An interesting article regarding some Ubuntu snap packages
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
An interesting article regarding some Ubuntu snap packages
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
- absque fenestris
- Level 12
- Posts: 4110
- Joined: Sat Nov 12, 2016 8:42 pm
- Location: Confoederatio Helvetica
Re: An interesting article regarding some Ubuntu snap packages
myfirstferrari@protonmail.com and if it's the right name. Brilliant.
- AZgl1800
- Level 20
- Posts: 11171
- Joined: Thu Dec 31, 2015 3:20 am
- Location: Oklahoma where the wind comes Sweeping down the Plains
- Contact:
Re: An interesting article regarding some Ubuntu snap packages
since it asked for opinions, my Opinion is to stay the hell away from that 'store' as it is obviously infiltrated by trash uploaders.
no one monitoring it? bye bye
no one monitoring it? bye bye
- absque fenestris
- Level 12
- Posts: 4110
- Joined: Sat Nov 12, 2016 8:42 pm
- Location: Confoederatio Helvetica
Re: An interesting article regarding some Ubuntu snap packages
Here, too, good marketing is called for.
Malware? Nonsense - participate in the incomparable Bitcoin community...
Malware? Nonsense - participate in the incomparable Bitcoin community...
Re: An interesting article regarding some Ubuntu snap packages
The same as goes for Snaps goes for PPAs, Flatpaks, AppStream packages and more: do you trust the persons that compiled and packaged the software for you? Are they officially associated with the project? (as developers, or have the developers named them as official maintainers on their website) Or are they active and visible in the wider free software community? The answer to all of this for Nicolas Tomb is a resounding "no".
This goes back to the article Maintainers Matter that we discussed here 2 years ago. Criticizing the "Cult of App":
This goes back to the article Maintainers Matter that we discussed here 2 years ago. Criticizing the "Cult of App":
Been there, done that, and now we have another warning about why we should establish trust before installing something from outside the repositories.App Stores have been a nearly unmitigated disaster for users. Supposedly one of Linux's failings is that there is too much pointless choice, too many K and G versions of things and it divides developer efforts. Why have so many window managers and text editors? App Stores have the same problem. With the traditional FOSS model, there are a hundred different programs and each program is missing a different feature. In the App Store, there are a hundred different programs doing the same thing but each screws the user over in a slightly different way. Spying? Ads? Battery sucking rookie mistakes? Battery sucking bitcoin mining botfarm? Take your pick.
Re: An interesting article regarding some Ubuntu snap packages
The right name/address is probably flatpak@lists.freedesktop.org...absque fenestris wrote: ⤴Sat May 12, 2018 8:30 pm myfirstferrari@protonmail.com and if it's the right name. Brilliant.
Re: An interesting article regarding some Ubuntu snap packages
You're floating the theory that a Flatpak developer published a Snap package with a bitcoin miner to discredit Snaps? While the same lack of governance (by design) on Snaps holds for Flatpaks and the like? Hope you're trying to be funny because that is some next level tin foil hatting.
Re: An interesting article regarding some Ubuntu snap packages
I wasn't being completely serious no -- but still a bit. Note that this reflects mostly on the snap store rather than the format; the (more) central snap store is the thing that reaction to snaps from the flatpak community has indeed concentrated on. Quoting the article,
Even disregarding the specific matter of this reflecting more on stores than format, assuming that "the general public" would not simply rally around anti-Snap sentiment in response to something like this without paying much attention to technical detail is probably too much to ask for. Just wait for an article like that to hit The Register, say.
Snap/Flatpak-like infrastructure is what I personally believe to be the probably best -- or only, or last -- chance Linux systems have on the consumer desktop. Which one gets to lead is in that view quite important for Ubuntu and, primarily, RedHat. Heck, some "community member" who agrees with me on the importance of the infrastructure may have taken it upon his or her confused self to unite the landscape around just one solution; to help kill Snap.
