There are big wishes for Signal to adopt the perfectly working Flatpak.
This will make Signal show up in the verified subsection of Flathub, it will improve trust, allow a central place for bug reports and support and ease maintenance.
Flatpak works on pretty much all Distros, including the ones covered by their current “Linux = Ubuntu” .deb repo.
To make a good decision, we need to have some statistics about who uses which package.
It sucks that they don’t allow a survey without logging in first. Had to create an account extra for taking part…
Its not a Signal survey, this is by a random user.
You can register anonymously.
The way you posted this made it seem it was an official signal survey
It is used as such, and Signal wont start one so well…
How do you know it’s used as an official one would be?
It isnt, thats why I spreaded this link into multiple communities
The worst part about signing up somewhere is the amount of email spam that will land in you inbox. I don’t know about their specific configuration, but by default Discourse (the forum software they use) sends weekly “digest emails” if you haven’t visited the site for a week. So make sure to turn them off.
Use SimpleLogin and Bitwarden for everything. I never use the same email or password anywhere and can turn off receiving emails from the source for each account.
USERNAMES
I’d love this but also temp sub users, I have it linked to my phone but I’d like to keep my real username and phone number private if using the app outside of my circle.
The post here is a link to an online survey being done by the Signal Community. Users need to follow the link to answer the survey if they wish (but it means creating yet another new account which I’m getting pretty tired of as I’m now passing over 900 different logins all with unique passwords etc ;-)
Understandable, if you dont care just use a temporary email like altadress
I don’t care about the packaging format so much as about either having a Qt or GTK version or even just being able to open it in my browser.
There is Flare. I haven’t used it myself because it’s not official and I don’t know what it will do to e.g. my backups, but just sharing in case you’re interested.
Well, the .deb only works on Ubuntu and derivates so that doesnt really matter
What do you mean?
I didnt get your scentence. Yes I agree having a native Qt/Slint version would be cool. But the code still needs to be packaged for distros and Electron is horrible but solves like everything for them.
I prefer the deb that works. I get a signal.update almost every other day. I don’t remember to update my flatpaks anywhere near that often. I also appreciate that it doesn’t force me to include dependencies that are already met.
You can update flatpaks automatically using systemd. Automatic updates are a thing and should be everywhere.
https://discuss.kde.org/t/improving-metered-network-detection-and-usage/9287
Automatic updates are a thing and should be everywhere.
Absolutely not…most especially prior to production deployment. How else would someone see the change logs before hand or see/test if it would hurt their environment?
I have no idea what a production environment is for you. If it is some kind of sealed off stuff yeah maybe, but otherwise I hope you use a Distro that handles updates the way you need it.
Not updating because things will break is a sign of a bad distro.
Production environment is typically in the corporate world, not usually a homelab. Service providers often have a SLA uptime guarantee of 99%. They don’t often push patches as soon as available due to the varied nature of corporate environment. They don’t have one or two PCs to worry about: they can have tens of thousands. Downtime equates to money lost. So patches get tested before being deployed. Depending on the patch, that can be 48 hours to a week or two. Major OS upgrades can be months-long test, but the company usually does that and follows it while it’s still in beta.
Updates are pointed to a server the company controls, not the Internet. Updates get tested on test servers and test machines that replicate those in production. It typically gets monitored for 48 hours to measure glitches and performance. Once satisfied, the company controlled update server pushes into production machines.
This is just a random user doing a very unrepresentative poll back in June last year - I don’t think it’ll influence Flatpak adoption in any way.
Luckily for me, I’m on an Ubuntu derivative. So
apt upgradejust does it. Sorry, OP, works for me in my preferred way, I don’t need any flatpacks. Let’s hope once they do one they keep building .debs nonetheless.Flatpaks work just as well. It is an electron app, that causes all the bloat. Signal is modern and everything apart drag&drop and maybe a tray icon (havent tried that) works.
The appeal of signal is it is a good option (may have flaws but it is better than say discord) and it’s pretty easy to get normies using it, all the other alternatives you mentioned are obscure and convincing normies such as friends and family to use them is much harder, and while signal isn’t perfect, it’s certainly better than whatsapp or other proprietary solutions
So… not using Signal because it’s based off a conspiracy theory that it’s secretly funded by CIA?
Well, let’s stop using RSA and encryption because the most used secure crypto algorithms today were created by none other than the NSA!
EDIT: None of the alternatives provided are good alternatives for Signal. Matrix is an extremely complicated protocol that lacks some features compared to normal IM apps (I use Matrix and the experience is quite close to a standard messaging app). XMPP is dead and has a very niche userbase. The others are not suitable for being a daily messaging app.
