On Snappy and Flatpak: business as usual in the Canonical propaganda department

NOTE: this post is entirely personal. The opinions are my own and do not represent Fedora or Red Hat. The facts, however, are all 100% truthy. 😉 Just to make it 100% clear for any visiting journalists etc. who don’t know me: I work for Red Hat, on Fedora. I am not unbiased and am not claiming to be, but I am claiming that the concrete stuff I say below is true.

You may have read some stuff this week about an application delivery mechanism called Snappy and how it’s going to unite all distributions and kill apt and rpm!

This is, to put it diplomatically, a heaping pile of steaming bullshit. You may not be surprised to learn that said pile has been served by the Canonical press department.

The source of all this press was this gem of a press release, which has been widely covered in a fairly…uncritical way by several outlets. Even Ars Technica, which is usually fairly good at doing actual journalism rather than just unquestioningly paraphrasing press releases, gave it a pretty anodyne write-up.

The press release and the stories together give you the strong impression that this thing called Snappy is going to be the cross-distribution future of application delivery, and it’s all ready for use today and lots of major distributions are buying into it. In the press release you’ll find stuff like this:

“Developers from multiple Linux distributions and companies today announced collaboration on the “snap” universal Linux package format, enabling a single binary package to work perfectly and securely on any Linux desktop, server, cloud or device.”

The stories have headlines like “Adios apt and yum? Ubuntu’s snap apps are coming to distros everywhere” and “Snap Packages Become Universal Binary Format for All GNU/Linux Distributions” (jeez, I particularly love that one).

So what are the problems with this happy-clappy story? Several of them!

First let’s be clear: Snappy is a Canonical project. The press release was issued, I think, sort of as if it came from some sort of independent or cross-vendor project, and there’s the snapcraft.io site to back up that impression, but every Snappy committer is a Canonical employee, and contributions to Snappy require signing the notorious Canonical CLA:

“Contributions are always welcome! Please make sure that you sign the Canonical contributor licence agreement at http://www.ubuntu.com/legal/contributors”

Now, does Snappy actually have the cross-distribution buy-in that the press release claims (but never outright states) that it has? No. The press release sure sounds superficially impressive:

“Developers from multiple Linux distributions…Snaps now work natively on Arch, Debian, Fedora, Kubuntu, Lubuntu, Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Unity, and Xubuntu…Together, these distributions represent the vast majority of common Linux usage on the desktop, server and cloud.”

but it’s a pretty big mis-representation. The other distributions cited have not actually declared their support for Snappy and said ‘yes, this is how we want applications to be distributed in future’. Canonical employees have independently built and released Snappy packages for those distributions. This is the basis of all the press release’s claims. For instance, the Snappy packages for Fedora are in a COPR – COPR is a system like PPA that lets anyone build packages – maintained by a Canonical employee. The sum total of communication between Canonical and Fedora before the release of this press release was that they mailed us asking about the process of packaging snappy for Fedora, and we told them about the main packaging process and COPR. They certainly did not in any way inform Fedora that they were going to send out a press release strongly implying that Fedora, along with every other distro in the world, was now a happy traveler on the Snappy bandwagon.

There is in fact another system with very similar goals, which is now called Flatpak and was previously called xdg-app. To be as fair as I can, I’ll say that Flatpak is quite heavily Red Hat influenced: the main author of Flatpak is Alex Larsson, a Red Hat employee. It is not, however, a “Red Hat project” to anything like the extent Snappy is a Canonical project. There are more than 20 other committers to Flatpak, most of whom are not RH employees (and including contributors to several other distributions). Flatpak is not under any corporate CLA. Insofar as Fedora is supporting one of these systems, it’s behind Flatpak. No other distribution besides Ubuntu is particularly committed to either system, so far as I can tell. Flatpak and Snappy both began, so far as I could find from internet research, in December 2014. Canonical’s press release, of course, doesn’t even acknowledge Flatpak’s existence…which is kind of par for the PR course, but you’d think at least some journalists might go out and do a bit of independent research.

UPDATE: since writing this post I’ve also been made aware of another system, AppImage, which has been around somewhat longer than Flatpak or Snappy (though not necessarily their forerunners). I know little about it so I will say little, but one thing to note is that – so I’ve heard – it does not attempt to do sandboxing like Snappy and Flatpak do, which is a major feature of those two implementations. It’s purely an app bundle format. But hey, it’s a choice! And it’s been around a while!

Neither Snappy nor Flatpak is at all close to being ‘done’, in the sense of being a credible system for cross-platform app distribution with buy-in from software publishers and distributions. The PR’s claim that Snappy enables “a single binary package to work perfectly and securely on any Linux desktop, server, cloud or device” sounds lovely, doesn’t it? Let’s take a look at the truth. Taking Fedora as an example, the Snappy install instructions for Fedora – go to the Snappy site and click the Fedora logo – say:

# SELinux support is in beta, so on Fedora 24 you currently have to:
sudo setenforce 0

well, that doesn’t seem terribly ‘secure’ or ‘perfect’ now, does it? Along the same lines, the Fedora packages are actually compiled with Snappy’s confinement disabled. Confinement being the entirety of what’s supposed to be secure about this form of app distribution. If confinement isn’t turned on, you’ve basically just got a big blob with uncontrolled access to the system. Good luck with that.

AIUI, the builds for other distributions are in similar states.

Note that neither Snappy nor Flatpak can possibly provide meaningful confinement of apps running under X11, as mjg59 illustrated. Flatpak will only provide meaningful confinement with Wayland. Snappy, of course, is designed to work with Mir, though they claim it can/could (not sure which) also work with Wayland. But the point here is that neither Wayland nor Mir is out there in real widespread use by Linux users at present, yet here’s Canonical happily glossing over that point while they talk about how Snappy right now allows “a single binary package to work perfectly and securely on any Linux desktop”.

