[01:46] <lotuspsychje> good morning
[06:40] <ducasse> morn
[06:41] <marcoagpinto> morn
[06:42] <ducasse> hi marcoagpinto \o
[06:42] <marcoagpinto> :)
[06:42] <marcoagpinto> I had to order printing paper from Amazon DE
[06:42] <ducasse> what are you up to?
[06:43] <marcoagpinto> it is out of stock here in Portugal
[06:43] <ducasse> oh wow
[06:44] <marcoagpinto> for the price I paid it should be "gold paper"
[06:44] <marcoagpinto> :(
[06:46] <ducasse> i bought a pack of 500 sheets years ago, finally running low now
[06:48] <ducasse> i print very little though, mostly manuals or reference materials
[06:52] <marcoagpinto> well, ducasse, I could order from Amazon ES (Spain) but I noticed that they also sell 100 sheets instead of 500
[06:52] <marcoagpinto> and in most cases I am not sure if the item is 100 sheets or 500, so I can't risk
[06:53] <marcoagpinto> I look at the photo and it doesn't appear there the number of sheets
[06:53] <marcoagpinto> in Portugal they are 500 sheets
[06:53] <ducasse> they're almost all 500 here
[06:53] <marcoagpinto> here too
[06:53] <marcoagpinto> :)
[06:53] <ducasse> or boxes of 2500
[06:53] <marcoagpinto> yes
[06:54] <marcoagpinto> but the damn Amazon ES sells a lot of 100 sheets
[06:54] <marcoagpinto> I didn't know that even existed
[06:54] <marcoagpinto> except for some special papers
[06:54] <marcoagpinto> like 200 gr or 120 gr, I can't remember
[06:55] <marcoagpinto> I am not going to pay 20 or 30 EUR for paper and when it arrives is 100 sheets
[06:55] <marcoagpinto> ahhh... 20 or 30 EUR of postage costs
[06:55] <marcoagpinto> :)
[06:55] <marcoagpinto> sorry... it is postage costs
[06:56] <marcoagpinto> the paper costs 5 EUR
[06:56] <marcoagpinto> :)
[06:56] <marcoagpinto> but the question is if it is 100 sheets or 500
[06:59] <ducasse> i should buy paper too, i'm almost out
[06:59] <ducasse> i have some documentation i need to print
[09:30] <ogra> mort, lets take it here, lets not spam #ubuntu with non-support stuff
[09:30] <mort> is there anything more to discuss
[09:31] <ogra> dunno, you seem to base your snap experience on a few desktop test packages we added to the image to collect info about issues ... you cant really judge server snaps based on that 
[09:32] <mort> I base my snap experience on my snap experience, which is mainly the snap packages you force down my throat
[09:32] <mort> I had to compile my own chromium because you broke your chromium package by replacing it with a snap
[09:32] <ogra> heh ... nobody forced anything 
[09:32] <mort> well, you remove apt packages I depend on and replace them with snaps
[09:32] <ogra> what exactly is broken about it 
[09:32] <mort> it doesn't launch in wayland
[09:33] <mort> https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1897454
[09:33] <mort> reported in 2020, confirmed, low priority
[09:33] <mort> you don't care
[09:33] <ogra> well ... enabling wayland support for it by default breaks it on the raspberry pi in a way it becomes unusable 
[09:33] <mort> boo hoo, don't make it a snap then
[09:34] <ogra> that has nothing to do with the snap 
[09:34] <mort> wait, I think you're misunderstanding, I'm not talking about "by default"
[09:34] <mort> I would be fine making a .desktop file which launches it with `--enable-features=UseOzonePlatform --ozone-platform=wayland` 
[09:35] <mort> but that also doesn't work in the snap package because the snap doesn't let it talk to the wayland server
[09:35] <mort> that wouldn't be an issue if it wasn't a snap
[09:36] <ogra> well, submit a patch to the wrapper shellscript to make it disable the "DISABLE_WAYLAND" variable when --ozone-platform=wayland is set ...
[09:36] <ogra> here is the source https://git.launchpad.net/~chromium-team/chromium-browser/+git/snap-from-source/tree/launcher/chromium.launcher?h=dev
[09:37] <mort> but this is the thing
[09:37] <mort> you break shit
[09:37] <mort> why
[09:37] <mort> just don't make it a snap and it doesn't break
[09:38] <ogra> start paying money and we can hire another full time dev to maintain it ... 
[09:38] <mort> and there is no `DISABLE_WAYLAND` in that source, I'm not sure what you're talking about
[09:38] <mort> you've spent way more money building the snap system than you would spend compiling chromium
[09:38] <mort> I understand that building a proprietary walled garden style app store is important for canonical, but it's not important for its users
[09:39] <ogra> yes, in 2014 we started building snaps for embeded, industrial, could etc 
[09:39] <ogra> *cloud
[09:39] <ogra> they became a commercial success quickly 
[09:39] <mort> I really don't understand the embedded use-case, why would you use snap packages there instead of just installing the libraries you need to the system image
[09:39] <ogra> since customers understand the advantages
[09:39] <mort> but you support like 0 SoCs
[09:39] <ogra> in 2016 we decided to also try them for dekstop packages ...
[09:39] <mort> which was a failure
[09:40] <mort> well, it was user-hostile
[09:40] <ogra> not really ... it saves immense maintenance costs 
[09:40] <mort> maybe canonical considers it a success because you get to have your walled garden
[09:42] <ogra> i.e. maintaining chromium means you need to build it against 4 different release on 6 architectures and need to test it against these ... with the release cadence of chromium this means you need to have a full time dev 5x8 working on it to have it tested and verified on all these arches
[09:42] <mort> look at any discussion online about snaps, everyone hates it, everyone sees that it drastically increases application startup time, everyone sees that it breaks integration with the rest of the system in all kinds of ways
[09:42] <mort> I know you like to dismiss all the concerns as FUD
[09:42] <mort> but they're actually based on really crappy experiences people in the real world are having
[09:43] <ogra> well, the same week we announced snaps for desktop, fedora decided to rename the until then idly "xdg-apps" project to flatpak ... i only started seeing hate posts after this ...
[09:44] <mort> and the "it runs on proprietary closed-source back-end infrastructure and prevents users from adding other repositories" thing is a real concern which a lot of people have real philosophical problems with, that's not FUD either
[09:44] <ogra> (and back then flatpaks were equally non-functional for desktop apps)
[09:44] <ogra> you are aware that there is nothing propriaetary, right ? 
[09:44] <mort> you only see hate posts after you announced snaps for desktop? What a surprise
[09:44] <mort> oh? Where's the source code for the snap back-end
[09:44] <ogra> it is a webserver and a postges DB 
[09:45] <mort> so where's the source code
[09:45] <ogra> what ? our server scripts and DB setup ? 
[09:45] <ogra> you can easily implement that yourself 
[09:45] <ogra> there are at least two projects doing that 
[09:45] <ogra> the snap server API is open and well documented 
[09:45] <mort> presumably there's some server software which reads the database, and some server software which somehow manages the database?