Signal is a good alternative and while I do agree with some points, they are not bad enough to prevent you from using it (e.g. not having usernames).
those were some bullshit bullet points lmao
They’re actually very good points.
The problem is that all the suggested alternatives are unworkable for adoption by the general public (they require stuff like Tor, self-hosting etc.)
one of the points is cia funding. they are bullshit
Oh look an essay full of fearmongering that adds nothing to the discussion. Thanks for contributing!
Tbf it does suggest several alternatives.
It’s by one of the Lemmy founders btw
Personally I install it with pacman and generally avoid Flatpaks due to annoying problems I’ve had with it limiting filesystem access in the past. My biggest problem is that it seems to “forget” that I’m logged in if I don’t use it regularly, meaning I have to regularly re-auth it on my desktop since I use it infrequently there.
Flatpaks are generally made way to loosely. Always “not breaking” > “being secure”.
So this should not really be the case, drag&drop doesnt work yet, maybe copy-pasting files doesnt if the app cannot access that directory statically (you need to add an attachment from within the app, your file picker will open which is a “portal” which links that file into the apps container and thus allows the app to see it.)
Everything else works normally, screensharing too
That’s an understandable goal, but as a user, breaking the user experience when I go to send a file to someone only to find that I can’t even see it in some apps is a deal breaker. If the app can’t be trusted to do that, I won’t use it.
What do you mean by this?
This makes no sense.
You cannot trust any app to do anything. Look at their code, or ask people that know people that heard of people that looked at their code (how it is currently done in FOSS, lol).
Modern apps integrate portals & pipewire permissions. Bad apps dont, and they suck. Please annoy Slack with that, they have to adopt the Flatpak and modernize the code. Its like a few dozen lines to replace a custom own filepicker with the xdg-desktop-portal file picker of the OS.
I wasn’t talking about Slack. Actually, my worst Flatpak experience was with PyCharm. The fs limitations mean it couldn’t see files like
${HOME}/.config/git/ignoreor load up my shell environment inside the IDE. It’s basically a neutered version of the app because someone decided to draw the security/usability line too far in the one direction.It’s fine if you think that’s a good idea, but as a user, the choice of packaging means it’s not useful to me, so I won’t use it.
Oh, the user above was mentioning slack, sorry.
Pycham is also proprietary. This is an unofficial repackage of the app done by volunteers.
It probably works fine just not for your workload. But I can imagine why someone would want to sandbox Pycharm…
And to your issues, have you even tried to poke holes in the sandbox? You can use KDEs settings or Flatseal.
Launching a terminal can be done via flatpak-spawn.
I think you dont get this. Flatpak is important. Linux is completely powerless, there are people installing invasive apps which then can do what they can on Windows. Compare that to Android (which is obviously way less complicated because of how apps are used).
Flatpak is a new system to build apps, of course it cant read some
~/.configdirectory thats the point. If you store stuff there you are used to a different way and will need to adapt. Or you use their official binaries.Just because apps are not ready this doesnt mean it is not clearly the way we will do GUI apps. 800+ apps officially verified. We are approaching official universal Linux support here!
No, I haven’t tried to poke a hole in a sandbox. Generally speaking, if I have a choice between
pacman -S <app>or “install with Flatpak and then fiddle with sandbox settings” I opt for the former. I get that you think this is important, and Flatpak is a nifty idea, but in terms of usability, it has failed me repeatedly to the point where I don’t want to use it, so I don’t.You seem to becoming from a position of “Flatpak good, so everyone must use it”, which is nice, but it’s naïve. Flatpak is ok, but it has usability problems, and since you want people to use it, usability is kind of important. It also introduces a frustrating divide from a user perspective. The idea that “desktop apps” should be installed via Flatpak, and everything else with a proper package manager is madness from a user’s perspective. I don’t understand how you can’t see that, but you’re going to have to accept it 'cause newsflash: not everyone thinks like you.
Finally, packaging for Flatpack is a Pain In The Ass. I say this as someone who’s tried it. The build system is clearly biased toward particular use cases and particular languages, which is great if you’re in that camp, but for everyone else it comes across as impractical for the intended purpose.
So yeah, it’s great that this is important to you. Go ahead and develop the shit out of Flatpak, and maybe even work on the user experience some more. I’ll keep having a look from time to time, but for now, it’s not happening, and this attitude of yours, that the rest of us will just “need to adapt” to your preferred way of working… if I wanted that I’d use a Mac. GTFO.
Its easy. If you have a problem, report it. Instead of arguing about it they may have already fixed it.
