upon is updated by your distro, compared to a flatpak, snap or AppImage, where the dev might have bundled a dependency on their own, and never bothered to update it.
First, you CAN check which versions of dependencies the package comes with. A flatpak is open, you can see how it's built. Second, distro packages aren't always up to date either: just because it's a shared library doesn't mean it has all the latest security fixes.
This example will be clearer: MariaDB got a security update in 2021 in November. While Arch and Artix updated things the same day, Debian took 3 months to apply it, and Alpine took 4. Same goes for fixed linux kernel versions: when your distro is locked to a specific kernel version, it's been factually proven that this version becomes more and more buggy and vulnerable over time, as maintainers simply don't apply every fix, and don't backport everything. For example, the current RHEL 8.8 kernel had more then 4500 bugs open that have fixes in later kernel releases.
unixdigest.com/articles/how-s...
ciq.com/blog/new-research-the...
www.debian.org/devel/wnpp/orp...

Пікірлер: 345

@TheLinuxEXP 19 күн бұрын

Head to squarespace.com/thelinuxexperiment to save 10% off your first purchase of a website or domain using code thelinuxexperiment

@gianniloscapolo 19 күн бұрын

I think is also worth to point out that these issues are the same for exes on Windows, in case someone thinks this is specific to how Linux distributes software

@TheLinuxEXP 19 күн бұрын

Yep, I made the same point at the end of the video: no OS is free of these issues

@pupip55 18 күн бұрын

same with steam too

@gianniloscapolo 18 күн бұрын

@@TheLinuxEXP Ops, I guess it's a reminder to watch the whole thing before commenting 😅

@Akab 18 күн бұрын

Generally with computers that arent "smart" devices. When using a personal computer, it's the user that has to trust what they run, not some supervisor. That's the difference between a device you own and a device you use within limits.

@monabuu 19 күн бұрын

I’d love to see you do a video on AppArmor and SELinux!

@ElFlor95 19 күн бұрын

That would be a very much appreciated topic. I have yet to set up one of them, but have no idea on the pros and cons of each. I believe apparmor supposedly has more overhead, but SELinux is more symptomatic and retrofitted in it's restrictions.

@tablettablete186 19 күн бұрын

And Landlock!!!

@_DT_ 18 күн бұрын

I use firejail to remove internet permissions per application

@Bigoukun 19 күн бұрын

To me, both FlatPak and distro packages have their places, and combining the two is probably the best.

@TheLinuxEXP 19 күн бұрын

Agreed!

@dragonballjiujitsu 19 күн бұрын

Yep

@R0ck4x3 19 күн бұрын

Yeah, using one or the other exclusively is not sensible, each of them have their advantages and disadvantages

@Berecutecu 19 күн бұрын

When using one or the other? Is there a pripority decision tree to decide if should go one way or the other?

@samuelsurfboard9887 19 күн бұрын

I don't see the advantage of using Flatpak over system native packages

@savagepro9060 19 күн бұрын

Avoid all malware. Build Linux From Scratch. Learn to code and write your own apps!🤣😂😆😁

@TheSuperTiger2011 19 күн бұрын

Naa, create your own operating system. In fact create all you components from scratch, create your own cpu architecture and case, make your own colour and if you are super paranoid, create your own universe.

@savagepro9060 19 күн бұрын

@@TheSuperTiger2011 there will still be OTHER universes around you🤔🤨

@rocklinks 19 күн бұрын

nearly impossible for newbies

@balsalmalberto8086 19 күн бұрын

Avoid all malware. Build a home in the mountains. Learn to grow your own food and life off the land!

@savagepro9060 19 күн бұрын

@@balsalmalberto8086 No, that would be for avoiding Genetically Modified Foods

@Blueeeeeee 18 күн бұрын

It should be pointed out that 1) With an unverified Flatpak, you have to trust the original dev *and* the maintainer not to be malicious, hence the "security" argument 2) Would have appreciated more details on Flatpak de-duplication. Because it uses shared runtimes, installing a Flatpak for the first time can often be a big download, but these runtimes will be shared among your installed Flatpaks - this is the same for Snap. 3) On top of that though, *Flatpak goes the extra mile* by using de-duplication, which ensures that if any of your apps or runtimes have the same libraries or components, those will be reused between them and not re-downloaded, saving both network and disk space.

@D.von.N 18 күн бұрын

What happens when you download new software that uses components of an existing one and then you uninstall the existing one?

@razzeeee 18 күн бұрын

@@D.von.N it keeps the parts it needs

@pyepye-io4vu 17 күн бұрын

Deduplication does not work properly unfortunately, it has a lot of bugs, especially when it comes to Nvidia driver versions and Gnome platform versions.

@razzeeee 17 күн бұрын

@@pyepye-io4vu are you sure, the nvidia drivers are supposed to be fixed in the nightly AFAIK

@razzeeee 17 күн бұрын

@@pyepye-io4vu also that's not the deduplication we're talking about. In fact, I don't think what you mean is deduplication at all

@NiffirgkcaJ 19 күн бұрын

I don't understand how people could think that software could be 100% safe or even invulnerable.