[09:46] <ogra> its a few oython scripts ... that provide a REST API
[09:46] <mort> sure
[09:47] <mort> that's not a sarcastic "sure", that's a "that may be the case but I don't care"
[09:47] <ogra> that REST API is well documented ... akll you need is apache/ngnix and a DB  .... and probably xdelta3 for the by-default delta downloads
[09:48] <rs2009> hi everyone, was wondering if any of the old nux docs are still online (found a few IRC meetings logs related to Nux on the Ubuntu Wiki, but couldn't find anything else related)
[09:48] <ogra> https://forum.snapcraft.io/t/announcing-project-kebe-open-source-snap-store-start/25088
[09:49] <mort> I just don't understand the insistence on keeping it closed, it's not like throwing it up on some public git repo would be a big deal
[09:49] <ogra> mort, do you knwo how canonical makes money ? 
[09:49] <rs2009> mort: would be great if you could tell me where the source code for archive.ubuntu.com is hosted
[09:49] <rs2009> lol
[09:50] <mort> ogra: deals with enterprise customers, IoT/embedded, support contracts, that sort of stuff?
[09:50] <mort> I'm guessing here
[09:50] <ogra> rs2009, https://code.launchpad.net/launchpad ... 
[09:51] <ogra> mort, it sells infrastructure and services around this ... 
[09:51] <mort> if your way of money causes you to make user-hostile decisions, that's bad
[09:51] <ogra> mort, for snaps that means dedicated stores for enterprise customers ... 
[09:51] <mort> if I complain that google has a really unethical global surveillance network you can't respond to that with "yeah but it's okay because that's how they make money", that's kind of the problem
[09:52] <ogra> why ? 
[09:52] <ogra> i would reply with exactly that 
[09:52] <mort> because something doesn't become okay just because it makes money?
[09:52] <ogra> and you are free to use alternatives
[09:52] <rs2009> ogra: /s (and that's not even the source code of the APT server's generation scripts itself, which simply isn't available)
[09:52] <rs2009> so not sure why everyone wants the source code for Canonical's server
[09:52] <ogra> rs2009, yeah 🙂
[09:53] <mort> ogra: but I understand, there's an extremely deep moral difference between us which makes our opinions fundamentally incompatible
[09:53] <mort> you think anything is morally okay as long as it makes some rich dude richer
[09:53] <mort> I don't
[09:54] <ogra> mort, well, i work in opensource companies since 25y ... therre are not many working models to make money and the ubuntu/canonical way is the morally best one i know, else i wouldnt still be here 
[09:54] <ogra> lol
[09:55] <mort> but you think google's surveillance is morally okay purely because it makes google richer, you presumably think amazon's horrible treatment of its workers is okay because it makes bezos richer, etc
[09:55] <mort> if that's your moral system, we can't agree on anything
[09:55] <ogra> mark has not made a cent with canonical or ubuntu in 18y
[09:55] <ogra> quite the opposite
[09:55] <mort> but that wasn't your argument was it
[09:55] <ogra> no, it was yours
[09:56] <mort> you explicitly supported the idea that google's practices are ethical because it makes them money
[09:56] <ogra> no, i support the idea that companies need to make money to pay their devs
[09:56] <mort> but you reject the idea that there are ethical and unethical ways of making money
[09:57] <mort> well
[09:57] <mort> more and less ethical
[09:57] <ogra> i wouldnt work for google (i declined often enough ...) 
[09:57] <rs2009> mort: many of your arguments against snaps are now invalid (the startup time is much faster with the different compression algorithm, the size for many snap packages is smaller than those for regular APT and flatpak packages etc)
[09:57] <mort> you think google's global surveillance network is okay because that's how they make money
[09:57] <mort> that makes your opinion on ethics irrelevant in my book
[09:58] <ogra> no, but it is not my job to regulate them ... thats a matter of having laws against it 
[09:58] <rs2009> also, upgrading Ubuntu with snaps installed is way easier than upgrading Ubuntu with PPAs added
[09:58] <ogra> google makes money because you use their products ... 
[09:58] <ogra> if you really feel hats morally wrong, dont use them
[09:58] <mort> but you wouldn't support laws regulating their behavior if you think their behavior is ethical and unproblematic
[09:59] <mort> OH
[09:59] <ogra> its capitalism ... 
[09:59] <mort> I suppose I should quit my job then
[09:59] <mort> because we use google for our email
[09:59] <ogra> see
[09:59] <ogra> and you even pay them 
[09:59] <ogra> i guess
[09:59] <mort> probably
[10:00] <mort> so your solution to systemic issues are:
[10:00] <ogra> unlike google canonical releases all their source code ... for the bits it can not release it puts out enough documentation that something like https://forum.snapcraft.io/t/announcing-project-kebe-open-source-snap-store-start/25088 is possible 
[10:00] <mort> just don't use products from companies which does anything unethical and don't work for companies which does business with any companies which does anything unethical
[10:00] <mort> if I did that I literally couldn't participate in society
[10:01] <mort> do you think that's realistic
[10:01] <ogra> probably ... 
[10:02] <mort> and if you use any products from an unethical company you forfeit your right to complain about that company
[10:02] <rs2009> mort: Canonical released the source code for Launchpad long ago when people were complaining about it not being open-source
[10:02] <mort> rs2009: yeah, that makes sense, because public pressure is actually one of the things which can make companies change
[10:02] <mort> but ogra is arguing against the concept of criticizing companies
[10:03] <ogra> mort, not really 
[10:03] <rs2009> mort: what was the benefit to open-sourcing it?
[10:03] <mort> well for one there's one less proprietary service ubuntu users rely on?
[10:03] <ogra> i'm not talking against free speech 🙂
[10:04] <mort> ogra: you're saying I shouldn't criticize canonical, I should either use ubuntu and shut up or not use ubuntu and shut up
[10:04] <mort> same with google, I should either use google products and shut up or not use google products and shut up
[10:04] <ogra> huh ? 
[10:04] <rs2009> mort: hardly anyone contributed to Launchpad after Canonical open-sourced it, nor did anyone even fork it
[10:04] <ogra> i never said anything like that 
[10:04] <mort> then what you're saying is incoherent
[10:05] <mort> > google's behavior is ethical because it makes them money; > it is not my job to regulate them ... thats a matter of having laws against it; > if you really feel that's morally wrong, dont use them
[10:05] <ogra> i'm saying that the world is not black or white and that you should take into account that there must be a business model somehow if companies want to pay their devs
[10:05] <mort> I can't read this as anything other than "don't complain about companies"
[10:06] <ogra> and that some are more open and others are not 
[10:06] <mort> dude, you literally don't think it's unethical to build a global surveillance network for profit
[10:07] <mort> purely because it makes money
[10:07] <ogra> depends how you use it 
[10:07] <mort> it really doesn't
[10:09] <ogra> if you make the profit flow back to the people that you benefitted from to build it, if you make it improve society etc ...
[10:09] <mort> rs2009: anyways, if you're against the concept of open source unless it brings practical benefits to the authors of the software then a lot of software probably shouldn't be open source in your eyes
[10:10] <mort> I kind of view it as a good in and of itself that a piece of software is open-source
[10:11] <rs2009> mort: the problem is that the Snap Store is too hard for the devs to open source (unless you want Canonical to release their password and API keys for libs like AWS S3)
[10:11] <mort> no
[10:11] <mort> I would actually be very surprised if canonical stores their API keys in the source code
[10:12] <mort> usually you read it from some config file or environment variables or something
[10:13] <rs2009> the open-sourcing of Launchpad didn't help pretty much any regular Ubuntu user
[10:14] <mort> so?