At the time this Panglossian PR was sent out, there were exactly two actual useful applications available as snaps: LibreOffice and Krita. Phoronix quickly found that the LibreOffice snap was huge (over 1GB in size) and buggy. The size issue was quite quickly resolved, but this just goes to show that reality is vastly different from Canonical’s claims. This stuff is in early Alpha or proof-of-concept state. It is not remotely ‘done’ and ready for practical use in the real world outside of the very limited contexts where Canonical was already using it.

Neither is Flatpak, of course. But this is why Flatpak’s developers have been communicating with technical conference presentations and blog posts and trying to build a dialog with application developers and distributors, rather than issuing press releases trumpeting how great Flatpak is and how it’s ready to kill apt RIGHT NOW.

Here’s another interesting thing about Snaps: the server end (the ‘app store’ bit of the equation) is closed source, and Canonical have been refusing to tell anyone how to run their own ‘app store’ – see the comment from Cassidy James Blaede, of Elementary. If you want to distribute your snaps, your choices are 1) publish it through the Canonical store, entirely under Canonical’s control, 2) upload it as a file and tell people to use the CLI to install it, or 3) try to figure out how to reconfigure the snap client to use a different server by reading the source code, then write your own server end from scratch, and tell your users to do that. Hmm.

So: Snappy is, like Flatpak, a heavily-under-development, interesting attempt to provide an app store-like app provision mechanism for Linux. It is not finished, it is not close to finished. It is not independent or cross-distribution, it is entirely controlled by Canonical. It does not have, so far as I can tell, meaningful buy-in from a single major distribution outside of Ubuntu. It does not work properly on other distributions yet and it likely will not do so in the near future.

But apart from that, sure, it’s all ready to kill apt and dnf tomorrow!

sigh

Now I’m sure I will get criticized for being mean and nasty and cynical and attacking Canonical instead of being constructive and all they want to do is make things better for everyone, Adam why are you such an ass?

Well, if Canonical actually wanted to work constructively with others, the way to do so would be to talk to them. We have forums for cross-distribution and cross-project collaboration. Lots of them. We have tech conferences where you can go and talk about your project and try to get buy-in for it. Canonical could have come to other distributions and said, hey, how about we all try to get together behind a single format and a common delivery mechanism for this kind of a confined app bundle?

But they didn’t. They just decided to send out a wildly misleading press release and actively encourage the specialist press to report that Snappy was all set to take over the world and everyone was super happy with that.

That’s not being constructive or working together with others. That’s being a bunch of asshats and trying to present the rest of the community with a fait accompli – and notably, a fait accompli in which Canonical holds all the strings (by means of the Canonical CLA controlling contributions to the client end, and the closed source, closed shop server end that is owned entirely by Canonical).

107 Responses

  1. Bhaskar Chowdhury
    Bhaskar Chowdhury June 16, 2016 at 10:22 pm | | Reply

    Brusting the myth! so true Adam!

  2. Matěj Cepl
    Matěj Cepl June 16, 2016 at 10:29 pm | | Reply

    It should read “Unlike Flatpak, Snappy is not independent or cross-distribution, it is entirely controlled by Canonical.”, right?

  3. JamesH
    JamesH June 16, 2016 at 10:31 pm | | Reply

    FYI the closed source store situation is even more ridiculous when you check the snapd source code and the URL it hits is hardcoded … there’s not even configuration files for a custom repo/store.

    So even if you reverse engineered the API (a legally suspect activity thanks to Oracke versus Google) you’d also need to distribute your own patched client too…

    1. Daniel Holbach
      Daniel Holbach June 17, 2016 at 12:59 am | | Reply
      1. Daniel Alley
        Daniel Alley June 17, 2016 at 1:14 pm | | Reply

        Still, this only goes to prove Adam’s point. They’ve declared snappy cross-platform while only putting in the barest of minimum efforts to make it so.

  4. Carlos
    Carlos June 16, 2016 at 11:14 pm | | Reply

    Hey! Let’s talk about an improved delivery method with all the self-important grey-beards. 20 years later… everyone is still arguing.

    In your case… they screwed up the PR work. Yes, let’s focus on that…

    1. Jonathan
      Jonathan June 21, 2016 at 6:33 am | | Reply

      They haven’t screwed up the PR work, it’s a masterful bit of PR: they’ve got the media calling the winner in a race that hasn’t even started.

      1. Donny D
        Donny D August 16, 2016 at 1:53 pm | | Reply

        I would say that is more of a not fully truthful, or misleading bit of PR. They are not telling the whole story in a race that hasn’t started

  5. Stuart Ellis
    Stuart Ellis June 17, 2016 at 12:11 am | | Reply

    Thank you for stepping up and saying all of this. I read the arstechnica.com article and immediately thought “man, you really got played by Canonical, didn’t you?”, but was disappointed to see that outside of a few comments, nobody has talked about the fact that snap is basically a client for a proprietary Canonical app store, so can’t be adopted as any kind of standard unless the situation changes.

    1. aer
      aer June 26, 2016 at 5:30 pm | | Reply

      http://news.softpedia.com/news/canonical-demonstrates-how-easy-is-to-create-a-vendor-independent-snap-store-505664.shtml

      Anyone can create their own snap store. And Bret Barker has created a git hub repo for an open source snap store.

  6. probono
    probono June 17, 2016 at 12:57 am | | Reply

    See AppImage for a decentralized bundling system that allows upstreams to provide binaries (and binary delta updates) directly to end users without intermediaries. It is explicitly designed not to need special support from the distributions, and to allow an application downloaded once to be run on multiple distributions without re-downloading or installing it. http://appimage.org

  7. Xavier
    Xavier June 17, 2016 at 4:01 am | | Reply

    probono is omnipresent 😉

  8. Ralph Bromley
    Ralph Bromley June 17, 2016 at 5:32 am | | Reply

    Yeah but what is so bad about something that can make linux more simple to use if given some time?
    Look I know, some hardcore linux users love arch and gentoo and must love how friggin long it can to take to compile a package but some of use actually have lives to get to.
    Even right now when I dont have a job I dont want to spend six million years compiling software just so I can get the latest version of Vim/Emacs ratpoison and lynx so I can have my full bragging rights to be a hardcore linux user and not be some newb just coming over from windows.
    Because anyone who may want linux to be just a tad easier to work with is such a horrible crime.