@patryn36 19 күн бұрын

Because they do not fully understand what they use or the true nature of the world.

@Malix_off 19 күн бұрын

The average user doesn't even know, basically

@k1ry4n 19 күн бұрын

@@patryn36Do you and the 10 people that liked your comment fully understand what you use and the "true nature of the world"?

@patryn36 19 күн бұрын

@@k1ry4n more so than most typically do, i may not be able to write code but i have mot had a program hijack any computer i have had or currently do. Even if that does happen i can wipe the entire pc and reinstall, i keep isolated backups precisely for that purpose.

@k1ry4n 19 күн бұрын

@@patryn36 I used to write code but I would never gave a statement like yours. I don't fully understand anything, especially the true nature of the world (whatever it means). All our knowledge is partial at best and we can be expert in a very few selected things, while being ignorant about everything else (that means 99,9% of human knowledge). It's not my intention to attack you because I understand what you really meant. I just wanted to underline how even in a specific field our understanding is very far from being 'full'.

@spinny-kitten 19 күн бұрын

flatseal serves as a GUI to manage permissions for installed flatpaks

@R0ck4x3 19 күн бұрын

Yeah, Flatseal is very useful and frankly should be a standard install for any distro that supports Flatpak

@DryPaperHammerBro 19 күн бұрын

Plasma has a similar thing integrated to the settings app!

@UrbanistBlooms 18 күн бұрын

But the permission portal doesn't guarantee the app will respect those sandbox prefs

@DraXaly 18 күн бұрын

@@UrbanistBloomsdo you mean the kde flatpak settings or flatseal

@UrbanistBlooms 17 күн бұрын

@@DraXaly either or, the permission use a flatpak portal which is generally recommendations for the app to follow

@Luzgar 19 күн бұрын

Reminder : The average user just wants to install and use the app and does not care about (or understands) the different packaging formats.

@dageta7742 18 күн бұрын

Windows sounds better with each of these videos

@cameronbosch1213 18 күн бұрын

@@dageta7742 Except it isn't.

@pyepye-io4vu 17 күн бұрын

Reminder: the average user is by far the biggest source of security issues, and feels proud of his ignorance and apathy.

@iamsh4r106 17 күн бұрын

@@dageta7742 Windows has the same issues with its packaging formats

@liarus 19 күн бұрын

4:20 this this still on the top of the weirdest moves I have ever seen within the linux community in my life

@juanposo 18 күн бұрын

For real, how do you get such an ego boost for maintaining (not even making) a piece of software for only one specific linux distro? That ain’t normal

@E.Taylor 18 күн бұрын

The real issue is the theater. Like when we become convinced that something is safe, then we will be more likely to engage in reckless behavior. The more secure we think our computers are, the more we forget good practices. A lot of things are that way too, other then computers.

@BeefIngot 18 күн бұрын

Definitely the truth, like the people who brag about linux being used on servers as if they have the same security suites, IDS (Intrusion Detection System) and EDR (Endpoint Detection and Response), when really they dont even have SELinux or App armour configured for a majority of their apps

@zeusde86 18 күн бұрын

8:20 flatseal is one example to graphically adjust permissions of installed flatpaks, and works like a charm.

@razzeeee 18 күн бұрын

Regressions are also a thing - I have now multiple times witnessed python just breaking stuff and saying, we'll eventually get around to fixing it in some future versions. And users complaining about broken things. So as a maintainer, you might want to lock to an old version, which you can do in flatpak. All while arch users are complaining and windows installs are crashing.

@DeepfriedChips 18 күн бұрын

People sometimes really think that their packaging format has no disadvantages or issues

@andreobarros 19 күн бұрын

At the end of the day, installing an app on your personal computer is like inviting someone to your home. Will you let any random ass enter your house? I imagine not. The good part about pcs is that you can make a "fake home" and install all the trash there.

@tablettablete186 19 күн бұрын

The only problem is that they can escape from the basemen... I mean, "fake home"

@Atlasim 17 күн бұрын

@@tablettablete186THEY'RE COMING IN!!!

@angeldude101 17 күн бұрын

@@tablettablete186 There are ways to lock down the app absolutely so it's impossible to escape, but things tend to go both ways and now you can't access the app at all and you may as well have never installed it.

@MartinAhlman 18 күн бұрын

I trust the slow but trusted Debian more than anything. It's slow but mostly safe.

@pyepye-io4vu 17 күн бұрын

Slowness is part of the safety, remember xz backdoor? Didn't reach Debian stable (thanks to slowness).

@bltzcstrnx 4 күн бұрын

@@pyepye-io4vuyou almost always run all payloads on top of the container orchestration platform anyway. The underlying OS is only used to run that container platform. At least that's how a server is usually configured.

@MarcosCodas 19 күн бұрын

Crazy that "open source drama" is a big enough topic that you can make legitimately informative and entertaining videos on it.

@MrAlanCristhian 19 күн бұрын

On debian I use apt packages as much as I can. Because debian has a security team that audit them and has a massive infrastructure for that. But I also have some flatpak apps. I also have some web apps that I installed with gnome-web.