No, no flatpak developer and any of this certainly amounts to conspiracy generally -- but I am afraid I would not so much categorize it as "next level". Plain tin foil hatting at best -- and honestly a bit less than that. This happens right at the start of the infrastructure being deployed? Before the miner could even expect to realistically infect a to the culprit relevant number of systems? Quite possible. But I would in fact say he or she may also have had some ulterior motive without considering myself to be part of general conspiracy theorists.
which as far as I can see is indeed the case: https://docs.snapcraft.io/build-snaps/publish. In contrast the corresponding page for Flathub, https://github.com/flathub/flathub/wiki/App-Submission explicitly mentions human review (and yes, I know Flathub is as a matter of design less central, but do note the only flatpak source to come with for example Mint 18 in practice).How was this possible? Well, the Ubuntu Snap Store allows anyone to upload snap packages, as opposed to packages (deb) available in the official Ubuntu repositories. The reason for this is to provide more easily installable packages to its users.
Even disregarding the specific matter of this reflecting more on stores than format, assuming that "the general public" would not simply rally around anti-Snap sentiment in response to something like this without paying much attention to technical detail is probably too much to ask for. Just wait for an article like that to hit The Register, say.
Snap/Flatpak-like infrastructure is what I personally believe to be the probably best -- or only, or last -- chance Linux systems have on the consumer desktop. Which one gets to lead is in that view quite important for Ubuntu and, primarily, RedHat. Heck, some "community member" who agrees with me on the importance of the infrastructure may have taken it upon his or her confused self to unite the landscape around just one solution; to help kill Snap.
No, no flatpak developer and any of this certainly amounts to conspiracy generally -- but I am afraid I would not so much categorize it as "next level". Plain tin foil hatting at best -- and honestly a bit less than that. This happens right at the start of the infrastructure being deployed? Before the miner could even expect to realistically infect a to the culprit relevant number of systems? Quite possible. But I would in fact say he or she may also have had some ulterior motive without considering myself to be part of general conspiracy theorists.
Re: An interesting article regarding some Ubuntu snap packages
The question is, if this technology of packages will affect the main system or for example if an auto update of an app like browser will cause big problem without to easily revert to a previous good state.
Off course, the technology of the computers goes towards to be able for self repairing and the interfere of the people to be as less as possible.
Off course, the technology of the computers goes towards to be able for self repairing and the interfere of the people to be as less as possible.
Re: An interesting article regarding some Ubuntu snap packages
+1. ANd that's saying something here.xenopeek wrote: ⤴Sun May 13, 2018 5:05 am You're floating the theory that a Flatpak developer published a Snap package with a bitcoin miner to discredit Snaps? While the same lack of governance (by design) on Snaps holds for Flatpaks and the like? Hope you're trying to be funny because that is some next level tin foil hatting.
For every complex problem there is an answer that is clear, simple, and wrong - H. L. Mencken
- absque fenestris
- Level 12
- Posts: 4110
- Joined: Sat Nov 12, 2016 8:42 pm
- Location: Confoederatio Helvetica
Re: An interesting article regarding some Ubuntu snap packages
The chosen name is really clever. To see what Google says about Tombs & Niclases...rene wrote: ⤴Sun May 13, 2018 4:54 amThe right name/address is probably flatpak@lists.freedesktop.org...absque fenestris wrote: ⤴Sat May 12, 2018 8:30 pm myfirstferrari@protonmail.com and if it's the right name. Brilliant.
Well - enemy images are there to dismantle them. Maybe on a more serious substructure
Re: An interesting article regarding some Ubuntu snap packages
Updated article to the OP ... https://blog.ubuntu.com/2018/05/15/trus ... snap-store (2018/05/15/trust-and-security-in-the-snap-store)
Open or hidden coin-miners inside free apps/programs/software are very much like botnets, ie the surreptitious use of victims' computer resources. They should be considered as malware and illegal. ... https://www.zdnet.com/article/brutal-cr ... iscovered/ (WinstarNssmMiner not only leeches your processing power but will maliciously crash your system if you attempt to remove it.)
....... But I do not mind the display of ads inside free apps/programs/software or the collection of aggregated anonymized user-data for sale to marketers, researchers, etc. I believe many others feel the same.
I believe most LM newbies and average users prefer ...
Seems, Ubuntu's Snap apps is nothing but a copy of Google's malware-infested apps from Android Play Store, similar to Firefox 57+'s web-extensions being a copy of Chrome's.
Open or hidden coin-miners inside free apps/programs/software are very much like botnets, ie the surreptitious use of victims' computer resources. They should be considered as malware and illegal. ... https://www.zdnet.com/article/brutal-cr ... iscovered/ (WinstarNssmMiner not only leeches your processing power but will maliciously crash your system if you attempt to remove it.)