    1. Ido
      Ido June 17, 2016 at 10:41 am | | Reply

      But that’s just the thing, some users want a user friendly system where installing packages (among other activities) is fast and easy, and some users want something they can tinker with, customize, etc. You cannot force a cross distribution package format on them, they’ll just use something that doesn’t do that. So you’ll end up with two types of users: the ones that “have lives to get to” will use something user friendly like Ubuntu, and the ones who have lots of free time on their hands will use something that doesn’t even have an installation program. Which is exactly what we already have in Linux right now! So the whole Snappy thing is pointless.

    2. Oese Papa
      Oese Papa June 18, 2016 at 6:49 am | | Reply

      Arch and Gentoo users know what they want. I’ts what works best for them. Hey if you don’t like vim/emacs+ratpoison come up with something that works for you and share. Or use leafpaf/gedit+Unity. It’s all about choice

    3. Andres
      Andres June 18, 2016 at 4:50 pm | | Reply

      Allow me to gve you a reply in the same tone that you disregard user diversity. If you don’t like Gentoo or Arch, it is most likely because you’re haven’t been able to use it in your main machine for at least a month, since when you got issues you just did not know how to solve them. So in short, just because you are a newbie you don’t have to shield and dismiss others with what they are doing. Compilation times nowadays have gone way down. I manage several linux servers, from Amazon Linux, to Ubuntu based and Funtoo containers. In all of them you have to spend time configuring it but wih Funtoo, getting things like php 7 in the exact configuration that you want, becomes a thing that you can totally do from official repos instead of third party ones.

    4. Ric Moore
      Ric Moore June 19, 2016 at 5:20 pm | | Reply

      I wonder how they created this package without GPL’d tools? Surely the GPL applies to Canonical if they used any part of the GNU tool chain?

  9. Eric Mesa
    Eric Mesa June 17, 2016 at 5:36 am | | Reply

    I doubt snap gets too far. With Ubuntu going MIR and everyone else going Wayland, I see things going towards Flatpack. If they go anywhere, that is. I’ve heard this story many times in the 13 years I’ve been using Linux. So far no one has unseated apt,yum/dnf, pacman, etc.

  10. Daniel Holbach
    Daniel Holbach June 17, 2016 at 6:19 am | | Reply

    Regarding the libreoffice snap size, read this: https://skyfromme.wordpress.com/2016/06/16/a-third-of-a-libreoffice-snap/

    It’s down to a third.

  11. evanx
    evanx June 17, 2016 at 9:19 am | | Reply

    It is used for real on their shipped phones, which is something.

    1. Martin Pitt
      Martin Pitt June 17, 2016 at 10:48 am | | Reply

      No, it’s not being used on Ubuntu Touch yet, that’s “click” (https://click.readthedocs.io), which is the predecessor to snap.

  12. Andrés Rodríguez
    Andrés Rodríguez June 17, 2016 at 12:51 pm | | Reply

    And just like Canonical sinned of disregarding Flatpak, you sin of disregarding AppImage, a truly community-led effort which is available right now and is as simple as it gets (download and run, no “handler” needed).

    1. Luya Tshimbalanga
      Luya Tshimbalanga June 17, 2016 at 2:01 pm | | Reply

      For information, AppImage is a renamed Klik. One issue why appimage got larger adoption: security.

      1. probono
        probono June 22, 2016 at 12:32 am | | Reply

        You are aware that you can run an AppImage in sandboxes such as Firejail or Bubblewrap (the same sandbox used by Snap{py, craft}? We’re working on making it easy to register the AppImage mime type with sandboxes. https://www.youtube.com/watch?v=7C9thHXPZd8

  13. Nick Coghlan
    Nick Coghlan June 17, 2016 at 3:40 pm | | Reply

    On the bundling-desktop-applications-without-sandboxing front, there have actually been quite a few attempts at that, and many of them reach beyond Linux to handle Windows and Mac OS X as well. The oldest one I’m personally aware of is Zero Install (which started way back in 2003): http://0install.net/

    The other big thing the original press release misses is that data center and most internet-of-things use cases don’t need full GUI support inside the sandbox, so network-and-console-only sandboxes like Docker, rkt and systemd-nspawn are already entirely sufficient (and significantly more mature and widely supported than Snappy or FlatPak).

    1. Jonathan
      Jonathan June 21, 2016 at 6:36 am | | Reply

      “On the bundling-desktop-applications-without-sandboxing front, there have actually been quite a few attempts at that”

      No shit hehe, remember Shell Archives? If not congratulations on a successful application of mind-bleach.

      The Bash folks did the world a favour when v3 broke most of them.

  14. Cory Hilliard
    Cory Hilliard June 18, 2016 at 5:15 am | | Reply

    Wow, great write up. The points you’ve made are ones that I have commented on in other posts. Had I read this commenting, I would have sounded a lot more informed and probably directed them to this post for clarity.

    You should keep writing. I enjoyed reading this. I like opinionated pieces that are based on truth. I am a little Red Hat/Fedora biased too. So it made me laugh a lot. 🙂

  15. captain_commandline
    captain_commandline June 18, 2016 at 3:04 pm | | Reply

    works qa
    criticizes devs
    creates divisiveness within a second-tier desktop os community

    Great job. I honestly think holy warriors like yourself don’t want your platform to succeed on the desktop level. Maybe we could try to move towards a unified system that doesn’t involve a CLI and the accompanying stupidity? What do you think is keeping people from migrating to Linux on the desktop? It’s not the price, that’s for sure. What can we learn from this and how can we adapt? Become the changelog you want to see in the world.