@scpatl4now 19 күн бұрын

If you have ever had to compile a piece of software yourself, you would be happy with any of these package formats

@lobotomy-victim 18 күн бұрын

you just install dependencies and run one command, wym

@scpatl4now 18 күн бұрын

@@lobotomy-victim Man, it ain't never that easy

@markusfischhaber8178 19 күн бұрын

I migrated to mint and installed some flatpaks. Install was easy, to make them run was somehow a quest because I needed flatseal to manage how the sandbox permissions. The biggest problem with flatpak is: updates for flatpak runtimes EVERYDAY. That’s insane

@that_leaflet 18 күн бұрын

The runtimes shouldn’t be updating every day. Maybe it’s an issue with Mints GUI for it. Try from the terminal.

@Blueeeeeee 18 күн бұрын

It should be noted these are delta upadtes though - the whole runtime isn't downloaded every tile, only the parts that changed.

@iamsh4r106 17 күн бұрын

@@Blueeeeeee you also don't NEED to update daily

@Mishaye 19 күн бұрын

As a general rule of thumb, I use the distro package. If there is an official/dev supported flatpak or snap, and the distro package isn't official/dev supported, I might use that instead. That's pretty much it.

@JeanBzh 19 күн бұрын

Regarding the security, XZ is in fact a good example. I suppose distros can improve based on this experience, and might add some automated scans of the code in their build pipelines ? If we have a centralized build pipeline we can do this kind of things, and improve the pipeline each time we can, whereas when it's built by a project directly for a flatpack we cannot set security standards (it's obviously a lot worse for proprietary code for which a package is built by a company and pushed to flathub).

@pyepye-io4vu 15 күн бұрын

xz was a social engineering attack. There is very little that can be done about that from the technical side. It's the human factor we need to tend to: support good devs, push the political activists out of software (see recent stuff like Nix).

@kolappan 18 күн бұрын

While Windows has most of the same problems, iOS and android are a bit better in this regard . You need to explicitly allow apps for permissions like cameras, microphone, etc

@labonnelambda58 14 күн бұрын

Yes, it is both a GUI difference - permission are shown in confirmation of installation instead of being hidden after description. It would be really easy to fix on Linux - and a "ask permission later" thing - a lot harder to implement on Linux. Those things are only possible for flatpacks and snaps formats (or obscure software formats).

@rouhollahseyfi 19 күн бұрын

Ubuntu 24.04 has a GUI for snap permissions management in Gnome settings, under applications.

@ShareMania 18 күн бұрын

Also previous to Ubuntu 24.04, there is a permissions management for each snap at the Ubuntu software center app

@xmaxnetx 18 күн бұрын

The issue already starts with the phrase "X is is more secure then Y": As if security would be a value on a scale from 1 to 10, which you can compare. Security has so many aspects, that you cannot claim X is more secure then Y for any piece of real piece of software, without limiting yourself to a certain aspect of it. As a community, we should focus on identifying security issues and find a way to fix them as good and fast as possible, instead of doing pseudo-discussions, which method, software or approach is in general more secure then another.

@cybernit3 18 күн бұрын

Thanks for explaining about package security and glad there is effort to make it more secure. I often wonder about Linux having malware; on Windows we were quite use to it.

@fuseteam 19 күн бұрын

Snap has a graphical ui for permissions on at least ubuntu, it is integrated into system settings

@user-ib1bz4bh3g 18 күн бұрын

6:11 However, the maintainers of the distro packages were informed before the regreSSHion vulnerability was officially revealed. So they could prepare updated packages.

@RagnarinVa 19 күн бұрын

An awesome afternoon surprise. Nick is back. As I have said over and over -- Linux as an OS is solid as a rock - period. The thing holding it back is the application layer. The Linux desktop needs an integrated layer of core apps to make Linux pleasant and easy to use for day to day computing. Getting coherency on DEs and the "app stores" are key to that.

@lorduggae 17 күн бұрын

Just goes to prove that every time a human being creates something, another human comes along and figures out how to turn it into either a weapon or a tool to gain advantage with or both.

@thescrewfly 19 күн бұрын

I knew almost nothing about this topic, so thank you.

@BeefIngot 18 күн бұрын

I like that this video tangentially tackles the lasse faire bro attitude towards security it seems many linux bros have where they say things like linux doesnt have malware or linux is more secure but in reality, who is setting up app armour or selinux for every app they havent personally verified. They talk as if they have the same security suites, IDS (Intrusion Detection System) and EDR (Endpoint Detection and Response) as servers when really they dont even have SELinux or App armour configured for a majority of their apps

@renner0395 19 күн бұрын

Flatpak is not perfect but it is the best we have right now.

@TheLinuxEXP 19 күн бұрын

Agreed

@SnowyRVulpix 19 күн бұрын

Imo deb is the best we have right now. I see the potential in flatpaks, but a couple of flaws are quite critical imo. See my post in the main level for why.

@SnakePlissken25 19 күн бұрын

Disagree here. Bloat is a thing. I don't need seven versions of a full runtime just to have several libs.

@sheikhshakilakhtar1865 19 күн бұрын

Nix? Guix?