[10:14] <ogra> anyway, my point initially was that canonical opensources everything it develops and documents the bits it does not opensource to enable people to re-implement them on their own
[10:14] <rs2009> mort: just wondering, why aren't you complaining that the source code for the Ubuntu and Debian APT archives aren't released?
[10:15] <ogra> being an infrastructure company it will indeed to open up the implementation details of the infrastructure it makes money from
[10:15] <ogra> s/to open/not open/
[10:15] <mort> rs2009: my understanding is that apt arcives are literally just an apache file server
[10:15] <mort> that's already open source
[10:15] <mort> apt repos*
[10:16] <ogra> same for the snap store ... its a web server, some python and a database
[10:16] <mort> and there's no reason for that python code, the database schema, etc to not be open source
[10:16] <ogra> what is unreleased is the glue between them, but it is well enough documented that people implement their own copy of it 
[10:17] <ogra> mort, to what benefit ? 
[10:17] <rs2009> mort: then why isn't the source code for the APT repos too not released? (they too are made up of a web server, some python and a database)
[10:17] <ogra> mort, to push fragmentation and insecure packages like flatpak ? 
[10:17] <mort> ogra: fragmentation and insecure packages? Wat
[10:18] <mort> how would an open source snap back-end infrastructure cause fragmentation and insecure packages
[10:18] <ogra> mort, while flatpak has some similar security bits to snaps ... there is nothing that enforces them, so 90% of flatpaks do not enable them
[10:18] <mort> I think you mixed up your arguments, this is an argument against the idea of letting the user add their own repos, not an argument against open source back-end infrastructure
[10:18] <ogra> mort, every single upload to the snap store undergoes a deep security review
[10:18] <rs2009> mort: I guess you thought that people manually updated the dist files and uploaded the debs everytime they were generated in Launchpad to archive.ubuntu.com
[10:18] <mort> ogra: sure?
[10:19] <ogra> yes
[10:19] <mort> I literally don't understand why you're saying this
[10:19] <ogra> to point out that fragmentation breaks security 
[10:19] <mort> but why are you talking about fragmentation all of a sudden
[10:20] <ogra> i'm trying to point out why there is/needs to be a centralized snap store 
[10:20] <mort> yes but that wasn't the argument we were having
[10:20] <rs2009> mort: well, I guess you only care about the Snap server not being open-source as it's one of the hottest topics on r/linux
[10:20] <ogra> it is part of the reason why the glue is not public
[10:21] <mort> I think there should be a way to configure extra repos but we were talking about how the back-end infrastructure is proprietary now, which isn't related to whether or not you can add your own repos
[10:21] <mort> rs2009: I prefer open-source software to proprietary software. This shouldn't be controversial.
[10:22] <rs2009> mort: reposting this: then why isn't the source code for the APT repos too not released? (they too are made up of a web server, some python and a database)
[10:23] <mort> rs2009: I haven't looked too much into it, but I would actually be surprised if the system debian uses to build its packages and generate an apt-style folder structure isn't open-source
[10:24] <rs2009> mort: well, many of the scripts which connect to their build servers simply aren't public
[10:27] <mort> I don't know whether that's true or not, but if you have some articles or something detailing the closed parts of debian's infrastructure I would actually be interested to read it
[10:28] <rs2009> mort: well, I think you should ask this question in #launchpad (where you'll get answers from Launchpad's maintainers)
[10:31] <mort> for me it looks like they have buildd which is used by debian, and reprepro which is more aimed at people who aren't debian creating their own repos
[10:32] <mort> not entirely sure what's missing
[10:35] <rs2009> well, the people in #launchpad can answer your question better
[10:35] <mort> well you brought it up
[10:35] <mort> I'm just asking you to support your claim that there's anything significant in debian's back-end infrastructure that's closed
[10:36] <mort> or, comparable to the closed parts of snap's back-end; whether that's significant or not is obviously more subjective
[10:37] <rs2009> mort: you asked if it was possible for me to send anything that supports what I said. Like I said earlier, this topic is not frequently discussed, so you can confirm what I said with the devs in #launchpad
[10:38] <rs2009> back to my original question: was wondering if any of the old Nux docs were archived?
[10:38] <ogra> i think Nux was only a very short lived thing ... and was not used for very long
[10:39] <ogra> https://launchpad.net/nux ...
[10:40] <mort> anyways
[10:40] <mort> for everything ubuntu still has apt packages for, I wish the apt packages were kept up to date
[10:40] <mort> that shouldn't be controversial
[10:40] <ogra> but they are not up to date 
[10:40] <mort> exactly
[10:40] <ogra> and thats the point of snaps 🙂
[10:41] <mort> so you're literally admitting that the point of snaps is to sabotage apt packages
[10:41] <ogra> (because it is extremely hard to keep them up to date in the archive)
[10:41] <ogra> no, it is to overcome their limitations
[10:41] <mort> how is it so hard?
[10:41] <mort> don't you get most of them from debian anyways
[10:42] <ogra> yes, but they need to build against the dependencies 
[10:44] <ravage> mort, i know this is not really the point here anymore but nodejs offers its own deban packages. so if you dont want to use the snap use their deb packages
[10:45] <ogra> mort, debian packages often need certain versions of libs ... most of the time these libs are not available in the version you need in an old archive ... so you cant "just build" new software for universe without bumping them to a new version ... 
[10:46] <ogra> ... which in turn might break other packages that are not compatible with the newer libs
[10:47] <ogra> a distro is like a clockwork, you cant just randomly replace gears
[10:47] <mort> I'm aware of that, building a complete linux system is work
[10:47] <ogra> snaps solve that but providing rolling versions of i.e. GTK/GNOME libs and Qt libs your app can link against
[10:47] <ogra> through frameworks
[10:48] <ogra> or if you can not/do not want to use these frameworks you can bundle your own libs
[10:48] <mort> yeah, snap solves it by installing 100 different versions of qt and gtk and everything else onto the user's machine, most of which have security issues or other bugs
[10:48] <ogra> again ... not black and white 🙂
[10:49] <mort> well, it's how it works isn't it
[10:49] <ogra> not really 
[10:49] <ogra> if you have a security issue that allows an attacker to take over the host, thats not really critical in the snap context for example 
[10:49] <mort> it is
[10:50] <mort> snaps generally don't use confinement
[10:50] <ogra> since what you could take over here would only be the readonly app environment, never the host
[10:50] <ogra> WHAT !?!
[10:50] <mort> nah
[10:50] <ogra> who told you that ? 
