Connect with us


The rocky road to better Linux software installation • The Register

Voice Of EU



Analysis Linux cross-platform packaging format Flatpak has come under the spotlight this week, with the “fundamental problems inherent in [its] design” criticised in a withering post by Canadian software dev Nicholas Fraser.

Fraser wrote in a blog published on 23 November that “these are not the future of desktop Linux apps,” citing a litany of technical, security and usability problems. His assertions about disk usage and sharing of runtimes between apps were hotly disputed by Will Thompson, director of OS at Endless OS Foundation a day later in a post titled: “On Flatpak disk usage and deduplication,” but there is no denying it is horribly inefficient.

Most people don’t care about that any more, one could argue. But they should.

The Linux world has been trying to invent a cross-platform packaging format for years, but leading contenders – the older, vendor-neutral older, AppImage format as well as Ubuntu’s Snap and Fedora’s Flatpak – all have serious issues.

They may be revolutionary and mean Linux becomes easier to develop for, but it’s enough of a mess that some mainstream distros avoid the whole thing.

In comparison, installing software on Windows is easy. Download an installer, run it, and you have a new app. The snags are that it means trusting unknown binaries from the internet – and that it teaches Windows users that this is fine and a perfectly normal thing to do.

Plain Win32 programs have unfettered access to your computer. This is why Microsoft invented the Windows Store: it would contain only safe, vetted, approved, “modern” apps written in “managed code“. (And of course Microsoft got to keep a cut of the revenues.)

The plan hit a few problems, and in the end Win32 apps were allowed in too.

How about them Apples

It’s not unfair to say that everyone is trying to catch up with Apple. Not the App Store – that’s indispensable (and extremely lucrative) on iOS, but you can pretty much ignore it on a Mac, if you wish. No, the target is macOS’s .app application bundles, which macOS inherited from its 1989 ancestor NeXTstep – although they’re usually delivered in a classic MacOS-style .dmg disk image file.

Applications on macOS are a specially structured folder, containing all of the program’s supporting “resources” and compiled binaries for as many CPU architectures as the app creator supports. It works pretty well, but not without snags. For instance, there’s no global way to update all your apps (unless you got them from the App Store). Apps tend to be big – but that’s fine, because if you can afford Macs, you can afford a big disk and fast broadband, right?

Ironically, Linux could easily have had much the same because all the functionality already exists in GNUstep, the venerable FOSS rewrite of NeXTstep’s core libraries. Unfortunately, no mainstream Linux uses the GNUstep desktop, and the Étoilé project to modernise it and make it a bit more Mac-like is moribund. The superficially Mac-like Elementary OS would have been richer and more capable if its developers had started from Étoilé or GNUstep, but they didn’t – it’s just a facelift for GNOME 3, like Mint’s Cinnamon and Zorin OS.

A lot of the developers behind Flatpak are from the GNOME and Fedora communities, or their corporate backer Red Hat, but it’s a desktop-independent effort and comes installed by default on some Debian and Ubuntu derivatives. It uses Red Hat technologies such as OStree to manage binaries in a similar way to Git.

Somewhere deep within your OS is a complex directory tree full of your Flatpak applications and all their dependencies, as opposed to somewhere in full view where you can interact with it, as on macOS or GNUstep.

Rather than a macOS-style directory full of files, Ubuntu’s Snap format compresses an application and all its dependencies into a single, compressed SquashFS file, which is loop-mounted as the system boots.

Flatpak and Snap have a fair bit in common. Both keep your apps inside /var/lib (although Snap makes them visible at /snaps, and Flatpak will let you install into your home directory if you prefer). Both require you to install a supporting framework. Both do some degree of sandboxing of apps, but aren’t as secure as their publicity might lead you to believe. Both do things like run silent automatic scheduled updates in the background, in a very Windowsy fashion – bad news if you’re on a metered connection. It also means that if you update your OS with a shell command, then these apps won’t be included.

The AppImage format has similar pros and cons to macOS’ app bundles – such as lacking a global update mechanism – because it grew out of tech of a similar age. AppImage’s developer took the ROX Desktop‘s AppDirs and put each one inside a SquashFS (which probably inspired the Snap developers). ROX and AppDir are FOSS recreations of Acorn’s RISC OS, which appeared slightly before NeXTstep in 1987. It needs no supporting frameworks and you can keep your AppImages anywhere you like.

