Snaps vs Flatpaks vs Appimages vs Packages: benchmarks, missing features & differences

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

uh the good old Linux packaging format Wars we had devs and RPMs and other esoteric things and more recently we added flatback snaps and app Images to the mix and now all we have is a big bag of confusion different feature sets advantages drawbacks and limitations but apart from ideological preferences and from personal preferences I think it's interesting to look at the performance of each format and what's actually missing still from each format so today we'll dive into exactly that we'll look at performance differences between various packaging formats but also what's missing from each of them and the major differences and we'll also look at the segue from our sponsor this video is sponsored by proton VPN you probably already know about proton mail one of the most secure and private email Services out there but they also have their VPN service which is equally as secure and private it's also based in Switzerland and it doesn't log any activity and it doesn't share any data with third parties of course it is fully encrypted so you can use it from any public Wi-Fi or at home to either change your location or just stay anonymous online on top of that protonvpn uses a 10 gigs per second Network plus a suite of VPN accelerators so even when you're using it your browsing stays really fast protonvpn supports all your devices PC or mobile and they can even run on routers and they've just completely rebuilt their Linux desktop client for it as well complete with Advanced features like a DNS filter to block ads and trackers a kill switch to stop your internet connection if the VPN connection drops so your IP is never exposed plus secure core which provides a double VPN to provide a server located in a country where strong privacy laws apply I don't usually recommmend VPN services but protonvpn is my pick of choice and you can use it for free by clicking the link in the description below or they also have paid plans for more features and even more security so yeah click the link in the description to get started with protonvpn okay so first let's start with a very quick recap of what each packaging format actually is and does so what we call packages are what most disos use these days the most well-known are Debs for Debian and auntu based dros and RPMs for red hat and Souza based dros but you also have Arch packages NYX packages and a bunch of others apart from NYX they're generally not compatible between dros they don't Implement any specific sandboxing or security model and they are distributed through repositories whether official or third party these packages can contain libraries or apps and all libraries are shared between application which saves space but also means an app that needs a newer Library might not be able to work on an older Dr then we have flat packs which are what most dros generally add on top of their regular packages they are drro agnostics so if your Dro supports flat pack it can run the exact same package as any other dro the developer packages their app once and it runs on everything no need to duplicate packaging work flat packs are sand by boxed which means they offer less security holes for potential attackers and while they share a lot of libraries through run times which are flat packs that contain a lot of libraries that many apps rely upon they can also ship their own libraries in the package which means they can use more space over time flat packs are mostly distributed through flathub and online repo but you can also create your own repo since everything is open source Snaps are basically the exact same concept as flat packs but for auntu there are a few technical differences with flat packs especially regarding how apps are opened and mounted onto the system but they work in the same way you have run times that ship libraries needed by multiple apps and then applications that can use these run times snaps can be sandboxed but it's not mandatory so some aren't and they're distributed exclusively through the snap store run by canonical and that specific back end is not open- source Snaps are packaged once and the same snap can be used by any dro provided it supports the format another big difference is that Snaps are suitable not only for graphical apps but also for command line programs server side applications or even the kernel the desktop environment the boot loader or drivers finally app Images are a more portable format similar to what Mac OS does the whole app is shipped inside a single file with most if not all of its libraries this means you can c copy paste apps from a system to another and they run on any drro that has access to fuse which is what app Images use to run app Images are not sandboxed at all although you can do that manually with something like fire jail and they sometimes rely on system libraries that you dis through ships as regular packages which means certain app Images might not work on certain systems that don't have the required Library they're generally distributed from the developers website or from App image Hub app Images don't automatically create entries in your system menu unless you use a specific demon that runs in the background now that's about it for the basics of each format they're all suitable to run applications and generally you can use whichever one you prefer or whichever one works best for you but there are performance differences so let's look at that so I ran all these tests on the same obuntu 23.04 virtual machine with all updates applied installing apps in all packaging formats the VM has access to 16 gigs of RAM four cores of my 13th gen i7 13 700h using software rendering now obviously this is not meant to represent real Hardware it's just meant to have a single comparison point between various formats that you can use to run your applications so I installed Firefox libary office and using all four packaging formats I mentioned previously all using the very latest