this post was submitted on 22 Jun 2024
319 points (96.8% liked)

Linux

48692 readers
765 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Imagine your friend that does not know anything about linux, don't you think this would make them not install the firefox flatpak and potentially think that linux is unsafe?

I ask this because I believe we must be careful and make small changes to welcome new users in the future, we have to make them as much comfortable as possible when experimenting with a new O.S

I believe this warning could have a less alarming design, saying something like "This app can use elevated permissions. What does this mean?" with the "What does this mean?" text as a clickable URL that shows the user that this may cause security risks. I mean, is kind of a contradiction to have "verified" on the app and a red warning saying "Potentially unsafe", the user will think "well, should I trust this or not??"

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 6 months ago (1 children)

To be fair, the fact that browsers are allowed to do so much that this warning has to be shown is more an indictment on the current state of browsers (which at this point are almost like installing VMWare and a virtual machine on your computer!) than on something something Firefox or something something Flatpak.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (1 children)

I mean yes, how exactly would you want the web to work? In order for it to be secure we need website code to run in an isolated environment. Modern web browsers have gotten pretty good at this.

Though we say it's a JavaScript Virtual Machine it's not the kind of virtual machine you are thinking of. It just means it's being interpreted in a certain environment rather than compiles code running natively. It's not like a whole OS. Running a web browser in a Virtual Machine is unironically a method to improve security; checkout Qubes OS for an example.

Also the permissions it's asking for aren't that serious. Basically GPU access and download folder access.

[–] [email protected] 0 points 6 months ago* (last edited 6 months ago) (1 children)

I mean yes, how exactly would you want the web to work?

Text and images and hyperlinks; maybe audio and video if you're lucky and you can prove you can be trusted. No such thing as scripting, or if it's allowed, only in a limited manner with no such thing as "eval" and obfuscation and no ability to add or delete nodes from the DOM (or if it's allowed, those nodes must reflect under View Source / CTRL+U). No such things as loading a javascript audioplayer that tries to mix 123456 weird sources, just link me the .m3u direct to the audio stream's .mp3 file, or even better an .opus.

Definitively no DRM.

If any such thing as GPU access is provided it should be to deposit data, not to run code.

[–] [email protected] 0 points 6 months ago

Text and images and hyperlinks; maybe audio and video if you're lucky and you can prove you can be trusted.

Those things still require a GPU to render efficiently.

All the other stuff you talk about don't need a GPU or really any systems permissions at all. So even if the web changes to your twisted view the flatpak would still require the same permissions. All you've just proven is that you don't understand technology.

If any such thing as GPU access is provided it should be to deposit data, not to run code.

You don't know what a GPU is apparently. Regardless the same access is needed for both.

Also you use Lemmy, which requires scripting. Pretty much every online game, shopping website, calculator, and so on require scripting of some kind. Scripting isn't just for bad things like tracking. It makes a lot of cool stuff possible, that you doubtlessly use everyday. As a plus it's generally more secure to use a web app than have a myriad of different programs or applets replace all these different things, as websites are sandboxed. There is a reason JavaScript replaced Flash and Java applets.

You're confusing a technology problem with a society/capitalism problem.