All three share a weakness in that they include almost all of an application’s supporting libraries and other dependencies in its package, so packages tend to be very large – in the order of hundreds of megabytes – and so do updates. Installing large Linux apps from the command line generally takes in the region of seconds to tens of seconds, but installing a Snap or Flatpak, even on a fast connection, can take many minutes – and of course ignores any local mirrors you may have configured for your distro’s built-in package manager.

Endless’s Thompson makes a good point, though. Flatpak’s format allows something single-file formats can’t do: if files in different Flatpaks are identical, OStree can reduce duplication by hard-linking them together… although in principle, a smart enough filesystem could do the same at the block level.

What’s next?

There are alternative cross-distro systems. Several avoid installing apps into the OS at all, and just fetch them off the internet into your home directory when needed. Examples include 0install, from the developer of the ROX Desktop. That inspired AppFS – which does something similar to CERN’s unrelated CernVM-FS. And then there are functional package managers, which are a whole other type of software-management tool which we’ll come back to in another article. Suffice it to say there are multiple vendor-neutral ways of distributing Linux software that predate the big three. All of them are lighter-weight, more efficient, the packages are generally much smaller, and all are seriously obscure and you’ll never encounter them in a mainstream distro.

Naturally, because of the rampant Not Invented Here Syndrome of the Linux industry, all of these systems totally ignore one another. Which does at least have the benefit that you can install most of them side-by-side on the same OS and try them out, with no real penalties except using a lot of disk space. But at least that’s cheap these days.

There are so many alternatives vying for space that it’s hard to pick winners. This is partly due to rivals building their own tools rather than cooperating, and partly because there’s almost no money to be made from desktop Linux, only servers – so there’s little investment, and engineers’ occasionally sketchy prototypes end up getting shipped.

What does seem likely is that the lean, efficient but daringly unconventional tech won’t go anywhere, while the inefficient and space-hungry variants will be pushed heavily and widely used.

This being so, AppImage probably won’t get much bigger, because it doesn’t have a big company behind it. Ubuntu’s Snap system has some advantages over GNOME’s Flatpak, such as being useful on servers and so on… but Ubuntu runs the only Snap Store, and the only open-source back-end is obsolete and has been deleted.

By contrast, Flatpak, by its own admission, is a desktop tool – but anyone can host their own repos, and several already exist.

With Red Hat’s considerable clout behind it, Flatpak’s chances look good. But whoever wins, in time we’ll probably have to get used to distros occupying terabytes of disk and need hundreds of gigs of regular updates… and the memories of the small, efficient systems that went before will be lost to history. Isn’t progress great? ®

Source link


Exclusive or not, this is one Clubhouse I was happy to leave | John Naughton

Voice Of EU



In March 2020, a new app suddenly arrived on the block. It was called Clubhouse and described as a “social audio” app that enabled its users to have real-time conversations in virtual “rooms” that could accommodate groups large and small. For a time in that disrupted, locked-down spring, Clubhouse was what Michael Lewis used to call the “New New Thing”. “The moment we saw it,” burbled Andrew Chen of the venture capital firm Andreessen Horowitz, “we were deeply excited. We believe Clubhouse will be a meaningful addition to the world, one that increases empathy and provides new ways for people to talk to each other (at a time when we need it more than ever).”

The app could not have come at a better time for social media, he continued. “It reinvents the category in all the right ways, from the content consumption experience to the way people engage each other, while giving power to its creators.” His firm put $12m of its (investors’) money behind Chen’s fantasies and followed up a year later with an investment that put a valuation of $1bn on Clubhouse, which would have made it one of the “unicorns” so prized by the Silicon Valley crowd.

This endorsement by an ostensibly serious venture capital firm undoubtedly helped to boost the hype about Clubhouse, but the main drivers – snobbery and elitism – had little to do with funding. In the beginning, for example, the app was only available for the iPhone (the BMW of the smartphone market) and membership was by invitation only. If you were lucky enough to be invited, then you could pass on an invitation to one friend. A generous colleague of mine extended hers to me and I went about signing up, until I discovered that the app unconditionally demanded access to all the contacts on my phone, whereupon I deleted it, as did my embarrassed colleague some time later.

