Flatpak and Snaps aren't destined for graveyard of failed Linux tech yet

Independence from distros


The world of Linux has long been divided into tribes, or distros as we called them. But what actually makes a distro? The packages it uses? The people who put those packages together? The philosophy behind the choices the people who put the packages together make? The question of what makes a distro is actually very difficult on to answer and it's about to get even more difficult.

There's a change coming to the world of Linux that's potentially big enough to make us rethink what a distro is and how it works. That change is Ubuntu's Snap packages and the parallel effort dubbed Flatpaks.

While these two projects differ in the details, for the purposes of this article I'll consider them the same thing and use the terms interchangeably.

If you're even remotely up to speed with trends in server computing you'll have heard of containers. Snaps and Flatpaks are more or less the desktop versions.

Whether a package is a Snap or Flatpak, there are few common things that make it significantly different than the packages your distro provides. For one thing, your distro doesn't provide it. A Snap package comes straight from the developer of the application itself. Your distro may put some Snap packages in its repositories so the installation experience may be the same, but behind the scenes the way Snaps are packaged, installed and run is very different.

While there's still some polishing needed in most distros' current implementations of Snap packages that I've used, for the most part the experience from the user's point of view is pretty much the same as any other software. However, installing Snaps by searching your distro's repositories is probably the least interesting way to install them.

Where Snaps and Flatpaks excel is applications outside your distribution's repos. Consider Firefox Developer Edition: very few, if any, distros have it available in their repos, which means if you want to run Mozilla's browser you'll have to install and manage it separately.

There are a variety of ways to do this: Ubuntu has .deb files, Arch has the AUR, and you could always compile it yourself. The problem is that Firefox Developer Edition updates almost daily. Package maintainers – the people creating those .deb files or packaging them up for the AUR – have to update their packages.

Install Firefox Developer Edition as a Flatpak package (currently that's unofficial, maintained by Fedora and Red Hat developers) and all of a sudden you're directly tied to Mozilla's updates. So far Mozilla hasn't produced an official Developer Edition Flatpak or Snap, but the company does plan to do it for Firefox itself and Snaps provide a means to switch to beta/dev "channels" of a packaged app.

A Snap/Flatpak version of Firefox has two huge advantages over the distro-based version of Firefox. First, updates come faster from a single source, which makes for better security and eases distro package maintainers' workload. Second, Mozilla can continue to provide updates well past the point that Ubuntu or Fedora might want to.

Faster updates and eliminating the distro middleman are just two advantages of Flatpaks, though. Perhaps the even bigger advantage – especially with software like web browsers – is the security sandboxing.

Flatpaks/Snaps have much more limited access to your operating system than traditional apps. Sometimes this means not all features of an app are currently available in the Flatpak/Snap version, as is currently the case with the Snap version of LibreOffice, but as the platform matures expect those issues to be ironed out.

So what's the current experience of using Flatpaks/Snaps like? I've been using the unofficial version of Firefox Developer Edition for quite some time now and am happy to report that it's much easier to update than even the AUR-based version I used previously. A single command that I put in a cron task updates my browser every night without me needing to every think about it. I always have the latest release and I don't have to do anything to get it. My only gripe is that the unofficial version requires installing a bunch of GNOME dependencies I don't otherwise need.

I also run the Flatpak versions of LibreOffice, Inkscape and Blender. All three are indistinguishable from the distro versions I used previously. I don't need the features in LibreOffice that currently aren't supported in the Flatpak version so I don't have any issues there, but be sure to double check the known issues before you try it out.

If they're indistinguishable from the distro versions, why bother? Well, since a lot of what I do with LibreOffice is open other people's documents, I like the sandboxing – which admittedly has some bugs, but is probably, at least under Wayland, more secure than a packaged version.

The other reason I've embraced Flatpaks is I believe they're the future of Linux software distribution.

While it's true that the history of computing is littered with examples of failed write-once, run-anywhere software, Flatpak and Snaps really aren't that. They do simplify developers' lives by making it easier to package apps independently of distros, but that's as far into the dangerous run-anywhere territory as they get.

I don't think that distros will disappear as a result of Flatpaks/Snaps, but I do think that the division between rolling release distros like Arch and conservative distros like Debian will be less important.

The kernel itself isn't going to be a Flatpak any time soon, but if you're using Arch for the reasons I am – to get the latest versions of Userland software in a sane way – then Flatpaks accomplish the same thing without the need to run bleeding-edge kernels. ®


Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022