  16. Scoot
    Scoot June 18, 2016 at 3:31 pm | | Reply

    I’ve been a linux user since the mid 90s. The evolution and spread has been remarkable to witness, and we’re now fortunate to have many high quality distros, catering to pretty much every imaginable niche. The sociological evolution has been no less fascinating, oustanding contributions from small concerns like Elementary to the Red Hats and Canonicals at the juggernaut end. The community is remarkably good at bringing the ship back in line with its moral compass if anyone goes too far off piste at any time (think Wayland/Mir). That diversity is an essential part to what binds linux distros and users collectively – and separates the ecosystem from the single vendor proprietary alternatives.

    That’s all nice, but what’s the point? It’s this:

    Multiple, mutually incompatible packaging formats don’t help linux. Not only don’t they help, they actively and meaningfully detract from the ecosystem.

    If you’re an app builder, linux is a groan. Windows? Sure, package as an installer. Mac? Yup, chuck it in a .dmg. Linux? Oh bollocks. Right, I suppose I’ll need to do a deb. Oh, and an rpm. Or maybe people want to really type ‘configure, make, make install’. Do I need that as well? Ah screw it, I’ll just publish the source code and the users can work it out.

    I’m not criticising that you’ve highlighted some shady secrets in Snap. And we know Canonical have history with jumping off down dubious side roads sometimes.

    But seriously: put down the handbags. Mobile app stores show just how ludicrously easy it can and should be to find and install apps. If the combined bright minds at canonical and red hat just got together and said “y’know, app packaging isn’t a commercial differentiator between us. Let’s just come up with something great and agree on it” we’d all celebrate. We’d respect you more, revel in the simplicity and consistency, and rejoice that packaging our apps was as easy as win/mac.

    Of course there’s nothing to stop arch/gentoo continuing with their approach. It’s part of what makes them different, and a great example of the richness and diversity in the ecosystem. But for most – dare I say “mainstream” – linux users, we don’t care about package management system wars. We just want something that works.

    Let me say that again:

    MOST LINUX USERS DON’T CARE ABOUT WHICH PACKAGE MANAGEMENT SYSTEM IS BEST.

    They just want something that works. Consistently. Across distros. Because package management isn’t a competitive differentiator among mainstream distros. But it is compared to mac/win. And on that front, linux loses.

    Red Hat and Canonical do great stuff. It’s great that commercial organisations support linux, and can be successful through it. So bury the hatchet. Kiss and make up. Take a step back, and realise that it’ll be better for everyone if you stop fighting and instead use the energy to enrich and unify the ecosystem. Stop sniping like hormone-overdosed teenagers and instead do something great.

    You’ll get a lot more respect from the community if you do.

    1. captain_commandline
      captain_commandline June 18, 2016 at 6:59 pm | | Reply

      You’re a smart emm-eff… I like you, and I agree with you.

    2. Kevin
      Kevin June 19, 2016 at 11:12 am | | Reply

      “Windows? Sure, package as an installer. Mac? Yup, chuck it in a .dmg. Linux? Oh bollocks. Right, I suppose I’ll need to do a deb. Oh, and an rpm.”

      That’s one of the oldest strawmen.

      Just because there is a package system doesn’t mean you have to package for it.
      By that logic one could no longer make Windows installer since there is now an App Store for Windows.

      It has always been possible to use installers on other platforms than Windows, e.g. on OSX or Linux.

      The only platforms that require you to use a certain form of packaging are the mobile platforms.

  17. Doug McGarrett
    Doug McGarrett June 18, 2016 at 8:10 pm | | Reply

    I think your comments are right on the money. I was originally sucked in by the wondrous stuff that Canonical published, until I
    heard from the more sophisticated folks who know where to poke the holes. As it happens, I come from PCLOS, and in their Forum
    many of the same gotchas were mentioned.

    I think many of us–but certainly not all–would welcome more cross-distro commonality in app availability, and Scoop has sort of a point: “Mobile app stores show just how ludicrously easy it can and should be to find and install apps.” But unless I’m missing something, these apps are no more independent than Snappy. As I understand it, all of them are controlled and approved by Google, even tho they may not be written by them.

    Keep up the good work!

  18. Nikato Muirhead
    Nikato Muirhead June 19, 2016 at 2:33 am | | Reply

    Thank you so much for writing this article. All of this really needed to be said. I have written an article which does not address the truly scandalous nature of what canonical has done. I think the two articles complement each other. I did not find this article until after I wrote mine. Interesting that both came to the same conclusion. I will update my article to fix any technical misinformation and give attribution to this one.

    http://www.prettydesk.com/blog/snappy-vs-flatpak

  19. Connie
    Connie June 19, 2016 at 10:46 am | | Reply

    Press releases are not meant to be unexciting commentary. They are a marketing strategy. As such they are designed to promote one particular viewpoint…that of the source. It may be that Flatpacks are going to be distro agnostic and may have an open source repository server code. Canonical appears to be suggesting that they may at least canvas for other distros to join the club…including RH/Fedora. The reverse could be true in the future. All in all perception may be governed by the spin that is applied, or by ones own prejudices or bias. I am glad you declared your own position early on. It helps me contextualise the rest of the article. My personal opinion? I think Snappy is a good thing and hope it is widely adopted. Perhaps that is because no press releases from RH regarding flatpack has had such an impact (at least I had heard of neither Flatpack nor App Image before). But nice article, thanks.

    1. Gerald
      Gerald June 19, 2016 at 3:31 pm | | Reply

      You are absolutely correct in the purposes of press releases – and Canonical seems to do a great job in this regard. The media however continue to be a disappointment. Instead of doing journalism, they seem only to parrot talking points – which does a disservice to their readership. I don’t want spin… I want facts – and it appears the press release was misleading at best. I already view many of the Canonical articles with a healthy bit of skepticism – and this press release IMHO didn’t do Canonical (or their media sycophants) any favors in the credibility department.

  20. probono
    probono June 19, 2016 at 11:33 am | | Reply

    “UPDATE: since writing this post I’ve also been made aware of another system, AppImage (…) so I’ve heard – it does not attempt to do sandboxing like Snappy and Flatpak do, which is a major feature of those two implementations.”