@SnakePlissken25 18 күн бұрын

@@sheikhshakilakhtar1865 What about them?

@rabbits2345 19 күн бұрын

I have been Linux-ing for about 15 years now and have used nearly every distro at least once. Distro packages suck, plain and simple. Maintainers LOVE adding their own special sauce to packages and this creates situations where there were different config files, default options, binary locations, package names, and even package contents between distros. To say this hurt Linux adoption and made life harder for everyone (even experienced users) would be an understatement. Flatpak has completely changed the game. Portable apps running as the developers intended from a centralized repo that is noob friendly? Incredible. Now we just need an official GUI.

@Rudxain 16 күн бұрын

As of now, I simply use the GNOME Software GUI with the Flatpak plugin

@Nielsblog 18 күн бұрын

I still trust packages created by the actual developers of the application more than some (often unknown) third party doing it. Hence I rarely use the app portals that come with many distros nowadays and always try to find the website of the software I'm looking and follow their installation instructions instead, even if that means I've got to install a deb. I'm aware this isn't necessarily more secure, but at least I know who's responsible when something goes wrong (besides me for my decision to install a .deb).

@ParinyaTeerakasemsuk 18 күн бұрын

You're right. This should be everyone's 101 security practice. No one is checking Flatpak's manifest every single time before they update each of their apps. Unverified apps should not be taken lightly.

@SnowyRVulpix 19 күн бұрын

Sandboxing frustrates me. Ive had a couple of apps now where i couldn't load files from my data drive and had to copy them to home before using. And OBS is a major complaint i see from youtubers, with specific hardware not visible in the flatpak version, but visible in the deb version.

@SnowyRVulpix 19 күн бұрын

Also integration is still wonky. Qbittorrents flatpak can't detect the gtk theme (dark/light) I'm using, for example

@BenjaminWheeler0510 19 күн бұрын

@@SnowyRVulpix is it an upstream issue or a qbitorrent problem?

@frankhuurman3955 19 күн бұрын

Kdenlive was the same for me, couldn't use the speech to text Whisper model with the Flatpak. It works with the AppImage though!

@eps-nx8zg 19 күн бұрын

You have to give flatpaks access to your data drives, obs has been working perfectly for me with hardware accelerated video encoding including av1, and I haven't had a single problem with light/dark theming issue since I've been on gnome.

@SleepTime-Dark 18 күн бұрын

@@SnowyRVulpixYou need to specify the theme in flatseal, otherwise it will not work.

@ThylineTheGay 5 күн бұрын

TLDR; no matter what, you have to trust someone, and all of computing relies on the goodwill of random people, whether you like it or not

@alicethegrinsecatz6011 19 күн бұрын

I install a lot of native software. People who say it use the OS dependencies aren't right. There's a lot of packages have their own bundle of libraries and dependencies. Not rarely, you need to install dependencies from third-party sources. It can also pretty messy and cause conflicts. Wasn't able to install Proton Pass along side to Proton Mail and Proton VPN because of dependency conflict between the fork of a Proton dependency in Proton Pass with the original version used in the other Proton products. They solved it in the meantime but it was there.

@jameslewis2635 18 күн бұрын

While getting apps from the distro store is always going to give the best performance, being able to use something like Flatpack that is essentially able to run the software in its own dedicated software environment without relying on all the system apps the particular app you want to run needs being either pre-installed or in the distro store. The reason I feel the need for this is that I have had several instances of where an app needed a certain version of some background app that has either been depreciated due to a newer version being available or just not available in my distro which stopped the native program running.

@tablettablete186 19 күн бұрын

This is a really great video!!!

@labonnelambda58 14 күн бұрын

The issue with "verified" tag, it is his name. It verify the origine, which *we want* to have. But it doesn't verify the code itself, which we should know. It should have an other name ! There is also the issue of alternative version where their alternative origine has been verified. Instead of "verified" or nothing. We should have "Original origine", "Alternative version", or "Unverified origine".

@gulden_lover 15 күн бұрын

Great video. Very enlightening.

@abunk8691 19 күн бұрын

I have to rewatch your package formats vid first before watching this just to be sure I'm up to speed somewhat haha

@dragonballjiujitsu 19 күн бұрын

The only things I'll use are flatpaks and distro packages. These seem to be the most reliable and fastest. As for security, its pretty much a non-issue. There is nothing that is 100% safe.

@thingsiplay 18 күн бұрын

One of the biggest weakpoints of Snap and Flatpak is, that they are not packaged by my distributions maintainer and are coming straight from the developer. This is something I don't want. I want my distribution to repackage.

@arkeynserhayn8370 18 күн бұрын

Redundancy of effort; there is native package for that.

@BeefIngot 18 күн бұрын

Why? It just means more hands touch the pie, and like covered itsa not like the maintainers are doing security audits the vast amount of the time. Its placebo safety vs efficiency and a lessened workload for the developer. Run the apps without full permissions istead. Containers, mandatory access control systems like SELinux and app armour etc.