[10:50] <mort> my own experience
[10:50] <ogra> every single snap des 
[10:50] <mort> well
[10:50] <mort> "classic" confinement
[10:50] <mort> where they have full filesystem access
[10:50] <ogra> aha
[10:51] <ogra> classic is special and needs a full review by the ubuntu security team before you can even upload it 
[10:51] <ogra> (and is extremely hard to package= 
[10:51] <ogra> )
[10:51] <ogra> 98% of snaps are not classic 
[10:52] <ogra> and the 2% that are underwent a long winded review and *must* come from an upstream ... and need to fulfill a certain set of criteria
[10:52] <mort> I have this experience relatively frequently: 1) run some command I don't have; 2) command-not-found tells me to install the snap; 3) I try to install it with snap; 4) snap tells me it's using classic confinement and that I should be very careful with it; 5) I try to figure out who packaged it; 6) I find out it's some random person or group I don't
[10:52] <mort> know anything about and have no reason to trust
[10:53] <ogra> https://forum.snapcraft.io/t/process-for-reviewing-classic-confinement-snaps/1460
[10:53] <ogra> all publically documented btw
[10:54] <ogra> also freel free to look at all teh snaps that fail security review on upload https://forum.snapcraft.io/c/store-requests/19
[10:54] <ogra> (and need a special review) 
[10:54] <ogra> ... and this happens literally on every upload
[10:55] <rs2009> ogra: Nux was actually the core of Unity7 (and is still being used and maintained)
[10:55] <rs2009> wanted to make a few changes and couldn't find any docs related to Nux's widgets in the Ubuntu Wiki
[10:55] <ogra> rs2009, except that the upstream maintainer gave up on it AFAIK 
[10:56] <rs2009> ogra: yep, that's true
[10:56] <ogra> (but you shoudl be able to contact neil thrugh LP)
[10:56] <rs2009> most of Unity7's elements like the dash and launcher use Nux though for the blur and other features
[11:03] <rs2009> ogra: Neil doesn't seem to have been active since late 2010
[11:03] <ogra> mort, btw, regarding the numbers of different confinement types: https://snapstats.org/confinements
[11:04] <mort> why are the numbers so fluctuating
[11:05] <ogra> i wonder the same ... would be a question for diddledani
[11:06] <ogra> probably the store query doesnt run very consistent or some such... they used to be less wiggly 
[11:06] <ogra> either way, you can see the relation between strict and classic there 
[11:07] <mort> is node strict?
[11:07] <ogra> nope, cant be strict and comes from a vetted publisher ... 
[11:08] <ogra> (i use node in a lot of strict projects, but to use it as a system-wide interpreter it needs to be classic ... like a compiler etc)
[11:09] <mort> right
[11:10] <mort> those are the kinds of tools I've usually been told by command-not-found to download snaps of
[11:10] <ogra> which is fine, especially in case of node ... which is well maintained by the upsream
[11:11] <mort> well, snap doesn't seem to think so at least, it always says classic packages may put your system at risk
[11:11] <ogra> you can see if a publisher is vertted in the output of "snap info node" ... if there is a green check mark next to the publisher name, they have been verified to be the actual upstream
[11:12] <mort> yet it may put your system at risk
[11:12] <ogra> thats a general thing for classic snaps since they *are* not confined we need to make the user know 
[11:12] <ogra> perhaps the message should be worded less scary 🙂 file a bug 
[11:12] <mort> it's a very strange user experience at least
[11:12] <mort> > node
[11:13] <mort> > hey you should run `snap install node`
[11:13] <mort> > snap install node
[11:13] <mort> > OMG this package is dangerous and puts your system at risk, if you're really really sure run `snap install --classic node`
[11:13] <ogra> theoretically *every* univers package should spill such a warning too ... nothing in there gets tested, they just get synced from debian blindly 
[11:14] <mort> there's a long-standing assumption in the linux world that your distribution is trusted
[11:14] <ogra> ... like add-apt-archive should tell you that ou give the PPA owner full root access to your machine 
[11:14] <mort> add-apt-repository should absolutely come with more warnings yeah
[11:15] <ogra> but today only snap install --classic does that 
[11:15] <ogra> while technically applicable of all the other use cases too 
[11:15] <mort> but `snap install --classic` doesn't differentiate between trusted classic packages and untrusted classic packages
[11:15] <ogra> s/pf/for/
[11:15] <ogra> there are no untrusted classic packages
[11:15] <mort> well all of them warn you that they may harm your system, which means they're not trusted
[11:16] <ogra> right, which s nonsense as i said above, the message should be re-worded
[11:16] <mort> I'm pretty sure I was once asked to install a classic confinement package from snapcrafters
[11:16] <ogra> they are trusted but will not use any confinement and have full access to your system ... yet their publishers are vetted before upload is allowed
[11:17] <mort> which seems to be a pretty loosely organized group of people who make snap packages
[11:17] <ogra> but that would be a pretty long essage to print 🙂
[11:17] <ogra> snapcrafters are truted packagers that have a longer record of packaging before they can joind the group ...
[11:17] <ogra> it is the MOTU of snaps
[11:18] <ogra> like MOTU cares for universe, they maintain snaps as a "distro team"
[11:19] <ogra> (every commit at https://github.com/snapcrafters/ gets team reviewed)
[11:20] <mort> would be useful if this kind of information was available anywhere when trying to decide whether to trust a package which may harm your system or not
[11:20] <ogra> 👍
[11:21] <mort> now, I have a question
[11:21] <mort> is it ubuntu's goal that other distros should be able to adopt snaps?
[11:22] <mort> I mean in the same way that ubuntu is, where it's trying to be a pretty core part of the experience
[11:22] <ogra> we have a few people only focusing on cross distro support, so indeed 
[11:22] <ogra> but nobody can dictate distros to include snaps 
[11:23] <mort> do you experience that many other distros are interested in deeply integrating such a canonical-centric product where the only one who can respond to a security incident is canonical and the only one who can accept or remove packages is canonical?
[11:23] <ogra> but in general snaps work on roughly 30 distro types 
[11:23] <ogra> there are a few 
[11:24] <ogra> manjaro for example includes snapd by default
[11:24] <mort> but is their goal also to get users to use snaps for everything, making snaps the preferred way to get development tools, web browsers, gui apps, etc
[11:25] <ogra> it would be great if more adopted it ... but there is that troll army that pushes against it 
[11:25] <mort> here we go again
[11:25] <mort> all concerns regarding snaps is just FUD from trolls
[11:26] <mort> if the situation was turned on its head, and red hat made snaps, would canonical really have no qualms at all about deeply integrating a packaging system where canonical has no agency to respond to security incidents or upgrade packages or anything like that
[11:26] <ogra> mort, many are
[11:27] <ogra> dunno ... the point is that most people do not know that flatpak was redhats reaction on the already cmmercially successful snaps ... 
[11:27] <ogra> snaps are years older 
[11:28] <ogra> you could even buy IoT gateways running the snap only based Ubuntu Core a year before flatpak existed
[11:28] <mort> ok but this is just a lie
[11:29] <mort> flatpak is from 2015
[11:29] <ogra> from 2016
[11:29] <mort> "Initial release	September 2015; 6 years ago"
[11:29] <mort> probably under the name xdg-app
[11:29] <ogra> the same week we announced desktop support in snaps redhat announced flatpak as a packaging system
[11:29] <ogra> i remember that very well
[11:30] <ogra> yes, there was xdg-apps before ... maintined by a single guy ... not very popular 
[11:30] <mort> and you thought they just, what, threw together flatpak in a couple of days in order to be able to announce it the same week as canonical announced snaps
[11:30] <ogra> no, they renamed xdg-apps i wrote so above when we started talking 🙂
[11:31] <mort> do you fault red hat for wanting a packaging system that's less canonical-centric
[11:31] <ogra> either way ... flatpak does not even remotely have the snap feature set ... it would/could never be a replacement for snaps
[11:31] <ogra> it is a nice tool to deliver some desktop apps, but that is about it 
[11:31] <mort> so?
[11:32] <ogra> snaps are way more 
[11:32] <mort> you're the one who brought up flattpak
[11:32] <ogra> no, i brought up trolling 🙂
[11:32] <mort> and flatpak
[11:32] <mort> I don't know why you brought up flatpak
[11:33] <Jeremy31> Sounds like competition
[11:33] <mort> like, it's a fun story that redhat rebranded their existing snap-like project when snap launched, but I don't understand what makes it relevant to the discussion
[11:33] <ogra> snap like ?!?!