If you want to run a proprietary app unconfined, do so.
But you also have to admit that reading some git config in a non flatpak directory is actively against the sandboxing principle, and thus requires manually allowing that access.
Sure, flatpaks need more popups that do exactly that.
Dividing “GUI apps” and other packages is easy. Go to a store, if it has an icon, install it via flatpak, if it has no icon, then you may not do that.
Appstream metadata so to speak.
Finally, packaging for Flatpack is a Pain In The Ass
Agreed.
okay maybe stop being so rude? Flatpak is the possibility for a secure system. We see how painfully slow adoption for that is on every Desktop, mac and windows too.
But it is great to have this, and I am sure we could make your Pycharm work by applying that override. The rest has to be done by the developers and it is important to care.
It is the same as with wayland, people need to change their software to ask for permission, follow standards and dont do weird shit. Only then the UX is solved.
And by the way what is stopping you from just using some apps as native system apps, and flatpak for the rest?
Last time I installed slack through flatpack I couldn’t send any files. Not through drag-and-drop, neither through the filepicker. The latter was just empty.
Downloading files from slack also had awfully weird side-effects.
Slack doesn’t have an apt repo, so I download debs and updat manually. Maybe once half-a-year.
If that’s the experience I’d get on my signal through flatpack, I’d also rather be downloading manually. And I’d even compile from source rather than deal with that flatpack stuff.
This is just so bad. I can’t use anything snap/flatpack cuz it simply won’t let me send a file. As it runs on it’s on file subsystem and doesn’t have access to anything else.
On the other hand, an app that has access to my entire hard-drive is awfully insecure, right? So, what’s the solution?
in the meantime they could include an option “I allow this app to acess my whole $HOME, thanks, I need it cuz I am a user not a security researcher”. Until then I’m not touching flatpack
I just use discord or WhatsApp on chromium in my Linux install xd
The heck are you all talking about? The post says Linux and Flatpack, while everyone somehow is discussing why signal is not on f-driod.
How the heck is this related?
Hahaha, any comment here makes no sense. This is just to help that guy have an actually somewhat useful survey, because Signal devs have very strange priorities
I generally use the latest available.
I tend not to use flatpack. I lost a few nights trying to get OBS plugins to work in flat pack. It would probably be fine for something as simple and straightforward as signal. But it’s more or less nothing but disadvantage to end users. That said I’m sure it’s a great savings for you guys.
Native desktop version.
What does that mean?
First being able to use the service first-class on the desktop without registering with phone app first. Second is using native desktop technologies for the app, as Signal currently uses Electron so it is basically a website running in separate Chromium web browser without tabs.
That’s a very gross oversimplification of what Electron is.
Agreed
I’m thinking about abandoning Signal given the fact that they use AWS servers, still insist on requiring a phone number to use the APP and haven’t yet implemented nicknames like Telegram
If you want absolute control over your communications, the only way is to self-host an XMPP server
Yeah Signal sucks a lot. It is poorly very convenient to use.
XMPP had too little funding. But it could totally replace Signal, no question.
SimpleX is also cool and truly privacy first
Your data is always encrypted before it reaches the AWS servers though, so it’s not like Amazon has access to them. The phone number/nicknames is still in progress, but it’s hard to do that securely, and given that their user base is really big now, they also need to make sure it works well for everybody.
The concerns about AWS servers are around metadata. If metadata were not a concern, why not just use Whatsapp? They use the Signal protocol so messages are end-to-end encrypted by default, and most people already have it or are willing to download it as compared to Signal.
Signal also encrypts your metadata. (And notably, WhatsApp does not.)
That seems like the wrong place to link to. Shouldn’t you be linking to Sealed Sender?
Why not matrix?
Matrix, the protocol, is quite nice.
Element, the Matrix reference client, is too complicated IMO. If everyone were to only use FluffyChat, it would be great but then FluffyChat afaik doesn’t implement every protocol feature and and you could end up in compatibility issues with Element users.
Purely as a client I find Telegram the most convenient. I think more should copy their homework from there, heck perhaps post the client to Matrix.
Both are great for chat! End of debate.
Not being able to run Signal on my Android tablet feels really inconvenient. That would be no. 1 on my wish list
Try Molly on both devices but yeah Signal should fix this.
That’s the biggest pain point with Signal and WhatsApp in my opinion. Telegram does it, but then of course it’s much easier for them to support. Sharing content from my tablet is such a hassle.
I use warpinator to share between my phone, laptop and desktop at home. It uses the local network.
But yea, I use signal to share often, when I am out.