@thingsiplay 18 күн бұрын

@@BeefIngot Flatpaks are designed to run everywhere, therefore they are not optimized for my system. I want the middle man, as this is another step to pass. Just because an application comes directly from its developers does not make it better than one from third party. Its like installing any software directly downloading from the website, like on Windows. I don't want that. I also do not expect my distributor to audit the code, but that's not the point. Besides that there are other reasons, like not being able to do everything with one package manager (listings and what not). The file paths are different, its run different and other things. And often trying to figure out why the Flatpak does not work, if I ever figure out it is the Flatpak that is causing the issues, then its wasting my time even more. Flatpak has its place and I even use it, but not because its my first choice. I do not want to use any operating system that relies on Flatpak or Snaps. My OS should have native packages as first class.

@MelodicMethod 19 күн бұрын

very helpful; thank you for the video

@Eyuphuro 17 күн бұрын

The Debian's maintainer decision is based on security concerns, you made it sound unsecure (and problematic), which is hilarious.

@TheLinuxEXP 17 күн бұрын

You interpret what I said. I didn’t make it sound like it’s insecure, I said it took away user agency and went against developer’s wishes. A maintainer DOES NOT decide for the users or the developers. If you don’t like how the app works, you stop packaging it. The maintainer did something stupid, virtually everyone agrees, and it goes against Debian’s guidelines as well…

@Eyuphuro 17 күн бұрын

@@TheLinuxEXP >>went against developer’s wishes The dev allows modifications, redistributions. Read the licence. >>A maintainer DOES NOT decide for the users You pick your favorite distro based on what the maintainer will decide, based on packaging policy of that project, if the decisions is somewhat unpleasing to you then, its fine, but clearly you're using a wrong distro; >>If you don’t like how the app works, you stop packaging it. This is a fake dicotomy. No, if it's FOSS you can modify it to work as you like and you're allowed to redistribute it. >>The maintainer did something stupid, virtually everyone agrees, and it goes against Debian’s guidelines as well… Your opinions, and i respect that.

@MW-mn1el 19 күн бұрын

Flatpak is safer than AppImage, not sure about snap.

@alicethegrinsecatz6011 19 күн бұрын

Snap is pretty secure too but similar issues as with Flatpak. It's bulletproof depending on the caliber. If the caliber is big enough, means if the software has the right exploits, it still can penetrate. But like armour, some protection is better than no protection. Even if a tank can resist any weapon, it is still better than a normal car when it comes to protection.

@Kermit2k 19 күн бұрын

Missing the entire point of the video. No system is inherently safer than the other. You can have a perfectly safe AppImage and Malware Flatpak App that nukes your system.

@CorneliusCornbread 19 күн бұрын

@@alicethegrinsecatz6011 Problem is with snap the community can do nothing about its security. Snap's distribution is closed source, with no ability for other people to host their own services. This means the people whom use it are at the mercy of Canonical and their interests, if someone makes a pull request to change or improve the security model of snaps Canonical could deny it for any reason they wanted. Flatpak could do the same yes, but developers could also fork the project and introduce the changes themselves.

@Berecutecu 18 күн бұрын

Snaps are a tad bit more secure because of Apparmor embedded on them if you use Ubuntu. You can find more info in Privsec desktop hardening Linux page

@PranjalP21 19 күн бұрын

Great topic

@vasudevmenon2496 18 күн бұрын

Didn't debian, arch and rpm packages have a integrity checker and if it's not valid they don't install. I don't think apps run by root by default. Never had I run vlc in admin mode in windows and Linux for more than 15 yrs

@user-yy7bd6rx6q 19 күн бұрын

Thanks for video!

@dexterman6361 18 күн бұрын

So if I create a random repo as a reupload (not a fork) and the use that to autenticate with flatpak (or another store), and then package someone else's app, will that show up as verified?

@Gatsu563 19 күн бұрын

A little out of the scope but what about Bottles ? I use Bottles to run Windows visual novel that aren't available on Steam. I don't change any of the default settings and it works great out of the box. Are these Windows executables only able to act in the folder and subfolders from which they are launched maybe ? I wonder what a designed for Windows malware would be able to do if executed through bottles. Unable to steal anything because it's not in the location it supposed to be or because it can only view what appears to be an empty Windows ?

@Taikostuff 18 күн бұрын

With openSUSE for example to get full codec support you need to enable a 3rd party repo. In that case it probably makes more sense to install the flatpak version with integrated codecs. For not only "security" but also potential breakage since packman replaces a lot of openSuse provided stuff and it often lags behind a bit so you can get errors when updating. And installing flatpak as user instead of system seems to be a good choice as well.

@ParinyaTeerakasemsuk 18 күн бұрын

Those breakages can be prevented with Distrobox. It's much better to use Distrobox than Flatpak in some cases, e.g. Chromium-based browsers, as they have to circumvent Flatpak's sandbox with Zypak, in which doesn't comparable to Chromium's native sandbox, security-wise. Moreover, they all lack a proper support for PWA. Widevine support is also not possible without exposing filesystem=host-os, hence making Flatpak sandboxing with Chromium-based browsers not relevant.

@JR-ey3oo 18 күн бұрын

Stay safe on the streets of France. I will really miss your channel if something happens to you. Thanks for your great Linux news and reviews.

