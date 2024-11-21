from the bloat dept.
Deploying apps for the Linux desktop is hard. A major problem has historically been library compatibility. Different Linux distributions, and even different versions of the same distribution, have had incompatible libraries. Unfortunately, there hasn't always been a culture of backwards compatibility on the Linux desktop.
This is finally changing. The stability of the Linux desktop has dramatically improved in recent years. Core library developers are finally seeing the benefits of maintaining compatibility. Despite this, many developers are not interested in depending on a stable base of libraries for binary software. Instead, they have decided to ignore and override almost all libraries pre-installed on the user's system.
The current solutions involve packaging entire alternate runtimes in containerized environments. Flatpak, Snap, AppImage, Docker, and Steam: these all provide an app packaging mechanism that replaces most or all of the system's runtime libraries, and they now all use containerization to accomplish this.
Flatpak calls itself "the future of application distribution". I am not a fan. I'm going to outline here some of the technical, security and usability problems with Flatpak and others. I'll try to avoid addressing "fixable" problems (like theming) and instead focus on fundamental problems inherent in their design. I aim to convince you that these are not the future of desktop Linux apps.
Suppose you want to make a simple calculator app. How big should the download be?
At the time of this writing, the latest KCalc AppImage (if you can even figure out how to download it) is 152 MB. For a calculator.
This is uncompetitive with Windows on its face. If I ship an app for Windows I don't have to include the entire Win32 or .NET runtimes with my app. I just use what's already on the user's system.
Other solutions like Flatpak or Steam download the runtime separately. Your app metadata specifies what runtime it wants to use and a service downloads it and runs your app against it.
So how big are these runtimes? On a fresh machine, install KCalc from Flathub. You're looking at a nearly 900 MB download to get your first runtime. For a calculator.
[...] Snap and Flatpak in their current incarnations have been around for at least five years. AppImage, Steam and Docker have been around even longer. None of the above is new. The problems with alternate runtimes were known from the very beginning, yet little progress has been made in fixing them. I don't believe these are growing pains of a new technology. These are fundamental problems that are mostly not fixable.
All of these technologies are essentially building an entire OS on top of another OS just to avoid the challenges of backwards compatibility. In doing so, they create far more problems than they solve. Problems of compatibility are best solved by the OS, the real one, not some containerized bastardization on top. We need to make apps that run natively, that use the system libraries as much as possible. We need to drastically simplify everything if we have any hope of attracting proprietary software to Linux.
(Score: 3, Funny) by Frigatebird on Wednesday November 24, @11:58PM
Why would we want to do this? They can just distribute the source files, and everyone can compile for their own system. Do you have a problem with tarballs?
(Score: 2) by Subsentient on Thursday November 25, @12:11AM (1 child)
I hate Snap and Flatpak and all that containerized shit. If you're that paranoid about the software you're running, you shouldn't be running it at all. If you need to distribute a proprietary program on Linux, let me tell you how I personally prefer you do it.
1. Install all required shared libraries into a folder with your executable.
2. Make a shell script launcher that does this:
3. Make it into a tarball, and give me the tarball.
4. Profit!
(Score: 2) by bart9h on Thursday November 25, @12:55AM
That is exactly what Firefox does.
I mean, if you download the binary from their page, instead of installing your distribution package.
(Score: 0, Disagree) by Anonymous Coward on Thursday November 25, @12:12AM
"...if we have any hope of attracting proprietary software to Linux."
No thank you. Also the author forgot the GNU part, and how GNU/Linux is built on top of the free software movement.
And it's a question of numbers, proprietary software follows the money. No business in their right mind would invest in an OS with 2.5% of usage share.
Regarding the "containerized bastardization" I would rather have an option, even if that means downloading something containerized, than no option at all.
(Score: 2) by krishnoid on Thursday November 25, @12:27AM
Space and memory usage aren't the problems that need solving as much as the user interface [microsoft.com] ones. At least the existence of guidelines for
would be very, very helpful.
If something uses more space, but provides a user interface that you don't have to relearn each time you move to a new app, wouldn't that be worth it? Fewer apps, which at least guarantee that an agreed-upon programmer/user interface would be available as *an* option (even if not the default) for a subset of the functionality, would probably be better than noodling around on how applications are installed and distributed.
(Score: 2, Disagree) by VLM on Thursday November 25, @12:52AM
The future (well, really the past starting decades ago) is SaaS delivered to web browsers.
Why would I run kcalc locally?
"Alexa what is 2 plus 2"
or type it into google search, or wolfram alpha, or ask siri, or run the calculator on my phone, or run the superior keyboard physical calculator on my desk, or I always have a bash shell open on my desk so run gnu octave or dc CLI calc or ...
Why would I simulate a handheld calculator on my desktop on my PC?
I've been using google docs for office purposes for years, and its all my kids know due to school. I've been doing CAD on onshape for years.
With enormous effort we might be able to replicate the 1984 mac desktop GUI, but in 2021 who cares, I'm using web apps on my chromebook.
(Score: 0) by Anonymous Coward on Thursday November 25, @01:06AM
Yes, the packaged virtual systems are big and ugly. They promise security that they don't (and generally can't) deliver, they are a pain in the butt to update and they don't deal well with constrained hardware interfaces.
These things are all true, but doesn't reflect properly that they are a reaction to the environment in which they are developed. Weird library incompatibilities or infrequent bugs are an old story, simply because APIs are moving targets and even if you have the source code you're relying on an assumption that the API itself isn't subtly changing - not at all a safe assumption.
All this is really a reflection of the fact that we need looser code interfaces, not tighter. We need versioned APIs delivered by code so that we can actually interrogate and report on available functions, rather than dynamically loading libraries that we hope and pray will do the right job in the expected way. We could even use limited-function shims for untrusted code, and apply the fundamentals of key-based security to them.
But that would require rethinking of operating systems, and the barely adequate is the enemy of the lukewarm good, let alone perfect.