    That’s actually not accurate, there are currently at least 2 sandbox implementations which are able to run AppImages, one being the Bubblewrap sandbox also used by Flatpak and the other being Firejail, which is even mentioned on the http://appimage.org/ homepage.

  21. Obligatory XKCD
    Obligatory XKCD June 19, 2016 at 11:54 am | | Reply
  22. ljones
    ljones June 19, 2016 at 1:55 pm | | Reply

    Ok. First of all, I’m not an expert here, nor a developer – just a user. But I have been using linux distros ever since 2003. It sounds like to me that all that snappy is going to do is make you snap – angrily!

    For me the fact that this thing is using propietary servers sounds alarm bells ringing. I mean why would anyone want that? I thought the whole idea of gnu/linux in the first place was to steer well clear away from that type of thing. It’s a message which has been around for 20+ years now; a warning and I thought most people nowadays understood this – evidently not. Having propietary stuff? I think we would be wise to remember the old adage; “if you give an inch, they’ll take a mile”.

    Sorry, no I’m going to call this one. Again I might not be an expert or a developer but I smell a rat on this one and it comes on top of a previous announcement. There’s something in all of this and this is why I say – I smell a rat – lurking in the shadows. It has a name, and that name is micro$oft.

    How do I draw that conclusion? Remember a month or two back when M$ announced that ubuntu command line tools now worked native in windows? Now how did that happen – it didn’t happen by magic did it, yes? And note that nothing came the other way btw. It is my belief that canonical assisted M$ to get those tools working in windows.

    How does that tie in? Well, run the clock forward. Canonical has the final say on what “apps” (what a horrible word, btw) are in its “store” (don’t you hate all this marketoid guff btw?), just like apple does; just like anroid does and just like M$ will in its own store. But then remember if there’s lots of “apps” in someway controlled by canonical in its store M$ could then buy that store, i.e. canonical itself. Ouch. And if enough people used it (snappy), that’d cause serious problems for gnu/linux users, yes? Congratulations, you just all got bought by M$.

    Yes I know I could be wrong. Yes I might be out by a county mile. But something dosen’t seem right at least with canonical – them possibly helping M$ to get ubuntu command line tools to work in windows is another very big and loud alarm.

    The more I look at canonical the more I see problems. If you want a look at the future btw, take a look at their “ubuntu tablet”. I forget where but I did read it isn’t even really ubuntu – it’s a cut down android with ubuntu on top; not much more than a really “good” chroot then I guess. And the “ubuntu” tablet comes with a whole host of c***pware which can’t be removed – lots of “scopes” that connect to propietary cloud services; no way to change the OS if you don’t like ubuntu (so no arch, debian, slackware, red hat etc.) .

    Sorry canonical but you can keep your propietary whatnots, your scopes that you can’t get rid off (tablet), your slow-but-creeping love of propietary and your want to control. I can only speak for myself but I don’t want it.

    Let me ask others – in your desire to find something – a package manager that “just works” what are you willing to throw overboard? What will you sacrifice? Do you really want to end up at a point like all the others; apple, android (google), M$ who spy and surveile you? You want in the end adverts everywhere and locks on everything?

    I apologise for going off topic, and I guess a lot of people out there will probably think I am nuts or a wingnut or just plain wrong or just really stupid. But — again as the old saying goes – “you never know”. For me, alarm bells are going off and let us not laugh by that. Because – just what if I’m right?

    ljones

  23. Adi
    Adi June 19, 2016 at 2:47 pm | | Reply

    Hello,
    Can you please post a link to the source code of Fedora’s store server? (I cannot find it)
    Can you please provide proof that those people which are not marked on github as working for Canonical, that they really are Caonical employees?
    How is this post constructive?
    Do you know that Fedora had similar CLA? How does it makes it better now that they changed it?
    How does Canonical’s CLA makes it worse than other big names are using (Apache, Qt, Python, Fedora)?
    A last point: xdg-app first commits where in 14 december 2014 (first test release as seen from mailing list was in may 2015), snappy’s initial release was on 9 december 2014 and from my knowledge it evolved from click packaging system.(this is what I found from my search).

    1. Charles
      Charles June 20, 2016 at 3:51 pm | | Reply

      If we look predecessor projects, Larsson (main flatpak developer) has sought to create applications with no dependencies and long before an ancestor of Flatpak could be Glick (https://blogs.gnome.org/alexl/2007/08/21/glick-01-released/) or more recently OSTree.

  24. Leslie Satenstein
    Leslie Satenstein June 19, 2016 at 4:54 pm | | Reply

    Hi Adam,
    This Montrealer says “The first to market sets the standard!” Canonical is trying to set the standard.
    In another way, I can envisage Canonical trying to repackage stuff so that maintenance and quality of deliverable can be guaranteed.

    I agree with your “rant”, and I appreciate your concerns about premature system designs being nominated as the standard.

  25. Lupus
    Lupus June 20, 2016 at 1:25 am | | Reply

    I agree with Adi.
    On a different note, I quit using RedHat back in 2005 and never used Fedora. And I have not been using Ubuntu in last six years. For my work I use Debian and SmartOS. As to the post, I got an impression that some guys at RedHat/Fedora got very anxious because of new developments at Cannonical. It seems, the old times are gone, the latter are also in bed with M$, which may feel like a threesome now. As to me, quite honestly, I do not care about either Snappy or FlatPack or any other stuff from either Cannonical or RedHat. Who cares about yesterday? What guys at Data Centers care about are infrastructure and containers and their orchestration solution technologies.

    1. UNIX admin
      UNIX admin July 11, 2016 at 5:23 am | | Reply

      Good on you for using SmartOS; finally somebody who knows what’s going on, and I bet you don’t have priority 1 incidents going on at wee hours in the morning “because Linux technology from the ’90’s!”