[11:33] <mort> yes
[11:34] <ogra> snap is a packaging system ... you can package kernels, servers etc ... flatpak is a desktop app delivery mechanism ... 
[11:34] <ogra> there isnt even remotely a relation ... beyond the fact that both use containerization
[11:35] <mort> why would anyone make a snap of a server system?
[11:35] <ogra> mort, see Ubuntu Core ... 
[11:35] <mort> I wouldn't want to have each new deployment of my server system go through canonical
[11:35] <mort> I would want to be able to just deploy a new version of my server software
[11:35] <ogra> theer also are tons of server snaps in the store 
[11:35] <mort> oh, like nextcloud and such
[11:36] <ogra> thats one example, yeah
[11:36] <mort> yeah that makes sense, there the server software is the product that the user should install themselves
[11:36] <mort> I was thinking about the case where you run a server and write software for that server
[11:36] <ogra> you can do that too 
[11:36] <mort> yeah but you wouldn't want to
[11:37] <ogra> i do that all the time here at home 
[11:37] <ogra> as do our customers 
[11:37] <mort> and all your changes to your server system goes through canonical..?
[11:37] <mort> what if you need a quick fix for something
[11:38] <ogra> i commit a change in my git tree ... the rest is automatic
[11:38] <ogra> then i switch my QA machine to the edge channel and test the released snap from that gommit 
[11:38] <ogra> *commit
[11:39] <ogra> if it is fine, i release it to the stable channel with a click  or single cmdline call and my servr machine picks it up
[11:39] <mort> what if it's a server I don't want available to everyone else, either because it's just some personal thing which nobody else would want to use or because it's some proprietary thing
[11:39] <ogra> i mark my snap as private and nobody else can see it 
[11:40] <mort> seems like an extremely weird workflow
[11:40] <ogra> if i do not want to go through canonical at all, i make a little script that installs th snap with the --dangerous flag (to tell snpd it does not come from a store)
[11:41] <mort> is it any more dangerous to install a snap from a snap file than to install an unvetted snap from the snap store?
[11:41] <ogra> depends 
[11:41] <mort> on what
[11:41] <ogra> if your locally built snap is --classic 
[11:41] <ogra> 😉
[11:41] <mort> well no
[11:42] <mort> it wouldn't be more dangerous to install an unvetted --classic snap from the snap store than to install it from a file
[11:42] <ogra> if it is strict it has to function within the limits of the snap interface system 
[11:42] <mort> there just (allegedly) aren't unvetted --classic snaps on the store as a matter of policy
[11:42] <ogra> there are no unvetted classic snaps in the store 🙂
[11:42] <mort> that's what I just said
[11:43] <ogra> right, i was typing while you hit enter 😉
[11:43] <mort> anyways
[11:43] <mort> what does this have to do with trolls again
[11:44] <Jeremy31> Everything involves the trolls
[11:44] <mort> I'm sure a flatpak evangelist could come up with ways in which they could make a flatpak out of their server software and run that on their server, using a similar workflow to yours
[11:44] <ogra> not really
[11:44] <mort> why do you say that
[11:45] <ogra> because flatpack is not designed like that
[11:45] <mort> how so
[11:45] <ogra> it needs desktop integration
[11:45] <mort> does it
[11:45] <ogra> yes
[11:45] <mort> what does that even mean
[11:45] <mort> flatpak needs an X server? or
[11:46] <ogra> (which is the reason something like silverligt exists ... because you can not cover the low level with flatpak)
[11:46] <ogra> yu can not package system serrvices as flatpak ... nor can you package a rootfs as flatpak ... or a kernel ... or a bootloader 
[11:47] <ogra> (or something that reads your sensors or an AP or your industrial controller software)
[11:47] <mort> is there no such thing as full filesystem access in flatpak?
[11:47] <ogra> fltapak is for desktop apps ... and it is good at that 
[11:48] <mort> but if you can have filesystem access then you can read IIO devices
[11:48] <ogra> but it is not much more than that wihout changing it by 180°
[11:48] <mort> you aren't substantiating anything you're saying
[11:49] <mort> what mechanism makes it impossible to read /sys/bus/iio or /sys/class/gpio or the like from within a flatpak-packaged application
[11:50] <ogra> no mechanism ... and you can have a gui app that reads these just fine 
[11:50] <ogra> you can not have a system service like that though
[11:51] <mort> then what prevents you from packaging an app which doesn't create a window
[11:51] <ogra> nothing ... but it would be useless 
[11:51] <mort> or connect to an X or wayland server
[11:51] <mort> why
[11:51] <ogra> what wuld it do ? 
[11:51] <mort> whatever it wants?
[11:51] <ogra> how 
[11:51] <mort> if you have filesystem access you can do almost anything
[11:51] <ogra> it can not run on its own ... there is no cli support afaik 
[11:52] <mort> uh there's `flatpak run` which works from the cli
[11:52] <ogra> you need to launch it through a .desktop file 
[11:52] <ogra> oh have they grown that ? it was not there the last time i looked 
[11:53] <ogra> (which was admittedly quite a while ago)
[11:54] <ogra> stil does not help you with yur headless AP out in the wods 
[11:54] <ogra> *woods
[11:57] <mort> so I looked at their git repo and the "run" subcommand was there at least when it was rebranded from xdg-app to flatpak
[11:58] <mort> so maybe some early development version of xdg-app was missing "run", but flatpak has always had it
[11:58] <ogra> interesting 
[11:59] <ogra> either way, my comment still stands ... wont help you on an IoT device or industrial controller or iin a cloud instance
[11:59] <mort> but I keep asking, what exactly is the mechanism which prevents you from using flatpak for that
[11:59] <ogra> that your only access to the system is through graphical portals if you actually want to run confined doesnt help either
[12:00] <mort> but we're not talking about being confined, you'd presumably have filesystem access
[12:00] <ogra> you could surely hack together some systemd usnit that calls flatpak run ...
[12:00] <ogra> confinement is the core of filesystem access
[12:00] <ogra> at least in snaps ... 
[12:01] <mort> well then confinement wouldn't even be an issue if you can still have access to sysfs and whatever
[12:01] <mort> idk if flatpak lets you bind to network sockets but I assume there's some mechanism to do so
[12:01] <ogra> in snaps this access id fully mediated 
[12:01] <ogra> though an interface 
[12:01] <ogra> *through
[12:02] <ogra> ... by the kernel ... 