Other invitees were more accommodating, though, and for a time Clubhouse grew like crazy. It had 600,000 registered users by December 2020 and 8.1m downloads by February 2021. In April 2021, Twitter approached it with a view to acquiring it for $4bn, but nothing came of that. And sometime after that the air began to leak out of the Clubhouse balloon. After months in which much of the chatter was about (and on) the platform, we somehow moved to a point where nobody talks about it any more. Yet Clubhouse still exists, has 10 million users and has raised more than $10m from investors. But now, in a move that smacks of desperation, it’s allowing its US users to share a link to a “live” room that enables non-members to listen in (but not to talk). And the web is alive with pieces trying to explain Clubhouse’s decline.

So what happened? A conjunction of lots of different things, probably. The most important was that vaccination programmes led to an easing of the Covid lockdowns. People who were no longer having to work from home were out and about again, talking to friends and colleagues in person. But other factors were at work too. For example, the decision to open the app to Android users in May 2021 somewhat dented the iPhone “exclusivity” that drove growth in 2020.

And, as always happens when user-generated content balloons online, abusive and unpleasant conversations proliferated. Many of the virtual rooms turned out not to be about discourse but celebrity-puffing or scamming.

As one critic put it: “So many rooms that advertise themselves as hosting big celebrities and names in the worlds of business and entertainment … turn out to be scammers … impersonating celebrities or giving a vague Ted Talk about entrepreneurship from random people who have never … set foot in the industry. Other rooms are often cover-ups for scam businesses.

“A big issue on the app were rooms that claimed to invite people with startup ideas to share with their peers and exchange advice and strategies. The rooms’ hosts would then buy the domain names these startups were looking for and sell them back to them at much higher prices to make a profit.” Clubhouse rooms became, wrote another critic, “like a late-night talkshow where celebrities come together and speak about their family, achievements, passions and plans”.

So how should we view the Clubhouse story? In the long view of history, the app might look like a shooting star, an object of brief wonder that briefly mesmerised a world afflicted with tech-induced attention-deficit disorder. A more prosaic, but possible more realistic, view is that it was just a tech solution looking for a social problem to “solve”. In other words, a typical product of Silicon Valley.

What I’ve been reading

On message
I Didn’t Want It to Be True, But the Medium Really Is the Message is an interesting New York Times op-ed by Ezra Klein.

Ministry of the environment
The late, great James Lovelock outlined the Gaia theory in the article I Speak for the Earth, which is republished on the Resurgence website.

Desperately seeking Susan
Seriously Susan is a terrifically inventive review by Melinda Harvey of Benjamin Moser’s biography of Susan Sontag on the Sydney Review of Books website.

Source link

Continue Reading


AI laser probe for prostate cancer enters clinical trials • The Register

Voice Of EU



AI software capable of mapping tumor tissue more accurately to help surgeons treat and shrink prostate cancer using a laser-powered needle will soon be tested in real patients during clinical trials.

The National Cancer Institute estimated that approximately 12.6 percent of men will be diagnosed with prostate cancer at some point in their life. The risk for developing the disease rises over time for men over the age of 50. It’s one of the most curable forms of cancer, considering most cases are caught in the early stages due to regular screening tests.

Treatment for prostate cancer varies depending on the severity of the disease. Patients can undergo hormone therapy, chemotherapy, or surgery to remove tissue. Avenda Health, a medical startup founded in 2017, is developing a new type of treatment that is less invasive. The US Food and Drug Administration (FDA) granted an investigational device exemption (IDE) to the company’s invention this week, meaning it can now be used in a clinical study. 

Patients will need to have an MRI scan and a targeted fusion biopsy performed first. The data is processed by Avenda’s AI algorithms in its iQuest software to map where the cancerous cells are located within the prostate. Next, the computer vision-aided model will simulate where best to insert FocalPoint, a probe armed with a laser, to help surgeons treat the patient’s tumor. The heat from the laser gently heats the cancerous cells and kills them with goal of shrinking and removing the whole tumor.