@raute2687 18 күн бұрын

the snap store on ubuntu does let you graphically change snap permissions

@ronm6585 16 күн бұрын

Thanks Nick.

@mayonaiseking 18 күн бұрын

Flatpak permissions are underminded by portals afaik. For example file system permissions are circumvented that way.

@that_leaflet 18 күн бұрын

Not true. Portals let sandboxed apps access content of the system but in a controlled manner. For example, say Firefox is a flatpak and has no access to your home folder. But you want to upload an image to a website. Through portals, Firefox can access just the image you to upload.

@mayonaiseking 18 күн бұрын

@@that_leaflet If a user takes away filesystem permissions of a flatpak knowingly, it should therefore not be able to get any files at all, shoud it? But what you are saying, if I understand correctly, that if I interact with the filesystem in such an app, that has FS permission, it would ask the host system to open a file browsing dialog, let the user chose the file or folder, which then gets passed into the flatpak app via a portal? And for that whole process the flatpak can not access anything in that dialog or the filesystem?

@that_leaflet 18 күн бұрын

@@mayonaiseking Yes. The app doesn’t have access to the file until you give it permission to it (by selecting it into the file picker). Portals were made so that permission can be dynamically given (with a permission system) rather than static locations listed in a flatpak’s manifest file.

@mayonaiseking 18 күн бұрын

@@that_leaflet Thanks for the insight. Should probably have looked further into this instead of splurting it out like that.

@Ohem1 18 күн бұрын

To me, I don't want to be inconvenienced. All the package managers are great until you have to deal with them in the terminal because commands aren't universal but have to be individually referred, they have pros and cons but as a user, I shouldn't get stuck in between.

@abunk8691 19 күн бұрын

Finished rewatching your package formats vid and this one. Interestingly I've learned most of the stuff you mentioned in one way or another from your videos, documentation of packages, forums, and just exploring stuff. I'll be looking more into the Flatpak permissions management, maybe using Flatseal since I don't use Plasma. I still like your stance of using whatever works as it is very open to people using whatever they want instead of what the elitists from a lot of Linux forums do and push people to use Arch for the AUR or compiling everything by hand like the Gentoo way (which honestly starts to look more like a meme the more packages one has to maintain on X number of systems). For me that's a mix of native packages (DEB), Flatpak, and rarely AppImages and compiling from source.

@miyalys 12 күн бұрын

Currently a lot of good work is duplicated across all the different package formats/distros. If something like Flatpak or Nix became more common, instead of 10 maintainers each having to package the same package for each of their distros, they could be working together or each have fewer packages to maintain. As a result perhaps there is more time for spotting security flaws or bugs, and the quality and thus the user experience would improve. The packaging process itself might become a bit more complicated when they're targeting a wider variety of distros, but I'm guessing it would still be a favourable trade-off.

@abdullahzafar4401 5 күн бұрын

Defenders of snaps ... ? Never heard of em ... 😏

@TheLinuxEXP 5 күн бұрын

I'm sure some of them exit somewhere!

@gabrielchuede6688 19 күн бұрын

cool video. i think that sandbox with permissions are better than normal packages in the sense that they have security switches like camera, files etc. but they are not a big deal because most apps wont work without most of permissions on, which inutilizes the security aspect, but its better than nothing. but, conteiners have the other good aspect that is it is easier to mantein for the developer and easier to install for the user. also you can install multiple versions of programs i believe. the advantages of normal packages is that use less disk space and the dependencies are easier to be manteined and updated as you only have to do the work one time, contrary to the flatpak where if the library is in multiple packages every developer would have to update the library. although the normal package approach is not perfect as explained in the video. the good thing is that with Nix like approach you can also have the benefit of having multiple package versions which increases the value of normal packaging. so i think Nix like packaging is the future and is somewhat better than conteiners/flatpak, though flatpak is nice as alternative if not spend that much resources in that

@BernardoHenriquez 18 күн бұрын

Richard Stallman was right

@bertnijhof5413 16 күн бұрын

Apparmor profiles for snaps are generated on the fly at snap install time and re-generated during snap updates from the interface definitions of snapd. Editing them on disk is a rather pointless action.

@talkysassis 10 күн бұрын

To be fair Users don't want safety. The point of those formats was to keep a compiled package working for at least 2 major releases with no need to rebuild

@PaulG.x 19 күн бұрын

Snaps have access to permission selection in the Software Store app (sometimes)

@ExistentialDawn 17 күн бұрын

Is it normal that linux mint flatpack and ubuntu updates come in daily?

@syrefaen 18 күн бұрын

flatseal can manage flatpak persmissions, graphically yes.

@okashiromi5541 18 күн бұрын

Tbh I don't think it's possible to make a package safer than what we have. At the end of the day you can always find a point in the development process where one can inject bad code, and if you paid attention, all the ways the current formats became unsafe nick mentions basically boil down to "the app dev is malicious/made a mistake" or "app is outdated in some way" which, how are you gonna stop it with the package at that point? If you download malware, it's still gonna be malware. The only way to make malware "safe" through packaging is to lock it in a private airtight room without an unlock option. At that point, that format is useless for packaging. Linux formats and apps are safer bc you can audit them. You can independently verify if someone is trustworthy. That's how exploits are caught. Literally, the only reason xz was found is that someone compiled it on their own and noticed an anomaly.