  26. antikythera
    antikythera June 20, 2016 at 2:54 am | | Reply

    Well laid out response to the FUD Adam. I wasn’t aware of the shenanigans Ubuntu PR were up to with snap, very enlightening indeed!

  27. JackN
    JackN June 20, 2016 at 4:57 am | | Reply

    “At the time this Panglossian PR was sent out, there were exactly two actual useful applications available as snaps: LibreOffice and Krita”

    Is is purely personal what the “useful” is, but there are 134 snappy apps currently available: https://uappexplorer.com/apps?type=snappy

    1. JackN
      JackN June 20, 2016 at 5:06 am | | Reply

      It looks like this web page is not really up to date. There are even more packages available. There are no LibreOffice and Krita. There is also no VLC as demonstrated from http://www.thelinuxrain.com/articles/snaps-a-good-way-to-test-the-latest-apps

      But I do get your point. PR can make a lot of damage and maybe there is some room for engineers to cooperate, but because of bad PR there is less likely this is going to happen.

      Also if someone would like to read “Snappy vs flatpak” blog post: http://www.prettydesk.com/blog/snappy-vs-flatpak
      Interesting read.

      1. JackN
        JackN June 20, 2016 at 5:20 am | | Reply

        I have look at actual packages that are available to install from Ubuntu 16.04:
        sudo snap find
        and it lists 62 packages. Currently there is no LibreOffice listed, but there are Krita and VLC. So it looks like LibreOffice is not ready to be installed for general public.

        What does Snappy do:
        1. Security isolation.
        2. Transactional – you can rollback to previous version.
        3. Sandbox from existing system – testing new version is very easy, without breaking existing system/applications.

    2. Charles
      Charles June 20, 2016 at 4:02 pm | | Reply

      True, Canonical takes time with his initiative Snap Ubuntu-specific (before the press release), but the funny thing is that most of these applications have been built for them (employees of Canonical) and other volunteers, however the idea behind it is that are software authors who are distribute their applications directly. Again, this gives the wrong impression that developers are interested in this distribution system.

      1. JackN
        JackN June 20, 2016 at 10:33 pm | | Reply

        In my humble opinion. Developers are interested in a system (ecosystem) that works. That is the only reason I still use Windows (beside Linux), because there is always some program that will gonna run fine on Windows and not available on Linux (like updating GPS device, IRS application using Internet Explorer plug-in, local photo shop only offering Windows version of application).

        What I would like to write is, developers are interested in working ecosystem. Why would now developers bother to create snaps if only Ubuntu 16.04 (not even older versions of Ubuntu like with PPAs) can be targeted.

        Creating a ecosystem is difficult. What in my humble opinion Canonical is trying to do is creating little bit a push to demonstrate how easy it is to create a snap.

        What is currently also needed is some GUI application that supports snap. Currently there is only command line option, which is not really suitable for average Joe.

        It looks to me that standard practice of PR is rushing it to early to much. To get some interest from people early. We are not used to when application gets out like version 1.0 it is not stable enough, it is actually in alpha or beta stage and should not be used by average Joe at the moment of release. Just like Ubuntu 16.04, I have installed it two weeks ago and having many many problems, but problems are being solved one at the time. It is needed a mass to go from few (alpha/beta version), to official release (early adopters), to normal release average Joe, to super stable Joe’s grandma.

  28. phil taylor
    phil taylor June 20, 2016 at 9:47 pm | | Reply

    Certainly something needs to be done about Linux application installation. The current distro/repository system is pathetic. The applications obviously should not be distro specific, and even more so should not be distro-version specific. I would welcome any solution that works, even if it is not all that secure.

    However, i cannot help but think that a better solution to making applications universal in Linux would be to do away with all the me-too slightly-different-wallpaper Linux distros. What really makes the Mac, Windows, Android environments easy to install on is that there is only one of each. Do we really need hundreds if not thousands of Linux distros and all these skilled developers wasting their precious time doing the exact same thing over and over again every six months or a year on all these stupid distros?

    What we need is a world with Mac, Windows, Android and Linux – NOT Mac, Windows, Android, Red Hat, Suse, Ubuntu, Lubuntu, Xubuntu, Ubuntu Gnome, Anotherbuntu, Debian, Fedora, Mint, Manjaro, Arch, Slackware, Puppy, Kitten, DoggyDooDoo, etc,etc,etc,etc, ad inifinitum.

    1. JackN
      JackN June 20, 2016 at 10:47 pm | | Reply

      What I like about Linux is (I use it for last 8 years) I have never ever install a malware, half backed commercial trial etc in Linux. Package maintainers takes care of this. You can’t package malware and expect to be a package maintainer any more. Not possible.

      What isn’t there only one united Linux, because of open-source. You can take open-source, change it at release. You can’t take e.g. Windows code and release, because company will not allowed you to do this.

      The biggest strength of Linux is diversity, there can’t be a single player to rule all others out of the game. There are stronger and weaker players, but non of them is one single rule others out player.

      To get this strength (diversity), you get into complicated world where nothing gets easy. But this diversity has it’s costs. There is very hard to create an application to target bigger portion of Linux ecosystem. And Linux ecosystem on desktop is small by itself and it is going to be difficult to get much bigger because of its nature (diversity).

      For example it is logical it is waste of public money if IRS is obligated to create a Linux version of program. They can create Windows version and 99% of people are going to used it. Creating Linux version is a lot of wasted time/money. And if they decide to create Linux version, they will probably build Ubuntu or Suse or Fedora or something popular, that will target like 20% of Linux users (I don’t know exact numbers), what about all others.