MRI images where cancer is mapped using iQuest software before and after treatment. Image Credit: Avenda Health

“Historically, prostate cancer treatments of surgery or radiation impacts critical structures like the urethra and nerves which control sexual and urinary function,” Avenda’s CEO and co-founder Shyam Natarajan told The Register. “Our focal laser ablation system, FocalPoint, which is powered by our AI-driven cancer margin software, iQuest, specifically targets tumor tissue and avoids healthy tissue. This means patients no longer lose control over these functions that are so common with traditional treatments, so quality of life is significantly improved.”

The treatment is only effective for men diagnosed with intermediate risk of prostate cancer, a classification that describes tumors being confined within the prostate only. Patients are considered high risk in cases where the cancer has spread beyond the prostate. 

“This is one of the benefits of the iQuest software. Not only can it map the cancer, but it also provides decision support for the physician as they determine the best course of treatment for an individual patient. Not every patient is going to be eligible for focal therapy, and it is important for the physician to distinguish between good focal therapy candidates and not.  iQuest provides useful insights for that decision making process,”  Natarajan said.

Avenda received FDA clearance for its FocalPoint device in 2020. The IDE approval brings the company one step closer to bringing their product to market after clinical trial testing, Brittany Berry-Pusey, co-founder and COO of Avenda, said in a statement. 

“This clinical trial will play a key role in advancing our breakthrough technology to improve prostate cancer care. With no new FDA approvals for the treatment of localized prostate cancer in more than four decades, we look forward to working alongside our clinical sites to collect the data necessary to bring iQuest and FocalPoint to market and into the patient care environment.”

Natarajan told us the company was aiming to begin clinical trials in 2023. ®

Source link

Continue Reading


US offers $10m reward for info on five Conti ransomware members

Voice Of EU



Rewards for Justice shared a photo of someone it claims to be an associate of the ransomware gang and is offering a reward to identify him and four others.

The US Department of State is offering a $10m reward for any information on five malicious cyber actors who are believed to be high-ranking members of the Conti ransomware gang.

The US has been offering rewards for information on this ransomware gang since May, including a $5m reward for any intel that leads to the arrest of anyone conspiring or attempting to participate in a Conti attack.

Yesterday (11 August), the department’s Rewards for Justice programme shared an alleged photo of an associate of the ransomware gang. The department said on Twitter that it is “trying to put a name to the face” and believes the individual is the hacker known as “Target”.

Illustration showing an image of a man with four figures next to it. A reward offer for information on the Conti ransomware gang.

A request for information by the Rewards for Justice programme. Image: US Department of State/Rewards for Justice

Conti, also known as Wizard Spider, has been linked to a group believed to be based near St Petersburg, Russia. The US has labelled it a “Russian government-linked ransomware-as-a-service (RaaS) group”.

The group’s malware is believed to be responsible for more than 1,000 ransomware operations targeting critical infrastructure around the world, from law enforcement agencies to emergency medical services and dispatch centres.

In May 2021, the Conti group was behind the HSE ransomware incident that saw more than 80pc of the IT infrastructure of healthcare services across Ireland impacted. It was said to be the most serious cyberattack ever to hit the State’s critical infrastructure.

The US Department of State previously said the Conti ransomware variant is the “costliest strain of ransomware” ever documented. The FBI estimates that, as of January 2022, there had been more than 1,000 victims of attacks associated with Conti ransomware, with victim payouts exceeding $150m.

When Russia began its invasion of Ukraine earlier this year, the Conti group declared its allegiance to the Russian government. Shortly after, a Ukrainian researcher took the cybersecurity world by storm after publishing more than 60,000 internal messages of the ransomware gang.

Raj Samani, chief scientist at cybersecurity firm Rapid7, said the latest reward offer is just “the tip of the iceberg as enforcement agencies make “considerable strides” through public-private collaboration to hold cybercriminals to account.

“Announcing a reward and revealing the details of Conti members sends a message to would-be criminals that cybercrime is anything but risk-free,” said Samani.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading


Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!