@labonnelambda58 14 күн бұрын

As you say, we can audit our open source codes. What would be safer for Linux is to create a network to share what audit has been done on what (even on what version and what parts of software (we can do partial audit on most critical parts which is better than nothing and less than everything) ) to know how much safer each thing is, and what needs more to be audited (base on how much people use it vs his known audit and his criticality).

@labonnelambda58 14 күн бұрын

Also "verified" is a very misleading name for origine verification. Instead of "verified" or nothing. We should have "Original origine", "Alternative version", or "Unverified origine".

@BaronBSOfficial 19 күн бұрын

F.. all this, that is why I prefer ports and portage.

@skovgaard79 19 күн бұрын

thanks

@danoblue 18 күн бұрын

Very informative, thank you. Still, I've been using Linux for 17 years now and have never had a virus or security-related problem, unlike my experience with Windows..

@niilaheikki 18 күн бұрын

You mean not that you are aware of.

@bennypr0fane 14 күн бұрын

12:12 "this (kernel) version becomes more and more buggy" - To me this wording seems a bit misleading, because it makes it sound like somehow bugs are being *added* to an old version (which kinda doesn't work because changing something would basically make it a new version). A not-so tech-savvy person could entertain the notion that software versions somehow "decay" with age, like hardware (or like humans :-D ). What actually happens is that more and more bugs are getting *discovered* - and thus made public - over time, which is why their list becomes longer, and the potential attack surface - publicly! - increases over time (in some cases though, the publishing of a bug will actually contribute to improving the software's security, provided that bug is fixed swiftly, because before the time of publishing, attackers who knew about the bug, were able to exploit it in secret). It may sound like a nitpick, but I know for a fact that to whoever doesn't undersand software development cycles and security, most statements about security are unintelligible, and they have the weirdest notions about what is "secure" and so on.

@someonerandom704 12 күн бұрын

as an average user who doesn't have the time to look at the source code of everything I use, what do I do?

@cheako91155 18 күн бұрын

I was surprised to learn that to be a maintainer at Debian means to know licensing inside and out, but knowing programming is not needed.

@cheako91155 18 күн бұрын

The rust ecosystem has gone with a redeploy everything "for each application" design, there is shared code but each binary has copies of all it's dependencies internally.

@SaltyNotSweat 18 күн бұрын

Time to run everything as a web app and watch our web traffic 😅

@fuseteam 19 күн бұрын

6:38 distro do however have a security team that does audit the code, debian has one, ubuntu has one, pretty sure fedora has one too Granted this is also true for flatpak and the snap store (tho still unrelated to unverified/verified)

@sparse_array 18 күн бұрын

Good video.

@DryPaperHammerBro 19 күн бұрын

I use LMDE just as a way to install Debian+flatpaks easily, I've since removed cinnamon & replaced it with Trinity

@fuseteam 19 күн бұрын

10:00-10:30 this also applies to snaps

@Anto-kq2ri 18 күн бұрын

Hey nick, could you do a video about parental control on linux?

@tablettablete186 18 күн бұрын

Does it even exist?

@Luzgar 19 күн бұрын

Windows : Here is the .exe in zip archive. (What do you want auto-updates for ?) Linux : Here are the 7 ways you can install different versions of this app, for your kind of distro. (If none of them work, you can always compile it from source.)

@DryPaperHammerBro 19 күн бұрын

Or, here's a self-extracting exe

@SleepTime-Dark 18 күн бұрын

Windows packages is trash. In Linux you should only need your distro package manager and just it.

@lenowoo 18 күн бұрын

Defender of snap. . Wait, who defend snap? 😂

@jorge86rodriguez 19 күн бұрын

except for system packages I really do not see the point of distro packages. They sound good in theory but in practice why distros must invest so much time in maintaining lots of apps? Just the system packages is enough work and it is not like they have a lot of resources.

@roberthunter6927 18 күн бұрын

The picture is not as bleak as this, because "Linux" strides both the FOSS and the commercial sectors. So say you are part of the coders/development team at Red Hat Enterprise Linux for example. Your company wants to sell secure servers and workstations. So you will grab some open source code, and test it out in all sorts of ways. Is it functional, is it secure, is it efficient, and so on? Of course, a full commercial version of Linux won't release the propriety bits of the code to the public. But I don't believe that they "re-invent the whole wheel". What would be the point? People can put back-doors and malicious code into programs for a hundred different reasons. You are never going to prevent that 100%. So let's consider a totally closed code. All you have are the compiled binaries. You can't still do behavioral forensics on what is essentially a black-box. Is the app sending excessive telemetry, and to where? Now imagine that most of the code is based on open source. You not only have the forensics as before, but most of the source code as well. So if you suspect malicious programming, that narrows down your search. For example CentOS behaves pretty much the same as RHEL. The main difference is that you can get support from Red Hat if RHEL breaks, and if CentOS breaks, you have to make your own arrangements. Not selling Red hat, or criticizing it. It is just an example. At the end of the day, total objectivity is hard, if not impossible. All we have, all we can have is inter-subjectivity. I will use a religious example. Suppose a devout Catholic has a vision of the "Virgin Mary". No surprise perhaps, but was it true? Unless you can read the person's brain, you will never find out for sure. But suppose an atheist, a Buddhist, a Jewish person, etc, all claim to see the same vision? You still have not got to absolute proof or disproof, but you DO have something interesting. That is why there is such consensus over stuff like gravity. Nationality, religion, ethnic background, age, gender, etc, etc, it is all a common experience. Gravity could be a "shared delusion" of course, but we do have to take it as "working knowledge", because we don't have any other option. Hard Solipsism [we could all be living in a matrix] is simply absurd, because even if we knew the absolute "truth", it would not change anything.