      1. phil taylor
        phil taylor June 20, 2016 at 11:17 pm | | Reply

        You say that “The biggest strength of Linux is diversity” whearas i would say that is its biggest weakness. There are perhaps three major web browsers for Linux (Firefox, Chrome, Opera), not hundreds or thousands, and two major email clients (Evolution, Thunderbird), not hundreds or thousands. Why does there need to be all these hundreds of distros? Do we really need a distro for each particular specific purpose? Do we need a Monday distro and a Tuesday distro, one for each day of the week? Windows users, which far outnumber Linux users, seem to be quite happy with having just one Windows version, or perhaps three or four if you count the older releases. Do you see Windows users or Mac users or Andoird users clamouring for there to be hundreds of different versions? There are only two versions of the iPhone at any one time. I have not noticed any forum posts by agitated iPhone users asking for there to be twnety of thirty different types of iPhone. In fact i would argue that the lack of choice in the Apple range of poducts is a major part of the reason for its stellar success.

        People often state that choice is one of the great aspects of open source or free software, but there seems to be little logic offered to back this up. Sure theres lots of choice, but can we blithely assume that must be good?

        There are four or five major Linux desktops, not four or five hundred. The operating system is supposed to be the backbone of the computer – its the apps that you use a computer for – they run under the OS. We really don’t need hundreds of OS’s, especially when they are all virtually the same.

  29. JackN
    JackN June 21, 2016 at 3:18 am | | Reply

    “Phoronix quickly found that the LibreOffice snap was huge (over 1GB in size) and buggy.”

    If you look at the https://skyfromme.wordpress.com/2016/06/16/a-third-of-a-libreoffice-snap/ blog post it is clear LibreOffice 5.2-beta was released as snap and not official stable LibreOffice 5.1. The purpose of LibreOffice 5.2-beta snap is for bug hunting and not for average Joe to use it.

    The size was 1 GB because of debug feature was turned on. Now two snap packages where created “libreoffice-debug” (the one with 1GB) and “libreoffice” (287MB) for non-debug use. From installation instruction is is also obvious LibreOffice is not in snap repository yet. I has to be manually downloaded/installed.

    P.S. By this sample it is also obvious that Ubuntu Software Store is not a requirement to install snap package.

    1. JackN
      JackN June 21, 2016 at 3:19 am | | Reply
    2. Frank
      Frank June 21, 2016 at 9:50 am | | Reply

      You’d better read Adam’s blogpost properly. He doesn’t say you cannot install snaps independently on the Ubuntu Software Store. Yes, you can install individual snaps, but who’s going to take care of updates? Are you going to check every day if the snap you manually downloaded has been updated? Right now, there is no open, independent implementation of snap repo/store, just the one controlled by Canonical. As Adam writes you have two options: 1. implement your own store and modify the client to work with your store, 2. submit snaps to Canonical’s repo. On the contrary, Flatpak allows you to easily create your own repo and distribute updates directly to your users without Red Hat being anyhow involved. See the difference?

  30. Jet Walsh
    Jet Walsh June 21, 2016 at 7:04 am | | Reply

    adamw,

    You’re an ass. 🙂 Thank you for being that ass though and calling shens. Sometimes someone needs to stand up and say “The emperor has no clothes.”

  31. DS
    DS June 21, 2016 at 11:14 am | | Reply

    adamw is right. This is the style of Canonical, disgusting shit!

  32. Zac Cleaves
    Zac Cleaves June 21, 2016 at 5:14 pm | | Reply

    Snappy is not the same thing as snap. Kind of takes away from your argument when you can’t even properly name the technologies your discussing.

  33. probono
    probono June 22, 2016 at 12:28 am | | Reply

    Is this directionally right?

    Snap = the application bundle.
    Requires: Snappy = Ubuntu Core distribution image.
    Recommends: Snapcraft = Canonical’s store.

  34. john
    john June 22, 2016 at 4:00 am | | Reply

    People never seem to learn!!!

    Why oh why from all the wonderful distros out there people seem to choose the worst of them all…….

    this publicity is pretty much like that one about ubuntu being the easiest distro to use. Easiest?!?! Where?! I find Opensuse, for example, a lot easier to use that ubuntu. I don’t have to touch the CLI if i don’t want to, for example. But there are others easier!!! But noooo ubuntu is the boss!!! the easiest to use… yeah… in their dreams!!!

    People don’t look whats beneath. They walk on ice like they’re walking on rock… i wonder what will happen when they feel the cold icy water…

    the best canonical has in their office are the publicity guys (even if they deform the truth sometimes)!!! They do a great job (Seriously!!!). Without that guys canonical would already gone the way of the Dodo.

  35. john
    john June 22, 2016 at 4:02 am | | Reply

    now that’s funny… a different john with a different opinion. Ain’t that pretty!!!

    My post fitted like a glove beneath his XD

  36. Frederico Lima
    Frederico Lima June 23, 2016 at 1:23 pm | | Reply

    Fuck You Canonical!
    Thanks Adam.

  37. Ben
    Ben June 25, 2016 at 10:10 am | | Reply

    Adam, you covered AppImage in passing and I’d like to provide a little more info there. You said you were not sure if AppImage provides a sandbox. It does not, by default, but AppImage programs can be run inside Firejail. Firejail not only provides a sandbox, but it also guards against X-related attacks (like keylogging) which Flatpak and Snap do not, at least not without Wayland/Mir. So with AppImage you can run apps exposed or in a sandbox. In the latter situation it’s actually more secure than either alternative right now.

  38. bob
    bob June 29, 2016 at 9:38 pm | | Reply

    boring. its crap like this post that embarasses me the most about linux. i dont watch soaps on tv and i sure aint gonna join a camp based on butthurt. grow up a little bit. in my world walking the walk wins. if you put half as much effort into making this system usable as you all collectively whine about, there wouldnt be a need to express such noise.
    i dont give a rats arse what company does what. if you are in for a penny, you are in for a pound. stop telling me you are better than everyone else and show me. because until you can, all i will remember about flatpacks is second place whiners. i want a system that is as truly independant as possible but moreso i want ease of packaging. right now snaps wins. if you can free up the dependancy for gtk3 version “whatever is stable today”. it might be worth a second look.

