undefined | Better HN

0 points_cenw3y ago0 comments

Do you use an IDE, and if so, which?

Last I checked Flathub shipped with VSCode and IntelliJ, despite both having major broken parts. The VSCode workaround back when I tried Silverblue was to run sshd inside toolbox and remote Flatpak VSCode into it. It was definitely not a frictionless experience. And IntelliJ having the terminal and debugging broken removes most of the useful parts of the IDE for me.

0 comments

4 comments · 2 top-level

AnIdiotOnTheNet3y ago· 2 in thread

Yeah, Flatpak has some kind of hangup about the idea that some tools need actually real full access to the system. Wireshark is similarly useless because you can't actually capture packets with it.

It is really strange that both this and "it's totally ok for packages to set their own security defaults" are true in Flatpak land.

bogwog3y ago

If Linux starts attracting commercial development and we see an influx of new apps, wouldn't you feel safe knowing that the ones you install as flatpaks aren't allowed to capture packets on your system?

Wireshark is a tool more in the realm of development/sysadminry, whereas flatpaks are designed for more traditional apps, like Discord or Firefox.

I wouldn't want my development tools to come from flatpaks even if they had full access to the system, because I wouldn't have control over dependencies. Traditional system package managers are a better fit for that, and on Silverblue you have Toolbox for that.

AnIdiotOnTheNet3y ago

> If Linux starts attracting commercial development and we see an influx of new apps, wouldn't you feel safe knowing that the ones you install as flatpaks aren't allowed to capture packets on your system?

See, here's the problem with letting packages determine their own defaults. I want the ability to give a Flatpak those permissions, not that they be able to give them to themselves. As it is, Flatpaks can give themselves permission to $HOME without ever notifying me, which I think is just as silly.

In my opinion, Flatpak should support a user-definable default permissions template that says "always permit", "always deny", and "don't care" for any given permission.

> you have Toolbox for that

Actually I agree that when it comes to these collections of software to build an "environment" something like toolbox/distrobox is a better fit. I have my issues with both[0], but the base concept is sound.

[0] For instance: why is podman required? The container functionality required is built into the kernel and podman has a lot of features that are entirely unused. Even bubblewrap has all that's needed and it is included anyway because of Flatpak. I will probably end up writing my own replacement for these tools.

bogwog3y ago

I use Sublime Text, but I’ve also used VSCode, as well as a lot of other similar editors. I haven’t had a reason to use IntelliJ, but I’m sure it would work the same way.

Using development tools as a flatpak is usually not a good idea for many reasons. That’s why Silverblue ships with Toolbox (https://docs.fedoraproject.org/en-US/fedora-silverblue/toolb...).

Flatpaks are kind of like Android APKs, except unlike Android, there’s actually an operating system worth interacting with. An IDE on Android usually needs to include all of the tools it needs. A flatpak is the same, except that’s hard to get right for every development setup, so a toolbox just lets you do whatever you want with it. They’re podman containers with extra features to integrate with the host.

I have all of my development tools installed in a single toolbox, and have .desktop files for the GUI ones so that I can launch them from the KDE app menu as if they were regular apps. With this setup I can use e.g. clangd with the LSP plugin in Sublime Text, execute CMake, use the embedded terminal (Terminus), or the debugger plugin with lldb.

j / k navigate · click thread line to collapse

0 comments

4 comments · 2 top-level

AnIdiotOnTheNet3y ago· 2 in thread

Yeah, Flatpak has some kind of hangup about the idea that some tools need actually real full access to the system. Wireshark is similarly useless because you can't actually capture packets with it.

It is really strange that both this and "it's totally ok for packages to set their own security defaults" are true in Flatpak land.

bogwog3y ago

Wireshark is a tool more in the realm of development/sysadminry, whereas flatpaks are designed for more traditional apps, like Discord or Firefox.

AnIdiotOnTheNet3y ago

In my opinion, Flatpak should support a user-definable default permissions template that says "always permit", "always deny", and "don't care" for any given permission.

> you have Toolbox for that

bogwog3y ago

I use Sublime Text, but I’ve also used VSCode, as well as a lot of other similar editors. I haven’t had a reason to use IntelliJ, but I’m sure it would work the same way.

Using development tools as a flatpak is usually not a good idea for many reasons. That’s why Silverblue ships with Toolbox (https://docs.fedoraproject.org/en-US/fedora-silverblue/toolb...).

j / k navigate · click thread line to collapse