255
Oh Snap! Canonical now doing manual reviews for new packages due to scam apps
(www.gamingonlinux.com)
It always takes a disaster before corporations act.
this post was submitted on 31 Mar 2024
255 points (100.0% liked)
Linux
1253 readers
74 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
I can recommend a minty flavored alternative if you're sick of it.
Green Ubuntu is Best Ubuntu
I prefer some POP in my ubuntu, but green is flavorful.
I like it across the road a bit more, you know, the fedora shop
Btw I have no idea why they want to mix Mint with Cinnamon, must taste ugly.
Literally what I'm chewing right now. Its pretty okay.
I should do a "sorting DEs by their taste" meme
I recommend Debian. Why go downstream when you can go upstream?
You mean old Ubuntu?
wanst that the whole damn (stated) point of making it proprietary?
Snap still has users?
Anyone using Ubuntu
People still use Ubuntu?
One of the top most used distros probably
Like Windows, Ubuntu is installed by default on many computers. In my university, all the computers have a dual boot Ubuntu Windows.
Haha in mine they have Ubuntu stickers on them but no Ubuntu to be found.
I do
why?
Still in the process of moving my server from Ubuntu to Debian.
That should be possible by changing the repos, shouldnt it? I will try this in a VM.
Downgrading will be harder than rebasing from Ubuntu LTS to Debian Sid for example. But at the same time I imagine its easier to downgrade from Sid to Stable on the same Distro.
It works for me, and my tinkering times are behind me.
I use it because a class wanted me to either use it in a VM or use WSL but WSL didn't work and I figured it was easier to set up a dual boot than setting up a VM since I've installed Linux quite a few times.
Yes, just not the people who hang out on Linux communities on federated social media.
load more comments
(2 replies)
I use Ubuntu.
Downvotes to the right mocking laughs to my face.
Ubuntu may be good at being semi-stable.
Just run unsnap and experience actually secure apps.
Did you know that Snaps are only sandboxed on Ubuntu with Apparmor? This makes them more versatile than Flatpaks using Bubblewrap (the whole system is sandboxed like that) but will break all sandboxing if systems dont use Apparmor, or dont include all patches.
Why just now? Meanwhile, all Debian packages on their apt repos are reviewed and maintained by Debian.
I've heard all the arguments about how these new packaging formats are supposed to make things easy for developers and for users with different use cases than my own (apparently), but I will continue to avoid them until they have further matured. I'm relieved that this is still possible.
The idea is good I think but the implementation has only ever caused me problems and seems to have a bunch of frustrating edge cases.
I've been using snaps for a few years now and while they still could use some improvements, the snaps I'm currently using seem to be fairly indistinguishable from deb-based packaging thanks to bug fixes they have done over the years. I think the idea of containerized applications is a good one, I think it actually can be safer. Performance is also fine for me with snap applications even like Firefox snap startup speed, although I'm using an R9 5900x and Gen 4 M2 NVMe SSD so maybe that's why, or maybe they really have improved the snap software and it is just as fast now for the most part.
I've had to swap Firefox on my laptop for the deb package, the snap took like 5sec to open, whereas the deb opens instantly. Other than that, i don't see much of a difference, but i run into sandboxing issues quite often (same with flatpak though)
I had a "Save As" issue in Firefox snap where it just wouldn't be able to save pages, but since upgrading to either Ubuntu 20.04 or 22.04 (can't remember which version fixed it), that problem has gone away entirely.
The problem for me is portability. Flatpak, Snap, Appimage, docker, podman, lxc, they all do the same thing, but they’re splitting the market into “servers” and “desktops”.
We need a portable container runtime we can build from a compose file, run cli or gui apps, and migrate to a server with web app capability displaying the UI. There are too many build targets, and too much virtual market segmentation.
Nix tries to solve the issue, but the problem is you have to use Nix.
Maybe adding a proprietary *layer to an open-source OS was a bad idea (for end users)?
How is that not a security theater? , you just need to :
- publish a good snap
- change it to malware after it is approved
- profit
The extra cost added to override this is fairly small, i don't think it will help.
At least this prevents impersonation of well-known publishers or their software. Maybe all changes to metadata like the description should require a manual review even for established packages.
load more comments
(3 replies)
I have this unpopular thought: If I had to choose between Canonical's Snap Store and Apple App Store...
Debian it iz
This
"Neither" is a valid choice, we don't have to use one or the other
If I had to
And why would you have to? Unless it's for work or someone's putting a gun to your head, there will be other options
This
"Neither" is a valid choice, we don't have to use one or the other
load more comments
(1 replies)
This is the best summary I could come up with:
After repeatedly suffering issues with scam apps making it onto the Snap Store, Canonical maker of Ubuntu Linux have now decided to manually look over submissions.
I've covered the issues with the Snap Store a few times now like on March 19th when ten scam crypto apps appeared, got taken down and then reappeared under a different publisher.
Also earlier back in February there was an issue where a user actually lost their wallet as a result of a fake app.
Multiple fake apps were also put up back in October last year as well, so it was a repeating issue that really needed dealing with properly.
So to try and do something about it, Canonical's Holly Hall has posted on their Discourse forum about how "The Store team and other engineering teams within Canonical have been continuously monitoring new snaps that are being registered, to detect potentially malicious actors" and that they will now do manual reviews whenever people try to register "a new snap name".
Hopefully this will begin to put an end to scam apps making it into the Snap Store and onto machines running Ubuntu and any other Linux distribution that enables Snap packages.
The original article contains 238 words, the summary contains 195 words. Saved 18%. I'm a bot and I'm open source!
Can you use snaps with autofs/NFS yet?
Or sandbox Snap apps on systems without the Ubuntu Apparmor patches or even using SELinux?
Then I'll be on the last deb until it no longer works. I'm not going down the proprietary snap route.
Maybe it's just me, but I doubt this will be very effective.
view more: next ›