version of each app and I measured the time it took for their first opening and subsequent runs so judging from these results we can clearly see a few things first all packaging formats other than regular packages take longer to start than basic de packages it's especially visible with heavy apps that need to do some setup when they first open like lib office or you can double the time it takes for the first open of an app but we also noticed that on subsequent opening of an application all packaging formats are really really close apart from the snap of lib office they are all either faster equally as fast or really really close to the Deb package this also highlights a specific issue with snaps optimizations can be applied per package and not to the whole packaging format now let's see in app performance with some bench marks inside Firefox I ran the speedometer test in all four versions of Firefox and also to the Jetstream Benchmark so here are all the results and bigger numbers are better so from these benchmarks we can see that there are some counterintuitive results the snap performs worse for jet stream but much better for speedometer while flat pack performs on par for speedometer but worse for jet stream dep packages perform well for Jetstream but worse for speedometer and the app image is generally just a good performer I'm not sure what's happening here I could reproduce these differences reliably by running the benchmarks multiple times I guess the underperformance of sandboxed formats for Jetstream comes from the fact they have to request access to certain resources through the sandbox which might slow them down periodically but I am not certain also do remember that these numbers are probably way lower than what you would get on real Hardware that just meant to provide a comparison Point by running everything on the same system now in conclusion on benchmarks sandboxed formats like flat packs and snaps will generally take a bit longer to open an app on a cold boot but they perform normally afterwards and they'll generally be a bit less Speedy in certain tasks at least while web browsing it is not necessarily noticeable in day-to-day use but the difference is there and needs to be mentioned now let's look at some other issues first is the sandbox a sandboxed application runs in its own environment with very few ways to access things outside of that sandbox this is similar to how web browsers run each Tab in a separate process that can't access the main browser thread or the other tabs regular packages are not sandboxed by default they install in the file system they require root privileges to install which means that if the package has some malicious post install scripts that it runs you have given it free reign over your system and any app you installed through packages can access anything your user can your entire slome directory for example or other app settings files basically it means that you should only install these packages from sources you trust either your dros repos or well veted third party repos and you also have to believe that all those packages in these official sources have been well tested well audited and haven't been modified to add anything malicious as per flat packs they are all sandboxed the sandbox isn't 100% bulletproof nothing is but it does limit what the app can access this is all managed through app permissions much like what you would find in Android or iOS apps you can give apps permissions to access specific files and folders or specific system services and components this is all generally handled through desktop portals which means the app doesn't really access the file or the folder it opens a portal which is what accesses the required resource and passes it to the application this is obviously much more secure than regular packages but it also limits what the app can actually access or do and it does force you to interact with permissions if the package hasn't set the correct permissions we'll see what's missing in a minute now snaps can be sandboxed but the sandbox is not mandatory developers can decide to not use it although this triggers a manual review of The Snap app when it's uploaded to the Snap Store to check if it does any anything weird the sandbox is heavily linked to app armor profiles which are a Buu's way of securing applications and restricting or monitoring what they can access and what they can share with other applications if they are sandboxed snaps can be just as secure as flat packs and are more secure than regular de packages and if you know how app armor works then it's also very easy to manage everything that they can do and to restrict what they can do as per app Images they do not have a sandbox natively so they are just as insecure as regular packages like regular packages you can sandbox them using something like fire jail but it will be a manual operation for every application now let's see what's missing in terms of features for each format regular packages can access everything so there is no missing feature here they are the Baseline they can talk with other apps they can access the system theme they can do screen sharing they can access any file your user can access there's nothing to mention here flatbacks and snaps have more restrictions the main missing piece is Native Messaging support this is what lets an app communicate with another and one main use case is for password managers and web browsers and sometimes VPN apps you can force it by poking holes in the sandbox but it destroys the security model of these packaging formats so it's definitely not recommended Native Messaging has been implemented in the snap package for fire Fox but it still has issues with certain password managers app Images don't have any issues with this as they are not sandboxed now this is the biggest hole that has yet to be plugged and it does mean that these packaging formats snaps and flat packs can be unsuitable for certain use cases now support for the system theme is also not perfect for snaps and flatbacks or for app