this post was submitted on 16 Jul 2025
15 points (100.0% liked)

Ubuntu Linux

1970 readers
1 users here now

Linux for Human Beings.

Ubuntu is a popular Linux operating system for PC / mobile devices, etc.

Developed by Canonical & based on Debian (another older Linux OS) which is known for it's rock solid stability.

Ubuntu is trusted everywhere computing by professionals and common users alike.

https://ubuntu.com/

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] that_leaflet@lemmy.world 12 points 1 week ago (3 children)

By far the worst part about Ubuntu is snap. Canonical has failed its community and the wider Linux community with it in so many ways.

For Ubuntu users

  • Canonical replacing working debs with snaps. Whether it be long launch times, missing functionality, or broken. They have addressed such issues, but they should have been fixed before becoming the default.
  • Terrible snap store moderation. Malicious apps have made their way onto the store numerous times. Old abandoned apps are not hidden.

For wider community

  • Broken or incomplete sandboxing on anything not Ubuntu. They not only rely on AppArmor, but also downstream patches. You have no sandbox on distros such as Fedora and OpenSUSE.
  • Canonical has full control of the store.

There are other smaller controversies, like Mir, Unity, and Upstart, but none are as bad as snap.

[–] anotherspinelessdem@lemmy.ml 0 points 1 week ago (2 children)

But how much is anyone forced to use snaps, outside of maybe a few core applications that might define ubuntu? Flatpak can be installed on ubuntu and I'd say most of the important stuff seems to be from the apt repos. Granted that may be an argument for Debian alone but I'm just trying to make sense of it.

Broken or incomplete sandboxing on anything not Ubuntu. They not only rely on AppArmor, but also downstream patches. You have no sandbox on distros such as Fedora and OpenSUSE.

This is a bit outside my zone. Could you please explain this?

[–] that_leaflet@lemmy.world 10 points 1 week ago

I didn't say people were forced to use snap, just that they're the default. But if they're to be made the default, they should be a good experience.

  • A couple years ago they switched Gnome Calculator a preinstalled snap and it had very long launch times despite being such a simple app.
  • Later on they made Firefox a snap (and removed the deb) despite it having long launch times and no native messaging support (used by stuff like password managers).
  • They made a snap version of Steam and pushed it to the stable channel despite it having many known issues. Those using the graphical store only have the option to get the snap version of Steam as the store is snap-only. It took them a while to make games work by removing a bunch of snap's sandboxing for it.

As for the sandboxing stuff. Ubuntu using AppArmor, a Mandatory Access Control (MAC) that is used to make the system more secure by creating profiles used to confine certain pieces of software. If they try to do something the profile doesn't allow them to do, it gets blocked.

Snap uses AppArmor to manage the sandbox of snaps. However, AppArmor isn't the only MAC around. Fedora and OpenSUSE use something else called SELinux, which has a similar purpose. But snap doesn't speak SELinux, it only speaks AppArmor. So none of the fancy AppArmor profiles used to contain snaps actually work on those distros, the sandbox it does have is so weak it's insignificant. Canonical could have addressed this by adding SELinux support to snap, but they haven't, they pretty much only care about Ubuntu and Debian. And as I mentioned before, Ubuntu patches AppArmor to add more functionality. But they have failed to upstream these patches, so only Ubuntu (and maybe Debian?) have access to the strongest sandboxing snap can offer.

On the other hand, flatpak uses bubblewrap to sandbox its applications. Bubblewrap uses standard Linux security features to sandbox apps rather than a specific MAC. That means the flatpak sandbox is strong regardless of which distro you are using. Although it does have some downsides. Flatpak doesn't speak to either MAC, which can be a problem since the MAC can confine the flatpak application more than is expected. For example, OpenSUSE ships some SELinux policies that allows Wine/Proton to function as expected. However, these policies don't get installed when you use Steam or any other launcher as a flatpak. It's something you have to do manually. Meanwhile if flatpak actually talked to the MAC (like snap does with AppArmor), then this wouldn't be a problem.

load more comments (1 replies)
load more comments (1 replies)