ponysay
flatpak
Our great sponsors
ponysay | flatpak | |
---|---|---|
7 | 431 | |
1,171 | 4,013 | |
- | 1.3% | |
0.0 | 9.0 | |
about 2 months ago | 4 days ago | |
Pony | C | |
GNU General Public License v3.0 only | GNU Lesser General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ponysay
-
Gankra/cargo-mommy: Mommy's here to support you when running cargo~
I run my commands with https://github.com/erkin/ponysay I might need to change.
- what minor tech projects do you absolutely adore?
-
If you were a student, how would you feel about receiving feedback on your code style like this? Just brainstorming some ideas :^)
I was expecting ponysay but what you did is amazingly good too !
flatpak
-
Tools for Linux Distro Hoppers
Hopping from one distro to another with a different package manager might require some time to adapt. Using a package manager that can be installed on most distro is one way to help you get to work faster. Flatpak is one of them; other alternative are Snap, Nix or Homebrew. Flatpak is a good starter, and if you have a bunch of free time, I suggest trying Nix.
-
Podman Desktop 1.6 released: Even more Kubernetes and Containers features
No, it looks like you have to do it on an application basis.
- how strong is the steam (runtime) sandbox for games?
-
Been thinking of switching to linux but I am a noob
Flatpak
- FLaNK Stack Weekly for 20 Nov 2023
-
Flathub – The Linux App Store
> CLI tools do not implement auto-complete themselves. What you are seeing are auto-complete scripts for your shell that make network connections.
nit: This is incorrect. Robust auto-complete scripts call the actual program to provide completions.
That is what Flatpak does. It is Flatpak itself that makes the network connections.
https://github.com/flatpak/flatpak/blob/main/completion/flat...
Not that it would make any differencen if it was implemented in Bash seeing as the Bash script is also provided by Flatpak.
-
Meduza co-founder's phone infected with Pegasus
Not really. Even with modern technologies, the Linux desktop technology stack is very, very far behind when it comes to security.
The Linux kernel itself is a very weak foundation security-wise, the only way Android and ChromeOS get away with it is by using a very small feature set and restricting everything else as much as possible with seccomp, SELinux and heavy sandboxing.
The Linux desktop userland doesn't have meaningful hardening features compared to other platforms (even Windows is ahead, sadly). For example, practically all distros use glibc's memory allocator which has both poor performance and security [1] and their toolchain is based on gcc, with no support for modern compiler security features such as CFI (with the sole exception of Chimera Linux). Not to mention the permission model is completely outdated, like in that xkcd cartoon. Flatpak only mitigates this partially, because the Flatpak sandbox is very weak. The people working on Flatpak are doing their best, but from reading some GitHub issues, it's clear they are badly overworked and not experts on security at all. The person responsible for Flatpak's seccomp sandbox has admitted it isn't even his main responsibility and he doesn't have much knowledge about seccomp and is learning along the way [2]. The Flatpak seccomp filter is based on denylist instead of allowlist, and many dangerous syscalls can't be blocked because many applications rely on it (e.g. Firefox needs ptrace for the crash reporter). You also have to be very careful and use Flatseal (which is not officially supported) to deny permissions such as /home filesystem access, because it lets Flatpak apps override their own permissions by design [3]. And dangerous kernel components like io_uring are exposed [4], while Google disables them on their systems for their exploitation potential.
Here is a more detailed article examining the lack of security of Linux phones in case you're interested: https://madaidans-insecurities.github.io/linux-phones.html
If you want a FOSS-based secure phone, GrapheneOS is the best option.
[1] Check this comment by GrapheneOS founder for some technical details and how it compares to hardened allocators such as Android's Scudo or Graphene's hardened_malloc: https://github.com/NixOS/nixpkgs/issues/90147#issuecomment-6...
[2] https://github.com/flatpak/flatpak/issues/4466#issuecomment-...
-
The technical merits of Wayland are mostly irrelevant
Sensitive features like screenshots, input methods, screen locking and whatnot are behind extensions (or portals). I'm not familiar with the state of GNOME/KDE/Flatpak, but at least on the wlroots side of things it is true that currently these extensions are enabled and accessible by any process that can talk to the Wayland socket (breaking those security benefits, as you say). This is changing with protocols such as security-context that allow a sandbox engine like Flatpak (or your custom scripts) to restrict what features apps can use. (so your browser can't register an input method, or some random app can't lock the screen)
https://gitlab.freedesktop.org/wayland/wayland-protocols/-/m...
-
Modern CSV version 2 is now available
It shouldn't be too complicated to create a package from the provided tarball.
[1]: https://flatpak.org/
- Flutter 3 on Devuan 4: 始め方
What are some alternatives?
steam-runtime - A runtime environment for Steam applications
firejail - Linux namespaces and seccomp-bpf sandbox
Autodesk-Fusion-360-for-Linux - This is a project, where I give you a way to use Autodesk Fusion 360 on Linux!
distrobox - Use any linux distribution inside your terminal. Enable both backward and forward compatibility with software and freedom to use whatever distribution you’re more comfortable with. Mirror available at: https://gitlab.com/89luca89/distrobox
nix-gui - Use NixOS Without Coding
com.valvesoftware.Steam
nix - Nix, the purely functional package manager
protontricks - A wrapper that does winetricks things for Proton enabled games, requires Winetricks.
bubblewrap - Low-level unprivileged sandboxing tool used by Flatpak and similar projects
flathub - Issue tracker and new submissions
Proton - Compatibility tool for Steam Play based on Wine and additional components
steam-for-linux - Issue tracking for the Steam for Linux beta client