I hear that the Mozilla team ppa is not guaranteed to be maintained or not, so if you want nothing to do with snap, the tar.gz version is the best as it updates automatically and opens faster than either snap or flatpak.
2 Likes
Just to add a bit of trivia…
According to my dusty memory, PPAs were never guaranteed to be maintained. They’re really just for personal archives, but we’ve been using them in ways never intended. That was, again according to my dusty memory, one of the motivating factors to create Snaps in the first place.
6 Likes
@BasilCat Thanks for posting the how to install the non-snap Firefox.
I’ve now seen the light about Snaps not being a good choice on my old outdated junk box computers.
Thanks again.
I was going to post that the snap firefox is too slow to start (and I have an nvme ssd).
I think it was a mistake to go to snaps (the pros seem to be for developers and they are volunteers so …).
Thanks for the instructions.
EDIT:
I may stick with the snap (at least give me time to get used to it).
Why have shared libraries at all anymore?
Actually, there’s one very powerful pro that Snap gives to end users - improved security.
Programs are complex systems, and the computers they run on are even more complex. One somewhat annoying thing about computers is that, if you have the proper privileges, they do whatever you tell them to, no matter how ill-advised your command happens to be. As a result, it’s entirely possible for a program to accidentally butcher itself while you’re using it, causing all sorts of “interesting” problems. And because of how complicated computers are internally, developers actually make self-butchering code all too often, and then release it to the general public. Usually you have to do a very specific series of odd and tricky steps to get a program to really glitch out like this, but it’s doable.
Sometimes these bugs allow a user to modify the program’s executable code by feeding it wonky data, triggering the bug. If a user knows how the bug works in sufficient detail, they can put their own executable code into the wonky data, then feed the data to the program. The bug triggers, the code gets overwritten, and the program proceeds to execute whatever it was fed by the malicious user. This generally ends in a program crash (though not always), but it also results in arbitrary code being run from a chunk of data that shouldn’t have been executable.
And guess what Web browsers do? They download arbitrary data and perform a number of highly complicated and advanced operations on that data to get it to display a Web page on our screen. Say there’s an arbitrary code executing bug in the browser, and you load a Web page that happens to be designed to exploit that bug. Now whatever code the web page creator wants to be run on your system, gets run, without your permission. The possibilities at this point are generally endless - all the malicious web page maker has to do is make the executable snippet they give you download some application from a predefined location on the Internet and then run it.
Sounds like a perfect method of distributing malware? That’s because it is.
That means that if you don’t get a timely Web browser update, and you accidentally click on the wrong website during your Internet travels, it’s entirely possible that you just got hacked, and the malware now has access to everything in your system that’s user-readable.
Unless your browser is in a Snap package.
Once you Snap your browser, things change. Even if a malicious website sneaks some malware in your system through your browser, it doesn’t get full access to your whole system. Instead, it gets to stare at the mostly useless insides of a Snap container. Admittedly, it would be theoretically possible for a piece of malware to sneak through your browser AND break out of the Snap container, but it’s a lot trickier to break through both a browser and a container, since the malware now has to be prepped to crack through both. And if the Snap system doesn’t have any known vulnerabilities, it might be impossible for the malicious actor to break out of it.
In addition to the added difficulty of cracking through multiple layers of security, Snap is also designed to automatically update all your Snaps, pretty much whether you like it or not. Sounds crummy (and for some stuff it is), but it also keeps you more secure. An unsavvy user might think that, “Hey, I like my version of Firefox, leave me to it!”, and not realize that they just opened the door to get hacked to kingdom come. While forcing users to update generally doesn’t go over well with users, it does prevent malware from breaking into a system so easily.
Snaps may be rough around the edges and have some performance problems, but in a world where one security slip-up can spell disaster or near disaster, every little bit of extra security helps. Web browsers are extraordinarily complex, deal with arbitrary data from strangers on the Internet, and are one of the most commonly used programs on a computer - they’re a good target to strike at to hack a system, so it makes sense to apply seemingly overkill security to them.
(Note: If you have careful browsing habits and keep your browser updated all the time, it’s extremely unlikely that you’ll ever get hacked, especially if you use an adblocker. For attentive users, a non-Snapped browser should be just fine to use. Just be careful where you click if you go this route.)
5 Likes
In other words, snaps are basically sandboxed operating systems, right? And that also explains why you see a huge list of snaps as devices when you type lsblk in the terminal.
No, snaps are sandboxed containers. Snaps usually contain user applications. But there are also snaps that contain the kernel.
Snaps have some defined interfaces with the operating systems. The snap creator can define the defaults for the different interfaces.
For example, the Firefox snap is plugged to the camera interface (allows access to all cameras). But you can manually disconnect the Firefox snap from the camera interface.
5 Likes
@BasilCat
Thank you for your post. But I have a question. You write:
One thing i forgot to mention is that if you don’t use snaps at all, completely uninstall it with:
sudo apt remove snapd
and to prevent it from coming back apply: sudo apt-mark hold snapd.
Does that mean that instead of
sudo snap remove firefox
I do
sudo apt remove snapd
and then this:
sudo apt-mark hold snapd
, and then I start with “Download the tar from the website” and so on. Is that correct?
Thank you for an anwser in advance.
I don’t think that’s right. I’d do sudo snap remove firefox, then sudo apt remove snapd, then sudo apt-mark hold snapd.
2 Likes
I’ll add this here in case anyone is interested.
Awhile ago (April 2022) an article was posted in Planet Ubuntu on this topic…
You’ll note in the article, it covers pinning & even unattended-upgrades because it comes from a PPA. It’s also from Ubuntu developer Balint Reczey.
2 Likes