@judesaju2361 19 күн бұрын

Oh i thought distro packages are safe. Nice explanation 😅

@louise-w54md 17 күн бұрын

Imo the what Mint team said does not sound confusing to me at all. Who knows what an unverified app that a random joe put together might contain. so yes, of course, it is a security risk. We all accept that legit apps can have security flaws, nothing is completely secure, whether it be a flatpak or coming from your distro package manager. This was an L take tbh

@pyepye-io4vu 15 күн бұрын

Yeah, this is just people hating on Mint for the sake of hating on Mint. "Why don't you ditch Ubuntu and go Debian?" "Your distro looks so old and dated" bla bla.

@dan79600 18 күн бұрын

@2:05 the demonisation of community packagers and maintainers (the volunteers who build and maintain all the DEBs, RPMs, etc) is a sad development in Linux. They're not just "randoms" you can't trust. They're very experienced, knowledgeable, and they have an impeccable record. Debian is over 30 years old and all in that time there hasn't been a single instance of a community maintainer deliberately inserting malware into a Debian package. Where malware has been discovered, like the recent xz-utils backdoor, it has always come from upstream. I just don't understand the attitude or where it comes from.

@pyepye-io4vu 17 күн бұрын

Agreed... I am starting to think it's all deliberate. The old neckbeard guys who have been thanklessly doing the hard work for 30+ years are now slowly being pushed out by political activists so they can take over. (Many similar things happening elsewhere too like NixOS) I hope Debian NEVER CHANGES until the end of the universe.

@Thurgenev 19 күн бұрын

There is no controversy on packaging system. There are the old linux users, veterans, with a lifetime of knowledge, who keep using what they have used, trusting on old and solid official projects and maintainers like they always did. And there are the newcomers born from the linux hype in recent years, who know pretty few about anything related to linux, but watch a lot of influencers and blindly repeat what they say to pretend they know more than they actually do. This apparent controversy, which is nothing more than kids noise, also occurs in other subjects such as window managers, text editors, distributions, etc...

@pyepye-io4vu 17 күн бұрын

Exactly... there is nothing wrong with distro packages (sure it's not 100% but nothing is), distro packages worked for 30+ years, still working. I hope they never change. This is what happens when Linux gets popular and more users...

@wallegamecube 18 күн бұрын

my favorite packaging format is whatever the original developers directly publish

@angeldude101 17 күн бұрын

So source tarballs directly cloned from Git?

@TechnoMinded-qp5in 18 күн бұрын

If Wine made everything work like Windows we wouldn't have to worry about it Wine is a Windows subsystem for Linux to make it act like Windows WineHQ needs to try and find a way to combat this I made some of this work with just using Wine its self I might go back to Windows haven't thought about it yet.

@ChellSneed 18 күн бұрын

God bless you, praying for you

@DlxyRekt 19 күн бұрын

Flatpak is king

@PaulG.x 19 күн бұрын

Microsoft Edge: Unverified. Maintained by a known creator of spyware

@Brian2 19 күн бұрын

I wish AppImage was mlre hewvily invested in for Linux. It makes entry level for new Linux users easier. No looking up how to sudo dpkg -i FileName and what each part means for safety. Honestly wish I understood making AppImages to create ones most new users would want en mass. Ah well, even if I did the originals would probably find some reason to complain.

@xrafter 19 күн бұрын

What is the difference between app image and regular elf binaries?

@TheRobbix1206 19 күн бұрын

To be fair it is a mess because you cannot bundle every library you use, most of them can be bundled but the ones interfacing with the host system like x11/wayland library should not be bundled.... making them complicated to make, so the responsibility of the appimage working is fully on the appimage developer.

@DigitalEntity 19 күн бұрын

sooooooo...... windows?

@TheLinuxEXP 19 күн бұрын

Windows has the same issues with their packages and installers :)

@Vitrebenki 19 күн бұрын

Sandboxing can break some functionality due to blocking access to read and execute systems files. So most Flatpak IDE has no access to system libraries and it breaks Linux magic when developers can install needed libraries via package managers. Adding snap/flatpak versions of all possible libraries may solve this issue. But flatpak in its current state doesn't support "library" type of packages. Also, it may break different integrations with the system(like counter of processing files on taskbar icons) due to non-existing or non-configured access/portals/etc.