[12:02] <mort> everything's mediated by the kernel, but I assume you're referring to the various namespacing features 
[12:03] <ogra> no, to seccomp and apparmor 
[12:03] <ogra> but yeah, namespaces are in use as well ... as are cgroups
[12:04] <mort> honestly it just sounds that you're salty that redhat doesn't want to cede all control of their distro over to canonical
[12:04] <ogra> lol
[12:04] <ogra> i dont care about redhat 
[12:04] <mort> yet you focus so much on flatpak
[12:05] <ogra> i do care about the fact that the trolling started shortly after flatpak was anounced and i find that very depressing 
[12:05] <mort> I'm not convinced what you're referring to as "trolling" actually is trolling
[12:05] <mort> snaps suck for all kinds of really good reasons
[12:05] <ogra> the two mechanisms could live side by side happily and it makes me sad to see so much FUD being spread ... and that this drowns all the cool bits and pieces snaps provide 
[12:06] <mort> there is no FUD
[12:06] <mort> snaps just have serious problems
[12:06] <ogra> snaps have a few problems with the desktop implementation that are constantly fixed by a big team of developers
[12:06] <mort> I know you don't care about open source but the back-end not being open source is a real thing for many people who care about open source
[12:07] <mort> the fact that canonical controls the only snap repo is another serious problem
[12:07] <mort> that distros can't really add their own snap repos
[12:07] <ogra> i do care about opensource, not sure what makes you think i dont ... i'D work for google, aplle or MS if i wouldnt
[12:07] <mort> well you don't seem to think it's valuable that things are open source
[12:08] <mort> a lot of people don't like mandatory auto-updates
[12:08] <ogra> all my work is opensource, all work i have ever done for canonical is opensource
[12:09] <ogra> you can manage your updates just fine, you can hold them, and schedule them ... there is even a gnome extension for that 
[12:09] <mort> yet you think it's good that all snap activity goes through a proprietary front-end interacting with a proprietary back-end
[12:09] <ogra> eventually you *will* get the new version though, since we guarantee upstreams that their users will not be left on insecure old version
[12:09] <mort> you can't have an apt-style experience where all your packages are updated when you tell them to update
[12:10] <mort> right
[12:10] <ogra> because snap is not deb
[12:10] <mort> so mandatory auto-updates
[12:10] <mort> that's what I said
[12:10] <ogra> yes, but you have all the abilities to do then at a convenient time or hold them back until it fits
[12:10] <mort> except for if the mandatory auto-update hits at an inopportune time
[12:11] <ogra> yet there are no security cameras out there running Ubutu Core that could be part of the next big botnet attack
[12:11] <ogra> then why did you pick that time, you have two months to do the upgrade
[12:11] <mort> I don't care about the IoT use-case, I use yocto not ubuntu core
[12:11] <mort> essentially, you're saying the user's machine is really canonical's machine, canonical should be able to dictate that you have to upgrade to a new version which you may not want
[12:12] <ogra> (btw thare are about 100 SoC supported by canonical ... we just do not provide reference images for each and ever of them) 
[12:12] <ogra> since you mentioned there are no SoCs)
[12:12] <ogra> no a users machine is the users' ... but you should not stay on insecure versions of software 
[12:13] <mort> https://ubuntu.com/core/docs/supported-platforms there are 7 there, 4 of which are raspberry pi and one is generic x86
[12:13] <ogra> yes, with well tested reference images ... 
[12:13] <ogra> to test out UC 
[12:13] <mort> you said ubuntu core supports 100 SoCs
[12:13] <mort> but that's the list of supported platforms
[12:13] <mort> their word
[12:13] <ogra> no, that is the list of reference test images
[12:13] <mort> no, that's the list of supported platforms
[12:14] <mort> everything on the page says "supported platforms"
[12:14] <ogra> https://ubuntu.com/blog/nxp-and-canonical-to-demo-ubuntu-core-on-the-ls1043a-at-embedded-world
[12:14] <ogra> just one example 
[12:15] <mort> great
[12:15] <ogra> there are also a lot of qualcomm SoCs nvidia etc etc 
[12:15] <mort> but clearly it's not a supported platform
[12:15] <ogra> it definitely is 
[12:15] <mort> then why isn't it in the list of supported platforms
[12:15] <ogra> you just have to roll the images yourself or engage with canonical ... we cant provide demo images for every SoC 
[12:16] <mort> but if it's a supported platform, why isn't it in the list of supported platforms
[12:16] <ogra> https://people.canonical.com/~ogra/snappy/all-snaps/daily/current/
[12:16] <ogra> here are a few others 
[12:16] <ogra> (and three levels up there are more)
[12:16] <mort> these are all great but they're clearly not supported platforms
[12:17] <mort> they may be platforms ubuntu core happens to work with
[12:17] <ogra> they use a supported kernel and rootfs ... 
[12:17] <mort> yet they're not supported platforms
[12:17] <ogra> sure they are due to that fact
[12:18] <mort> then where on the list of supported platforms are they
[12:19] <mort> another thing, when I last looked into ubuntu core, I found out that you actually can't update the version of ubuntu the device is running
[12:19] <mort> that seems wild to me
[12:19] <mort> just running 16.04 in 2032
[12:19] <ogra> on the list you can get when engaging with canonical ... or on the list someone on forum.snapcraft.io can give you if you ask about rolling your own images
[12:19] <mort> maybe add the other supported platforms to the list of supported platforms
[12:19] <ogra> yeah, i'm lazy and havent moved them to UC 18/20 ... would be an hour of work i didnt invest 
[12:20] <mort> I wasn't talking about your images specifically
[12:21] <ogra> well, supported on that webpage means that each sigle update of each single snap is fully tested and QAed against that image, as i said, we cant do that for every supported SoC but that doesnt mean the others can not be run with supported snaps 
[12:21] <mort> just that, from what I understood, if you decide to build an IoT device on Ubuntu Core, you can never upgrade the ubuntu version on a device in the wild
[12:21] <mort> the only update mechanism is updating the snap
[12:21] <ogra> you can ... from UC20 on you can re-model to a new release 
[12:22] <ogra> 16 and 18 did not support that, this is true 
[12:22] <mort> ah
[12:22] <mort> I also understood that you're not allowed to run your own distribution server, you *must* use canonical's, and if you want it to not be a public snap, you must pay canonical heaps of money
[12:23] <ogra> heaps ... 
[12:23] <mort> I don't remember the exact figure, just that I thought it sounded like a lot for something which seems obvious
[12:24] <ogra> $15k/year for an IoT store ...
[12:24] <mort> right
[12:24] <mort> that's quite a lot
[12:24] <ogra> which is rather cheap 
[12:24] <ogra> not really 
[12:24] <mort> it is
[12:24] <mort> and you still don't even get to run your own upgrade server
[12:25] <mort> (iirc)
[12:25] <ogra> how much do you pay for ... say a three headcount yocto team to keep your OS up to date and safe ? 
[12:25] <ogra> you do 
[12:26] <mort> oh don't get me wrong, $15k/year is cheap for an OS support team type thing
[12:26] <ogra> the store is your upgrade server ... you can use a snap proxy for in-house management ... you can use an air-gapped snap-proxy for full control ... (the systems and packages still need to auth against the central server, but nothign else)
[12:26] <mort> it's a whole lot to pay for the privilege of hosting your own server
[12:27] <ogra> its a bargain if you do not need to care for the OS at all and all your devs need to do is commit to git and trigger tests 
[12:27] <ogra> you can fully focus on the apps
[12:27] <mort> but that's not what's being paid for
[12:27] <ogra> it is ... at least that is how the customers i work with see it
[12:28] <mort> it seems weird tho to have a cost structure where you pay for taking load off of canonical's servers and get nothing in return
[12:28] <ogra> peace of mind is what you get in return 
[12:28] <ogra> a guarantee that your systems are always on and never fail 
[12:28] <mort> do you get more peace of mind by running your own upgrade server than by using canonical's??
[12:29] <ogra> (snaps have built-in rollback on failure, that includes kernel and rootfs) 
[12:29] <mort> cool, so do all other decent iot upgrade systems
[12:29] <ogra> dunno, do you get more peace of mind runnign your critical infra on AWS ? 