....... But I do not mind the display of ads inside free apps/programs/software or the collection of aggregated anonymized user-data for sale to marketers, researchers, etc. I believe many others feel the same.
I believe most LM newbies and average users prefer ...
with the newbies only needing to verify untrusted software from 3rd-party PPAs, eg Google Chrome is easily verifiable as trusted by newbies.In the classic Ubuntu repositories, we have the great privilege to work only with software built on trusted infrastructure, from source. That has obvious advantages but also requires a very long time for new bits to show up for millions of users.
Seems, Ubuntu's Snap apps is nothing but a copy of Google's malware-infested apps from Android Play Store, similar to Firefox 57+'s web-extensions being a copy of Chrome's.
Last edited by michael louwe on Fri May 18, 2018 2:56 am, edited 1 time in total.
Re: An interesting article regarding some Ubuntu snap packages
https://blog.ubuntu.com/2018/05/15/trus ... snap-storeEvil, naive or interesting?
The first question worth asking, in this case, is whether the publisher was in fact doing anything wrong, considering that mining cryptocurrency is not illegal or unethical by itself.
God help us if that is the sort of reasoning and standard Ubuntu uses going forward with Snaps!
Re: An interesting article regarding some Ubuntu snap packages
A somewhat longer quote has:KBD47 wrote: ⤴Thu May 17, 2018 7:05 pmhttps://blog.ubuntu.com/2018/05/15/trus ... snap-storeEvil, naive or interesting?
The first question worth asking, in this case, is whether the publisher was in fact doing anything wrong, considering that mining cryptocurrency is not illegal or unethical by itself.
God help us if that is the sort of reasoning and standard Ubuntu uses going forward with Snaps!
Does the added emphasis (by me) and longer quote make the "reasoning and standard" clearer?The first question worth asking, in this case, is whether the publisher was in fact doing anything wrong, considering that mining cryptocurrency is not illegal or unethical by itself.
That perspective was indeed taken by the publisher in question here, who informed us that the goal was to monetise software published under licenses that allow it, unaware of the social or technical consequences. The publisher offered to stop doing that once contacted.
Of course, it is misleading if there is no indication of the secondary purpose of the application. That’s in fact why the application was taken down in the store. There are no rules against mining cryptocurrencies, but misleading users is a problem.
Re: An interesting article regarding some Ubuntu snap packages
https://www.zdnet.com/article/brutal-cr ... iscovered/ (Brutal cryptocurrency mining malware crashes your PC when discovered - WinstarNssmMiner not only leeches your processing power but will maliciously crash your system if you attempt to remove it.)
- Pjotr
- Level 24
- Posts: 20072
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland) 🇳🇱
- Contact:
Re: An interesting article regarding some Ubuntu snap packages
The question arises: should Flatpaks have such a prominent place in Software Manager, nearly indistinguishable from "ordinary" applications? Would it perhaps be a good idea to show a warning / caution for Flatpaks?
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: An interesting article regarding some Ubuntu snap packages
Good point.
Yes. I don't want anything on my machine auto-updating without my knowledge. I prefer to do, and see my updates. This is not Windows after all
My choice would be to avoid flatpaks and snaps altogether. The normal packaging methods have served Linux well for 20 years, let's not throw out a tried and true and secure packaging method.
Re: An interesting article regarding some Ubuntu snap packages
Linux Mint 19's Software Manager should show more information on Flatpaks, like their version. Other work was being done but I can't recall if the update mechanism was changed.
On Linux Mint 18.3 you can always remove the flathub repository with:
If you later want to add it back you can use:
On Linux Mint 18.3 you can always remove the flathub repository with:
flatpak remote-delete flathub
If you later want to add it back you can use:
flatpak remote-add flathub https://flathub.org/repo/flathub.flatpakrepo
Re: An interesting article regarding some Ubuntu snap packages
xenopeek, thanks for that info!xenopeek wrote: ⤴Fri May 18, 2018 12:40 pm Linux Mint 19's Software Manager should show more information on Flatpaks, like their version. Other work was being done but I can't recall if the update mechanism was changed.
On Linux Mint 18.3 you can always remove the flathub repository with:
flatpak remote-delete flathub
If you later want to add it back you can use:
flatpak remote-add flathub https://flathub.org/repo/flathub.flatpakrepo