I didn’t say people were forced to use snap, just that they’re the default. But if they’re to be made the default, they should be a good experience.

• A couple years ago they switched Gnome Calculator a preinstalled snap and it had very long launch times despite being such a simple app.
• Later on they made Firefox a snap (and removed the deb) despite it having long launch times and no native messaging support (used by stuff like password managers).
• They made a snap version of Steam and pushed it to the stable channel despite it having many known issues. Those using the graphical store only have the option to get the snap version of Steam as the store is snap-only. It took them a while to make games work by removing a bunch of snap’s sandboxing for it.

As for the sandboxing stuff. Ubuntu using AppArmor, a Mandatory Access Control (MAC) that is used to make the system more secure by creating profiles used to confine certain pieces of software. If they try to do something the profile doesn’t allow them to do, it gets blocked.

Snap uses AppArmor to manage the sandbox of snaps. However, AppArmor isn’t the only MAC around. Fedora and OpenSUSE use something else called SELinux, which has a similar purpose. But snap doesn’t speak SELinux, it only speaks AppArmor. So none of the fancy AppArmor profiles used to contain snaps actually work on those distros, the sandbox it does have is so weak it’s insignificant. Canonical could have addressed this by adding SELinux support to snap, but they haven’t, they pretty much only care about Ubuntu and Debian. And as I mentioned before, Ubuntu patches AppArmor to add more functionality. But they have failed to upstream these patches, so only Ubuntu (and maybe Debian?) have access to the strongest sandboxing snap can offer.

On the other hand, flatpak uses bubblewrap to sandbox its applications. Bubblewrap uses standard Linux security features to sandbox apps rather than a specific MAC. That means the flatpak sandbox is strong regardless of which distro you are using. Although it does have some downsides. Flatpak doesn’t speak to either MAC, which can be a problem since the MAC can confine the flatpak application more than is expected. For example, OpenSUSE ships some SELinux policies that allows Wine/Proton to function as expected. However, these policies don’t get installed when you use Steam or any other launcher as a flatpak. It’s something you have to do manually. Meanwhile if flatpak actually talked to the MAC (like snap does with AppArmor), then this wouldn’t be a problem.

By far the worst part about Ubuntu is snap. Canonical has failed its community and the wider Linux community with it in so many ways.

For Ubuntu users

• Canonical replacing working debs with snaps. Whether it be long launch times, missing functionality, or broken. They have addressed such issues, but they should have been fixed before becoming the default.
• Terrible snap store moderation. Malicious apps have made their way onto the store numerous times. Old abandoned apps are not hidden.

For wider community

• Broken or incomplete sandboxing on anything not Ubuntu. They not only rely on AppArmor, but also downstream patches. You have no sandbox on distros such as Fedora and OpenSUSE.
• Canonical has full control of the store.

There are other smaller controversies, like Mir, Unity, and Upstart, but none are as bad as snap.

There’s still plenty of inefficiencies to criticize.

• Electron apps bundle an entire browser dedicated just to running the app. That takes up storage space and requires loading multiple instances of electron in memory if you’re running multiple electronic apps. Would be better if these apps could all share the same dynamically linked Chromium instance to run. Web apps are a decent alternative, but can lack desktop integration.
• Rise of interpreted languages like JavaScript, though this is mitigated by JIT compilation.

Canonical fired him: https://discourse.ubuntu.com/u/jbicha/summary

Yup, just another hot fix update. There’s been 4 of them so far this series. 1.21.1, 1.21.3, 1.21.7, and now 1.21.8.

A system that has updated from say Ubuntu 16.04 to 24.04 is different from a system that fresh installed Ubuntu 24.04.

The upgrade process is imperfect. It may keep older software around, old configuration files. Users may also make small tweaks and forget about them.

I remember like a year ago OpenSUSE Tumbleweed broke for users who had old installs. They were using the old networking stack, the upgrade system never migrated them to the newer networking stack. And since OpenSUSE’s test suite was only made up of new installs, the issue wasn’t caught until after it was released.

Fedora Atomic tries to solve this issue. When you update, the entire root filesystem is effectively replaced (the immutable parts anyway). Though it tries not to touch manual changes you make in places like /etc. It does something called a 3 way merge to preserve your changes and does keep better track of them than traditional distros.

I think I had this bug before where I had to change the tty to actually get into the graphical environment.

I used Aeon before, it wasn’t bad. The default apps were better than Fedora Silverblue’s (it had Tweaks preinstalled, didn’t have Firefox installed as an RPM). It uses Distrobox rather than Toolbox, which is nice because Distrobox lets you specify a custom home for each box. Though Distrobox hasn’t seen any development these past few months and their decision to use POSIX compliant shell script seems like a maintenance nightmare. Toolbox uses Go.

But my biggest problem with MicroOS is that I don’t feel like the update mechanism is as robust as Fedora Atomic. At the end of the day, it’s using zypper and btrfs snapshots. It doesn’t have the same protections against configuration drift, you can only rollback to versions of the OS you’ve previously installed (with Fedora Atomic you can rollback to any specific commit, even ones you’ve never installed).

And Fedora Atomic’s bootc is super nice for customizing your image.

Largely the same two sources as you describe.

• Firefox and Chromium
• GrapheneOS Web browsing

The first source mentions a couple of issues, Of those, the only one I see to be fixed is the GPU process not being sandboxed on Windows.

Sorry, meant to say Firefox OS.

Anyways, fixed it.

One thing I don’t like about Firefox is that its security is not great compared to Chromium. It has less sandboxing and weaker sandboxing.

Firefox sandboxing is especially bad on Android and Linux.

They they do make up for it a tiny bit with better support for ad blocking, which lowers the chance of landing on malicious changes.

Though realistically not many people care about security when choosing a browser. They use old versions and resist the prompts to upgrade.

As far as I’m aware, Wayland apps can only “steal” focus by going through the proper channel, the xdg activation protocol.

Or maybe it’s a bug with Gnome 43?

I think you need to use Wayland, focus stealing protection set to strict, and no Xwayland apps. Xwayland apps can bypass the focus stealing protection.

This is at least the third time this has happened. There was also a malicious app that was a cryptocurrency miner.

I don’t know how Canonical can take themselves seriously when it comes to Snap. It’s beyond embarassing. Their near complete lack of moderation has hurt people over and over again.

Heroic is really nice and what I recommend, but the UI is a bit clunky and spread out.

Strange. Discord, ProtonMail, ProtonUp-Qt, and Spotify should all work perfectly. Except maybe some drag and drop issues for Discord and ProtonMail? And Discord’s activity status is blocked from tracking you. What issues did you have specifically?

I can see OpenRGB having issues given that tries to talk to the hardware itself, did you install the udev rules?

Handbrake has access to all your files by default so that shouldn’t be an issue.

What Flatpaks did you have issues with?

I’ve had no issues with the ProtonVPN flatpak on Fedora Silverblue.

The Change proposal has been withdrawn by the author: https://discussion.fedoraproject.org/t/f43-change-proposal-x11libre-system-wide/156330/57

Fortunately this update won’t require additional porting work over 1.21.6. It’s just minor fixes.

I’m not a fan of how they do drops either. Makes updates feel less special, I can barely remember the names of the drops, and makes things more complicated for modders.

I believe some of the other toolbar buttons also stop working.