[12:29] <ogra> most companies do that today and save on maintaining their own datacenter
[12:30] <ogra> do they ? 
[12:30] <mort> I would say there's a peace of mind benefit to running servers on AWS rather than having your own servers
[12:30] <ogra> i havent seen a builtin mechanism like that in yocto 
[12:30] <ogra> you need to use something like mender, know what yu are doing and integrate it yourself 
[12:30] <ogra> or pay mander 
[12:30] <ogra> not much different
[12:31] <ogra> just less work on your side if you pick core
[12:31] <mort> or use rauc or swupd
[12:31] <ogra> well, external tools you need to integrate yourself 
[12:31] <mort> yes
[12:31] <ogra> so you nee in-house knowledge 
[12:31] <mort> I'm not saying there's no value in having it integrated as a package
[12:31] <ogra> which many companies do not want to invest in 
[12:32] <mort> I'm not even saying ubuntu core is a bad deal
[12:33] <mort> just that, specifically, $15k/year is a lot of money to pay to be allowed to take load off of canonical's servers
[12:33] <ogra> it isnt ... snaps and core are commercially well successfull ... and thanks to that canonical can provide the technology for free to the community, even for desktop snaps that are not relly producing a lot of return value
[12:34] <ogra> the 15k are for using a brand store (or leaf store) *on* canonicals servers 
[12:35] <mort> oh
[12:35] <ogra> nothing takes load off 
[12:35] <mort> so you don't even get to run your own upgrade server
[12:35] <ogra> you then *can* use the proxy variants for in-house
[12:35] <ogra> stuff
[12:36] <ogra> for th 15k you get storage, consulting, help with snap packaging and support 
[12:36] <ogra> (and peace of mind ideed 😄 )
[12:36] <mort> but why shouldn't you be allowed to just run your own upgrade server
[12:37] <ogra> you are ... remember the link above i gave ... there are companies runing their completely own infra and snapd 
[12:37] <ogra> ... and they dont pay 🙂 
[12:37] <ogra> that same company actually also has yocto based systems using all apps as snaps o top 
[12:38] <ogra> *on top
[12:38] <ogra> (there is snapd for yocto too ... )
[12:38] <mort> I'm not sure which of the links you're referring to
[12:39] <ogra> https://forum.snapcraft.io/t/announcing-project-kebe-open-source-snap-store-start/25088
[12:40] <mort> so you're saying ubuntu core allows you to point your system at a different snap store
[12:40] <mort> because that's not the impression I'm getting from any of the official docs
[12:40] <mort> they all talk about how you should get a brand store and whatever
[12:41] <ogra> it is opensource ! you can do whatever you want with it 😉
[12:41] <ogra> and no, i'm not saying this is limitied to ubuntu core ... 
[12:42] <ogra> you could run their snapd on your desktop and use their snaps from their store 
[12:43] <mort> if we're talking about forking snapd and maintaining a fork which points to a different repo I'm assuming we're in a territory where system upgrades get harder
[12:43] <ogra> not harder than with the unpatched snapd 
[12:43] <ogra> more insecure perhaps 
[12:43] <mort> well it'd be as secure as your upgrade system is
[12:43] <ogra> nope
[12:43] <mort> s/system/server/
[12:44] <ogra> as secure as your upload checks are 
[12:44] <ogra> since the reviews and checks happen on upload
[12:44] <mort> what additional checks could canonical possibly do
[12:44] <mort> why would one want canonical to have to review our system image before we could deploy them to customers
[12:45] <ogra> not additional ... having another server means the other could do less
[12:45] <mort> ok, what sort of checks does canonical do
[12:45] <mort> when we're talking about the binary artefacts of an embedded system's software
[12:46] <ogra> we're talking about a well defined interface system ... some of them are harmless (lets say audio playback, that only givey you playback access to pulses socket) ... some are not .. these are blocked on upload 
[12:47] <ogra> no matter what he artefacts are ... the access to the outside world is what matters 
[12:47] <mort> what's the attack vector this is protecting against
[12:47] <mort> a rogue employee putting malicious code in their company's product?
[12:47] <ogra> taking over yur machine, spying on your security data (passwords etc) 
[12:47] <ogra> seeing any data from other apps 
[12:48] <mort> there are no other apps
[12:48] <ogra> talking to the outside world 
[12:48] <ogra> ??
[12:48] <ogra> sure there are ... 
[12:48] <ogra> on every system 
[12:48] <mort> we're talking about IoT devices where company A makes some hardware and puts their software on it and sells it to customers as an appliance
[12:48] <mort> you can't really protect against company A being malicious in that case
[12:48] <ogra> yeah, that system still runs systemd, or whatever else plumbing stuff
[12:49] <mort> if the systemd is malicious you have serious problems
[12:49] <ogra> sight 
[12:49] <mort> wait
[12:49] <ogra> *sigh even
[12:49] <ogra> i mean the app accessing and manipulating systemd 
[12:50] <ogra> you asked about "what other apps are there" 
[12:50] <ogra> a snap can not do that by default
[12:50] <mort> but what is this protecting against
[12:50] <ogra> it can not take over yur machne 
[12:50] <mort> what "your machine"
[12:50] <ogra> ... and hook it up to a botnet 
[12:50] <mort> we're talking about software running on IoT devices as appliances where the same company makes the hardware and the system image
[12:50] <ogra> the host machine ... whatever that is 
[12:51] <mort> what "host machine"
[12:51] <ogra> be it an IoT device or a desktop
[12:51] <mort> the smart fridge?
[12:51] <ogra> yeah
[12:51] <mort> but now you're just talking about sandboxing your software so that it can't do that much if it gets compromised
[12:51] <mort> what checks does canonical do
[12:51] <ogra> i'm talking about the interface system 
[12:52] <ogra> canonical checks which interfaces to the outside world a snap attempts to use 
[12:52] <ogra> and depending on the interface used, lets the snap into the store or not 
[12:52] <mort> but that's an automated check?
[12:52] <ogra> *interfaces
[12:52] <mort> and, what
[12:52] <ogra> that bit is automated 
[12:52] <ogra> if you fail that check you go into manual review 
[12:52] <mort> are you protecting against if the company tries to install a malicious app using an interface it shouldn't to their own devices
[12:53] <ogra> right
[12:53] <ogra> thats independednt of "a company" thats a general thing for every snap
[12:54] <mort> but we're talking about IoT
[12:54] <ogra> snaps can use all the harmless interfaces just fine ... if they go beyond that you have to get approval from the ubuntu security team
[12:54] <mort> why do I need approval from the ubuntu security team to do what I want on my product
[12:54] <ogra> the target totally does not matter .. could be IoT, server, cloud or desktop
[12:55] <ogra> it is a general mechanism 
[12:55] <mort> but we're talking about how this is a benefit in the context of IoT, not how it's a benefit in the context of desktop apps
[12:55] <ogra> for everyone ... even in brand stores
[12:55] <mort> and it sounds like you're saying that this protect the company with the IoT product from themselves
[12:55] <ogra> what is the difference ? 
