Michael did some benchmarks of X vs XWayland (not exactly XMir, but the two are pretty similar). It's only a minor performance hit.

Even Google with all of their resources and Apple with all of theirs can't reliably keep malware out of their respective app stores. So as long as Canonical keeps trying to make Ubuntu Touch a real product, something like snap is an essential part of a strategy to limit the impact of malware in the Ubuntu Touch app-store-equivalent. It's not the only part of that security strategy, just a component.

While I'm at it, I think one of the probable use-cases for snaps hasn't been brought up yet: users who are slow to update their software. That's a serious problem, a real problem, and the sandboxing that snaps tries to do is an attempt to mitigate that risk. Say the user is running an older version of your photo-sharing application and persistently refuses the security update and the app gets owned. If you're lucky the sandbox stops the exploit that gave control of that un-patched application the ability to control other aspects of your device.

...but if they choose to NOT update they accept the consequences, it's not the dev's fault anymore if their PC gets pwned.

I understand the PR point of view, but I think the main use-case for sandboxing is letting devs get away with NEW crap applications without endangering the user (too much), and, most importantly, making a closed-source-application-friendly package, which is crucial if they want Ubuntu to become exactly like windows. And they do.

Bulk of the opensource stuff will still get distributed with normal packages. Snap is awesome for crap like Steam or any other proprietary application that cannot be packaged the usual way nor adapted to use newer versions of the packages/library/toolkits as they evolve.

what are you trying to say ? androd is windows? android is just linux distro with unusual set of packages out of thew box

your and other idiots point is that you can't use your brains. linux on two billion smartphones has no problems with malware and desktop linux will have no problems with malware.
no, there are hundreds of millions of android phones without play market. you wishful thinking has no substance

not probably. x11 will not be used by new installs since next year or so, do you have indication of linux reaching 10% in 2016?

I am saying that Android is a VERY FUCKING ALIEN linux distro down to using different video and audio subsystems, SELinux enforcing and tons of sandboxing and security on top, applications and malware for Android don't run like AT ALL in linux distros (without compatibility/emulation/whatever layers), and the reverse is also true.

So yeah, you can say it is technically linux as it is using linux kernel, but you cannot treat them as if they were the same just because they have the same kernel (like you did).


Hell, a router or a NAS has more in common with linux desktop than the average smartphone.

it is the most popular one, so it is the other way around. everything else is alien

From what I heard, exactly ONE ransomware program that normally got in by a server program-and had a defective key system that meant all keys were identical. Some other anecdotes may concern fake "scareware" that pretends to be ransomware. BTW, only backups not kept mounted are a real defense against this. Even if you have an offline machine with no network connection, a hard disk can die, and the "ransom" for clean-room data recovery is about what the ransomware programs demand.

A backup which is mounted can be killed by a bad script that reduces to rm -R * like a bad Steam script once did. One that is just physically attached can be killed by a short in the PSU or a power surge if AC power is in use. I've had both kinds of trouble: wrong custom wiring to a PSU that ate a 2TB drive, and a wrong-device secure erase while preparing a drive for another use that killed the whole fs on another 2TB drive. Back up your or lose them!

One more thing: anyone paying ransom to a ransomware scam is part of the problem and deserves to lose their data for good to defectively programmed ransomware, as has happened before. If I got hit, I would wipe every device that had been mounted, restoring only from backups predating the attack. I never allow all backups to be mounted at once, and anything too new to have reached backups from the flash drive would just have to be thrown away. Thus, if it really counts, I make the file, put a copy on the flash drive, then back up to yet another device and immediately remove it before ransomware or a power surge can come in.

What does a package manager have to do with security anyway? I thought snappy is about preventing conflicts between packages, not increasing system security.