should i be worried installing these two? what does it mean though?
(these are captured from Pop! OS software manager)
Every app with home or even host access can modify its own permissions.
This is why apps need to implement portals.
Flatseal: well that’s normal, it can’t control Flatpak’s access controls if it is itself sandboxed. Even if it was sandboxes, it could just grant itself everything.
For Xournal: it’s probably because it doesn’t support portals or whatever, so it can’t use the open file dialog to get permissions. So it needs to be able to get to your files somehow to open them.
In both cases, it just means its permissions model is more like regular applications you’d get from your package manager. If you install Xournal with apt/dnf/pacman it also won’t be sandboxed.
The point of sandboxing is you can run applications you don’t trust too much, or significantly reduce the blast radius if say, your browser gets breached: then it has another barrier to overcome to reach anything other than the browser’s own data. The lack of sandboxing doesn’t inherently imply the app is evil or will hack you. It just means it doesn’t have the extra protection around it. So like, probably don’t open sketchy PDFs in it, but I wouldn’t stop using the app solely because it lacks sandboxing.
Flatseal’s job is to do that. As for the note app, that’s not great, but you can use flatseal to take away those permissions after installation.
The first one allows Flatseal to edit the permissions of Flatpak apps including itself.
System folder access allows a app to read the filesystem. (But not system internals)
System settings access allows the app to change settings
So the only concerning one is Xournal. However, I happen to know that it doesn’t support XDG portals which is how apps ask for permissions to files so it needs full file access. As for the system settings I have no idea.
No, you don’t need to be worried. For example, Flatseal is a program to manage other flatpaks. This means that, by design, it needs to be able to grant flatpaks certain permissions that may expose them to system services they need to operate correctly.
One user mentioned that these new warnings aren’t particularly helpful, because they don’t give a good explanation of what or why, and they just foster anxiety in users who just want to install an otherwise reputable flatpak.
I don’t know anything about xournal++, but I would imagine it’s also reputably safe, and somebody else can verify for sure.
Yeah Xournal++ is probably the best hand-written note taking and PDF annotation program available on Linux, it’s pretty well known. The system settings permission is to honor some global settings you might have enabled, and the file system access is so you can save and open stuff from anywhere, I assume.
Sorry for the off topic, what’s the best device to use xournal++ in your opinion? MS Surface? I guess you have used some hand-written note taking apps before since you wrote this, so you’re more experienced than me for sure!
Never owned a Surface, so can’t comment on that, but I’m very happy with my One by Wacom (not to mix with Wacom One :p). It’s fairly cheap as far as these types of tablets go, it’s very responsive (I have 144Hz displays and it’s so nice to use), has a nice sueface roughness, it’s plug-and-play on Linux and has 0 maintenance (no batteries to swap).
What I like with my setup is that, contrary to traditional writing on paper, I can sit properly, looking forward, avoiding some bad neck and back pain I usually get otherwise.
Oh thank you for all the information you shared! I didn’t know this company. So this is a tablet without a display. I never used one, it’s difficult to start using it?
I’ve been given a quite old tablet pc (almost 10yo), it has its own display and hardware, just like the MS Surface, but from acer. It’s very uncomfortable to use since it has only 32GB of storage space and it has a 32bit cpu; furthermore, it has no pen and the physical keyboard you can plug to it doesn’t work anymore. A lot of flaws, right?
Despite this, Windows was decently optimized for this tablet, so it was in some way usable. Recently, I decided to give Linux a try in this tablet pc. I tried Zorin OS that has a slightly modified version of GNOME, and the touch experience (in gnome) was really bad, windows 10 GUI was a lot more optimized for that hardware. So my other question is: what distro do you use on your computer?
Having the tablet separeted from the computer is maybe a better choice. I don’t know, maybe you could share your thoughts on this, I would really appreciate. Thanks!
(sorry, clicked Enter by accident and ended up posting this half-way 😅)
So this is a tablet without a display. I never used one, it’s difficult to start using it?
Yeah, it isn’t a tablet in the usual sense of the word (i.e. it isn’t a smart tablet), it’s more like a tracking surface. The idea is that you use the little pen on it and the whole surface is mapped to your screen. There are differently sized devices, for different precision needs, much like A5 Vs A2 vs A3 etc. I have the medium one and I’m quite satisfied by it, but I had a professor that made class notes with the smaller model and it worked wonders too. Had mine not been offered to me, I’d would be more inclined to buying the small one.