[12:55] <ogra> you want the apps properly secured in either use-case
[12:55] <ogra> and thus the same checks apply everywhere 
[12:55] <mort> the difference here is that the authors of the software are also the ones selling the devices they ship with
[12:56] <mort> I'm not understanding what the threat model is
[12:56] <ogra> for a brand store customer it is easier to get things granted ... after all it is thir store 
[12:56] <mort> is the threat model that the company writes malicious software for their own product
[12:56] <ogra> secure confinement of applications is the model
[12:56] <mort> is the threat model that the company writes malicious software for their own product
[12:56] <ogra> no
[12:56] <mort> "secure confinement of applications" isn't a threat model
[12:57] <mort> the "brand store customer" is the person who decided to buy a smart fridge which, under the hood, happens to run ubuntu core, but the customer has no interaction with any brand store of any kind
[12:57] <ogra> the threat model is a programmer accidentially allows access the app should not have and rips open an unexpected security hold
[12:57] <ogra> *hole
[12:57] <mort> right, so sandboxing
[12:57] <mort> is the solution to that
[12:58] <mort> we can have that without canonical's security team being involved?L
[12:58] <ogra> well it is not the sandboxing but the model of granting fine grained holes into that sandboxing
[12:58] <mort> yes
[12:58] <mort> but that's not something which requires involvement from a canonical security team
[12:59] <ogra> and these holes are either secured because the interface is properly mediated or they are broader and require security team review
[12:59] <mort> what even does a "security team review" mean
[12:59] <mort> what can you do with the binary artefact to determine that it's safe
[13:00] <ogra> nothing except for the bits granted by the interfaces 
[13:00] <mort> so what value does the security team add
[13:01] <mort> in an iot context
[13:01] <mort> I understand the value in a desktop context where the person owning and operating the device and the person writing the software are different people and where I as a user of my laptop want to know that if some random developer wants to do something malicious they can't because their app is sandboxed
[13:02] <ogra> in an iot context with a brand store it reviews if your app really needs that much permissions, starts a conversation with the developer, reviews if you could not be better off using a different, more secure interface etc 
[13:03] <ogra> in the end a brand store customer can always overrule this, the point is that you get a free security team review and probaly adjust your "best practices" to do it in a safer way
[13:03] <mort> but if their interaction is limited to what interfaces you use to interact with the outside world...
[13:04] <ogra> in th case of the global store you have to give very hard reasons and explanation about why you want to use that interface ... and might in the end not getting it granted but have to ask your users to connect it manually in a concious way of what they are doig
[13:04] <ogra> it is not different to androis or IOS in the end 
[13:05] <mort> but like
[13:05] <mort> apple doesn't have to get permission from someone else to push out a new iOS version
[13:05] <ogra> (and eventually desktop snaps will have popups on first start asking you to allow access to i.e. your location) 
[13:05] <mort> in an iot context, the person publishing the snap is in the role of Apple, not in the role of some app developer who wants to publish to the app store
[13:05] <ogra> not really 
[13:05] <mort> yea really
[13:06] <ogra> in the iot context most customers use the OS as is 
[13:06] <ogra> and focus on the apps 
[13:06] <mort> imagine if apple had to get permission from canonical to push out a new iOS version
[13:06] <ogra> so it is exactly the same 
[13:06] <ogra> but customers dont have to get such a permission
[13:06]  * ogra wonders what makes you think that
[13:06] <mort> what makes me think what
[13:07] <mort> in the ubuntu core world, the core OS (in iOS, Darwin) would be provided by Canonical, and everything on top of that (the UI, the system services, whatever) would be provided as a snap by Apple
[13:08] <mort> right?
[13:09] <mort> Apple would be the company producing an IoT product which uses Ubuntu Core, so the lock screen and the home screen and the notifications menu and everything would have to be implemented as some snap which runs on boot
[13:10] <ogra> right
[13:10] <mort> right
[13:11] <mort> so Apple would have to publish iOS and have canonical review it
[13:11] <ogra> you get the bare rootfs and kernel ... and typically package the bootloader and image info in a so called gadget snap you maintin
[13:11] <mort> just seems weird
[13:11] <ogra> you also get full control over when something releases 
[13:12] <ogra> and your snaps undergo upload checks ... for which you can get exceptions after an initial review/discussion
[13:12] <ogra> ... in case you use some more privileged interfaces
[13:12] <ogra> same model as IOS or android use
[13:13] <mort> except that you also use that model for the system, not just apps
[13:13] <ogra> apps run confined and have interfaces to talk to the outside world
[13:13] <ogra> well, the base snap (rootfs) has no restrictions ... neither does the kernel snap ... 
[13:14] <ogra> both obviously run unconfined
[13:14] <ogra> and come from canonical 
[13:14] <mort> yeah exactly, so "system" stuff, like the home screen in iOS, would be a snap
[13:15] <ogra> yeah, in case of UC it would be an app running on ubuntu-frame (Mir) 
[13:15] <mort> huh, you still use mir for that do you
[13:15] <ogra> mir is used a lot in digital signage, yeah
[13:15] <mort> I heard that mir was not dead and was transitioning to become a wayland compositor but i didn't realize canonical actually used it in official products
[13:15] <ogra> well, ubuntu-frame 🙂 Mir is a dead name 🙂
[13:16] <mort> how does it compare to, say, weston?
[13:16] <ogra> yep, lots of PoS systems and digital signage setup use it, often in tens of thousans of deployments 
[13:17] <ogra> i never used weston ... but i built a lot of dig. signage and it it very easy to use there 
[13:18] <mort> weston is also very easy to use, it shows wayland windows like you'd expect and that's kind of all a kiosk/embedded/signage display server needs to do
[13:18] <ogra> (only needs a few extra lines in your snapcraft.yaml to have it hok up to it ... building a kiosk that way is a breeze)
[13:18] <ogra> well, does wesn come with an OSK builtin ? 
[13:18] <ogra> *weston
[13:19] <mort> not that I'm aware of; I wasn't thinking of that, I'm not working on devices with touch input
[13:19] <ogra> or the ability to easily set up multi-monitor etc 
[13:21] <ogra> https://github.com/ogra1/electron-kiosk-wayland/blob/main/snap/snapcraft.yaml is a simple electron based kiosk in 100 lines of yaml running on top of ubuntu-frame
[13:22] <mort> I suppose I'd be most interested in how performance compares
[13:25] <mort> and things like memory use and system image bloat
[13:25] <ogra> there is no runtime difference ... startup depends on the compression you pick though
[13:26] <ogra> line 88 might interest you in the snapcraft.yaml above though ... and brings us back to how we started that conversation 😉
[13:38] <mort> heh, well it probably makes a lot of sense when you're all in on snaps anyways
[13:40] <ogra> 🙂
[16:05] <leftyfb> LinuxAspy = Kolusion 
[16:09] <ogra> fun
[16:09] <ogra> i assumed some troll 
[16:27] <leftyfb> You assumed correct :)
[16:28] <ogra> (i didnt assume Kolusion ... 🙂 )
[20:22] <leftyfb> ogra: spent any time with the raspiOS on the cutiepi?
[20:24] <ogra> i played with the shipped and the first update images ... 
[20:24] <ogra> the cutiepi-shell is essentially just a browser yet ... that will still take some time to get ready 
[20:25] <ogra> and the raspios underneath is ... well ... an lxde desktop on a tiny screen
[20:26] <ogra> 22.04 runs great on it and is nicely touch friendly ... but is lacking itegration for the AD converter that manages the power and button ... tats what i'm poking at currently, getting a gnome extension working to have a battery meter and to get the power button events
[20:28] <ogra> (not knowing when that thing will shut down because the battery ran out is rather off-putting 🙂 )