images for flat packs and snaps if your current theme is available as a snap or a flat pack it will be downloaded automatically and applied to the app provided the app itself can follow that theme so for example liit V apps will not use it if your chosen theme is not available in the flatback remote or the snap store though the app will use the default theme for the toolkit it uses so Breeze or advit for flat packs you can force theming by giving permissions to the app itself to access your config files but for snaps you will have to use an environment variable which might definitely break things images might follow your system themee or they might not depending on how the app has been packaged and if the app forces the use of a theme it bundles generally if you want the best system integration with your theme with your Global menu and stuff like that regular packages are the way to go flat packs can be coerced into using your theme but they do require some manual work as per other various problems with these packaging formats you also have the size of packages while snaps and flat packs do sh share libraries between apps they don't share as much as regular packages which means they can take up more space especially if you use them to mix and match apps from different toolkits or apps that use different versions of gnome or of the KD platforms because you will download plenty of run times for different versions of gnome and different versions of KDE and those do take up some space app Images tend to be pretty large as well because they do not share anything between applications so each app has the entire set of the toolkit and the platform that it might need or it will rely on the one your system has but in that case it's not truly portable snaps also have the added problem that they mount each app in its own virtual file system that is decompressed on the Fly this generally results in slower startup times for SNAP apps and can clutter your Mount points which can be annoying if you need to manage these regularly the Snap Store back end is also proprietary and it is centralized which is something that isn't generally viewed as coherent with the ethos of Open Source and Linux in general now these are the major pain points and limitations with these packaging formats in terms of features what they can do and what they can access now there might be other smaller problems but these are the main ones but do remember this is all software these problems can and probably all will be fixed in time in the end the differences are pretty minor and all these packaging formats will give you a very similar experience unless you really want easy theming of your system or you need to use something like a third-party password manager in which case regular good old packages might be your best bet but my general advice is use whatever your drro provides they will generally result in the exact same experience and if something doesn't work try another packaging format I do hope that in the future we'll be able to settle on a unified single packaging format for graphical applications my bet would be on flatback because well Snaps are mostly maintained by canonical themselves and if they ever decide they don't want to spend the time on this format anymore this thing is dead app Images are still just not as well distributed or integrated and while they have their use I feel like they're the least interesting option of the more recent three formats and regular packages will probably always have their place at least for all the underlying system time will tell if we're moving towards more unification where a packaging format really dominates the graphical app scene or if someone will invent something entirely new it's all pretty confusing for beginners Advanced users will know what they prefer they will know the differences and they will know how to install whatever they want but for beginners I am pretty sure that it would be way better for the general Linux adoption if it could settle on a single packaging format at least for graphical appli applications and I think it's better if we settle on this segue to our sponsor tuxedo makes laptops and desktops that ship with Linux out of the box all the hardware they use has been picked specifically because it runs really well with Linux and if they detect any quirks or problems during their testing they actually submit patches Upstream so the problem can be fixed for everyone else now tuxedo has a big range of devices that should fit every price point and every need whether you need a laptop a noock a workstation something for gaming they have it all all the devices are very customizable in terms of the components the performance you want but also the keyboard layout or your own logo on the lid of your laptop you can really pick whatever you want and the laptops can all be opened repaired and upgraded including the ram the SSD the battery and sometimes even the wireless card so if you need a new computer and you want to run Linux on it and you want to support linux's development click the link in the description below and get yourself a PC from tax they're really good so thanks everyone for watching the video I hope you enjoyed it if you did don't hesitate to like to subscribe to turn on notifications to write a comment and if you didn't like the video you can always dislike it and tell me why in the comments as well and if you really enjoyed the channel and you want to support it there are plenty of links in the description to do just that from Libra pay patreon YouTube memberships PayPal whatever you know how this works so thanks for watching and I guess you'll see me in the next one bye [Music]

Info

Channel: The Linux Experiment

Views: 63,602

Rating: undefined out of 5

Keywords: linux, open source, distribution, linux distro, linux help, linux tutorial, linux 2023, opensource, linux tips, distro, linux for beginners 2023, linux tutorial 2023, linux vs windows

Id: ikBPnYwnUMU

Channel Id: undefined

Length: 18min 51sec (1131 seconds)

Published: Thu Nov 16 2023