  39. aer
    aer July 1, 2016 at 4:53 pm | | Reply

    Everytime Canonical releases a product and advertise it(Canonical is for profit), someone at Redhat will cry foul.
    It seems there are three camps in the Linux world, Anti-Canonical which is pro Redhat, pro Canonical, and neutral people who uses both RPM-based and Deb-based.

    Anti-Canonical seems to be very vocal, like atheists posting garbage at quora.

    1. john
      john July 6, 2016 at 7:07 am | | Reply

      I really don’t think Anti-Canonical are necessarily “pro Redhat” and i wouldn’t put them in 3 groups. I would put them in 2: people that love OpenSource and, as such, has a main interest in advancing technology that can be used by everyone (and normally these people tend to post things has they really are) and everyone else… 😉

      so… there is no such thing as Anti-Canonical! Just people who do like the truth simple and clean 😉

    2. john
      john July 6, 2016 at 7:16 am | | Reply

      Oh, and before you call me “RedHat-boy” let me tell you that i don’t use ANY RedHat tools and i never used anything RedHat.

      I do, however, understand and agree with 90% of their Points of View concerning OpenSource (as most other Distro users! Except, maybe, canonical users of course…)

  40. frodo
    frodo July 15, 2016 at 9:55 am | | Reply

    sounds like sour grapes to me. if i peel away the smoke and mirrors, the ones whining the loudest are angry they didnt do this first. thats all. you can damn well bet fedora wishes flatpack was the only contender. this stuff is rich, really good entertainment. grown men crying. fedora will never get over this because they have assumed the role of aggressor. this makes the people behind flat pack look angry, violent untrustworthy and even unreliable. if i had to choose a food based on the way ubuntu and fedora run this campaign, then snap me cuz flat packs leave me hungry.

  41. G Max
    G Max July 20, 2016 at 7:40 am | | Reply

    Well , I have seen Red Hat biased views here and am a bit saddened by the spew from them but not surprised. Red Hat thinks it is the Big God of Linux but it is been far more controlling in the way it promotes its Limited System. This causes me to have a bad taste in my mouth for Red Hat. There is No use of bashing another Linux distro and Mark Shuttleworth has always been a Gentleman in that. I have been on Red Hats article sites and read their bashing of anything but Red Hat. Ubuntu has brought more regular NON geek users to Linux than any other distro. Where is Red Hat on the phone and tablet? Red Hat is great in servers and ok in cloud. Things are evolving and Red Hat is Not the Big Dog it arrogantly thinks it is in the Future. Wonder why AT&T just to mention one a many that are moving to Ubuntu/Canonical? There is room for all without bashing one another in this fast moving tech world. Egos and lack of understanding by the Red Hat biased folks here is distasteful. Linux Forever.!!!

  42. MGage Morgan
    MGage Morgan July 30, 2016 at 7:19 pm | | Reply

    Now, I don’t know if anyone else has noticed recently, but Canonical Ltd. seems to be slowly but surely moving away from open source and the FOSS community. Yeah, sure, they open-sourced Ubuntu, but even then, newer products like Ubuntu phone are closed source. You won’t ever see me on an Ubuntu phone because that’s how much I dislike closed-off, gatekeeper’s products. Then as pointed out above, the “app store” is closed off. Then, there’s collab with Microsoft, which to me was heavily irritating to watch Canonical do. There have been reports that Ubuntu’s website used to say “Ubuntu GNU/Linux” and now there’s no acknowledgement of the “GNU/Linux” part in order “not to scare users away.” A good part of the reason to move to Fedora for me at least a few days back was because I’ve noticed Fedora doesn’t try to be something it’s not like Ubuntu does. After so long, enough is seriously enough.

  43. Danilo
    Danilo August 9, 2016 at 9:12 am | | Reply

    Heh, just came around this. It’s funny you get annoyed at a press release and what it “heavily implies”, yet you are not annoyed at what eg. Red Hat web site implies. Eg. page at https://www.redhat.com/en/about/trusted implies how “100% airlines” (from the Fortune 500 list) use exclusively Red Hat. No, it doesn’t say that, it says “100% airlines ‘rely’ on Red Hat”, but that’s the same PR tactic (how many airlines is that? 1 or 50? do they have RedHat on a single developers’ box along with a support contract or thousands of servers? to a critical eye, web site is plain horse-shit, just like Snappy PR is). Just like the Canonical’s PR is making the narrative imply something without really being untruthful (I know you might disagree with this bit as well, but let’s say what issues you bring up are “bugs” ;).

    I suppose you are more annoyed at “journalists” picking that up and running with it as gospel.

    I’ve long ago proclaimed that all marketing is evil as it transcends into the morally shaky ground of not necessarily lying, but using researched techniques (yes, actual science) to lead people to form an opinion favorable to the one who is advertising. I make an effort to buy shaving cream that is not for the “sensitive skin”, because every other one is (look, you slide a very sharp blade over your face and expect to not have irritated skin? good luck!).

    This is a sales pitch to get software vendors interested in a technology in order to develop the last mile of that technology. I suggest you don’t get annoyed at it, because that’s how marketing departments work, including the one at Red Hat.

    PS. I might be biased as well. 🙂

  44. swar
    swar October 28, 2016 at 9:33 pm | | Reply

    Until flatpak is on the same level for “deploying daemons as flatpak/snap app on a headless machine” , it should not think of itself as parity with snap.

  45. Joao Cordeiro
    Joao Cordeiro November 18, 2016 at 2:04 am | | Reply

    It is clear to me that your anger with Canonical already existed before this review.
    While what you say may be 100% true,the conclusion is 100% anti Canonical. Here are some examples.
    All servers are private. If they contain ilegal stuff the owner will have problems. It is a good practice to inform the terms of use of that server and make then agree.
    But this is a non issue. The idea is for every one to have their own store instead of using the Canonical store. There, you dont have to agree with nothing.

    Lxc and lxd are suported by the kernel. Every linux distro suports it. Small configuration values do not remove suport. Just join your distro maintainers team and activate them.

Leave a Reply

Your email address will not be published. Required fields are marked *