The section on microservices was an uncomfortable but cathartic read. We’re getting edicts from above that we need to go all in on microservices for new modules, and I’ve been trying (unsuccessfully) to steer us away from it for exactly the reasons the article outlines.
All I get in response is “we’ll just (it’s always “just”) solve that with <insert expensive AWS service here>”. No-one seems to acknowledge that that only makes things more complex.
Ugh, totally this. Upgrading Ubuntu to 21.04 broke IntelliJ's Chromium debugger because chromium moved from apt to snap (DESPITE installing it through apt!) with the extra sandboxing rules.
The proprietary nature of snap and being unable to install alternative sources without partnering with Canonical/uploading a public package drives me mad.
I've upgraded my desktop install from 16.04 all the way to 21.04 without any issues and I plan on upgrading to 21.10 later this week. However, the moment the setup collapses, I'm moving to something Arch-based. I don't want to deal with snaps and the snap problem is only going to get worse as time moves on. If the snap package manager was completely open source and had self-hostable repositories, I'd consider staying, but right now I might as well use the Windows Store/winget if only the client's source is open and alternate package sources are decidedly not a supported use case.
I've heard good stories about EndeavourOS and my laptop is already running Manjaro. I've got a feeling I might be switching to one of those before the next Ubuntu LTS.
Had been with Ubuntu for so long but some problems with snaps finally drove me away from it. For now, I'm using Mint due to familiarity without snaps but flirted with "user friendly" Arch derivatives (had problems with both) and NixOS (got tired of specializing in a programming language just to use my OS and ran into some problems I couldn't find a solution to.)
If you want to solve security, portability, and distribution in proper way, you will end with something similar.
Security: Snap are running in sandbox by default and have proper support for system permissions. They are installed in user home directory. There is central store that allow for reporting and regularly perform security scanning.
Portability: Snaps works on most distros. They allow building once and distribute everywhere model. You no longer need to build multiple packages for every package manager in universe. They make building software for Linux easy[1]. I remember doing rpm to deb conversion, installing from source and running stuff in VM/docker.
Distribution. Most distros do not accept proprietary apps. Most importantly, you are no longer at the mercy of distro maintainers deciding when you can release your own software. Because your snaps are portable, your users will get updates even if they are on an older distro. Hopefully no more PPA hell that can brick your system.
The sandbox doesn't work on any distros that aren't using the latest AppArmor, such as Fedora and derivatives.
Flatpak tries to solve the same problem at least for desktop apps, but with a few key differences:
- The sandbox is implemented entirely using user namespaces, not using Apparmor or Selinux, hence works on basically any modern distro.
- The user remains firmly in the driver's seat in terms of when applications get updated. Yes, you can enable automatic updates, but unlike with snaps, you can also opt out.
I've written this comment several times, but it basically spams your system folders, mounts, daemons, and more. Integration is clumsy and poor. It doesn't give much ability to configure it either. Canonical just doesn't have the human-enginering chops/resources to polish all the rough edges. Sorta reminds me of docker, good ideas, middle-brow execution.
Add in poor startup performance, and I removed it. Replaced Chromium snap with a PPA, which was faster and 10x less intrusive.
It's been a while since I evaluated them all since I'm a Nix user so my portability needs are met already, and it seems like the sandboxing stuff is still getting worked out, but my impression the last time I looked was that Flatpak was better thought out.
The mountpoints thing seems very minor and cosmetic to me, though.
I guess it sucks to be surprised by something that's only kind of okay.
Just gave Snap another try last night and I was astonished at the slowness (both for package installation and program startup times)
can't really think of a single thing about the experience that I liked, and it even seemed bad compared to other container systems, like Docker and Flatpak
There was a recent submission with some good examples: https://news.ycombinator.com/item?id=46223882
reply