They may be a bit weird to use at first, but I find that with you get the gist of it fairly quickly. I’ve had some colleagues try mine and while some got it faster and some had to spend a bit more time with it, they all got decent at it in a relatively short amount of time. I’m so used to it now that I make no conscious effort beyond what I’d do for traditional writing. I loose on a non-backlit surface and some of the physical pleasure of writing with true pen and paper (though the pen tip and tablet surface have a nice texture), but I gain incredibly productive superpowers in the form of undo, copy-paste, scaling and rotating, theming (love the white on near-black gray handwritten notes) and more (xournal++, for example, lets you embed images and even voice notes!). The pen even has nice pressure sensitivity, so you don’t loose much expressiveness with your strokes.
A lot of flaws, right?
Yeah, for this purpose, I’d say that device is not very well suited. The small version of One by Wacom is $40, which I consider fairly cheap for its quality and the value it can provide. In case that’s too expensive, you may try the second hand market, I suppose.
Your Acer tablet may still be useful for other purposes, like a Plex/Jellyfin client or similar. For good note taking, even if the device functions decently well with Windows, I’m unsure if the touch sensors are good enough (even if they were originally, they may have degraded performance now, not sure) for a proper experience. Before I tried this pen tablet, I was quite skeptical of digital note taking, but now I love it, and it’s mostly due to its incredible responsiveness.So my other question is: what distro do you use on your computer?
I use Manjaro (based on ArchLinux) with KDE Plasma (now on version 6.1), though I use no touch interface, it’s just a regular laptop onto which I connect this pen tablet via USB. For good touch support, you should look for the mobile variants of GNOME and KDE, namely Phosh and Plasma Mobile, as those are more optimized for that sort of devices. You should still be able to connect Wacom tablets and similar (there are drivers in the kernel itself).
Overall though, I agree with your last sentence, I think having the note taking tablet separated from the laptop may be better because you can just keep using your daily driver computer and, when needed, plug a fairly cheap but quality tablet and get a good handwriting experience and improved posture (very crucial to me)!
Happy to discuss this further!
Thank you so much for this detailed explanation! It’s very clear and you’re so good expressing yourself! And don’t worry for your post accidentally being posted half-way, it happened to me too, in fact there’s a deleted comment in this thread, for your same reason 😂
Anyway, I definitely must try this tablet. I am skeptical as you were, but I must give it a shot since you’ve had such a nice and productive experience. I might find out a store where I can try it or, alternatively, I might ask a friend of mine, who likes to draw, because she maybe has a tablet like this (that you connect to the computer).
Thank you again for your suggestions!
In order to avoid to spam too much here, may I contact you privately?
Make sure to check the return policy for Wacom or whichever reseller you end up going with. Some allow you to return electronic devices (if in good state, of course) up to 30 days or so after the purchase. If that isn’t possible, you can always try to resell it in the second-hand market and make most of your money back, there are plenty of websites for that (from global ones like ebay to regional platforms; I tend to prefer the latter). But if your friend has one of these (or similar) give it a try!
And yeah, feel free to reach out to me via Matrix or e-mail! You can also try other platforms listed in my website, but I don’t check those as often.
deleted by creator
a curse upon these distros for alarming people with such messages. they are meaningless and technically apply to every flatpak
deleted by creator
a curse upon these distros
It’s not the distros, it’s Flathub who provides those warnings.
They mean that the app has that permission. It is good that they let the user know the apps capabilities
Not for the average/casual user, which is why this post exists.
The average person will look at that and see the ‘!’ in a triangle and became scared of what it can do to their system, even though it has no more permissions than a system package. Alternatively, they will become desensitized and learn to ignore it, resulting in installing flatpacks from untrusted and unverified sources.
Overall, I just think the idea around having to sandbox all flatpaks is not a good idea. To give a concrete example, Librewolf is marked as “potentially unsafe” because it has access to the download folder, but if I want to use it to open a file that isn’t in “downloads” I have to use flatseal to give it extra permissions - it’s the worst of both worlds! Trying so hard to comply with flatpak guidelines that it gets in the way of doing things, and still not being considered safe enough.
deleted by creator
I don’t know about this in depth, but from what another user in this thread said, a flatpak can’t ask a portal to have access to two files at once. If I’m understanding correctly, that would explain why Librewolf needs permission to access ~/Downloads, since it can be downloading more than one file at once, and it needs access to all those files in ~/Downloads at the same time.
EDIT: I got a bit mixed up with what you were saying, but nevertheless, if this is true, then Librewofl would still need permission to access ~/Downloads and so be marked as “potentially unsafe”.
deleted by creator
You shouldn’t use Android then. It is way worse
Flatpak downloads are insecure 100% of the time