Linux Applications:
If you're a competent Linux user then you've almost certainly got your favorite package manager. If you haven't already picked up from previous mentions in my blog, mine is apt-get. I like apt-get for lots of reasons, I find it intuitive and because it's the first package manager I learnt to use, I've been compelled to learn something else, until now.
Packages:
When we talk about a package manager, it's something that manages packages such as: updating packages; removing them; installing them and more, depending on the manager you choose. A package is just an application.
Installing packages
When we want to install a package, we use commands to pull the packages down from a repository, which is just a big storage area on the internet for people to download from. It is also the package manager's job to make sure any dependencies are met. Dependencies basically means, any other libraries that are required for the code to run. Generally in Linux, you only have to install dependencies once, for example:
If 2 programs require the same dependency, they can share and it doesn't need to be installed again.
Linux Distributions:
Installing packages across Linux distros
Installing packages sounds simple enough, but Linux is everywhere. It runs in cars, home automation systems, and it comes in all different flavors called distributions or distros for short. -Read about my top 5 here http://ehandns.blogspot.co.uk/2016/06/linux-lineup.html -
Ubuntu, Kali, Kubuntu and Arch are a few, to say the least. If you create a package for Linux, then in theory it should support as many Linux distributions as possible. Sadly due to lots of technical reasons this isn't the case and dependencies is often one of them. Let's use an example from the two Linux distributions mentioned.
Kali: It comes with some great hacking tools on it. I love the tools, but don't like Kali as a distribution, I prefer Ubuntu.
So, I add the Kali repositories to my Ubuntu installation, go to install some Kali packages and I'm hit by an error.
My application in Kali required Dependency 1, version 2 but when I install the same application on Ubuntu, I get an error because my Dependency 1 has version 3; which of course it too new.
The problem occurs too often:
Although this article focuses on dependencies, there are other factors involved which only add extra complication to the problem. When we create applications and cause a dependency mismatch, it usually gets dumped on the maintainers of that Linux distribution to solve it; this is how lots of distributions become under developed and are left out in the cold.
A possible solution to the problem:
Looking at the simplified example above you can see the problem doesn't lie with the fact that I have/don't have a dependency, but the version. As I mentioned before, Linux applications will happily share dependencies, so if I have that version on my system, I have it there for a reason and it's really hard for me to tell how many other applications need it. Therefore, removing it or changing it isn't really that much of an option. I could always try and install version 2 alongside version 3 but it would take me forever and would probably take me forever. It's almost certainly going to cause me problems down the line, so this is out, really.
Snaps!
A realistic solution to the problem
Snaps are a great answer. Snaps were made by Ubuntu, one of the Linux distributions I mentioned above. To explain how they work, we're going to look at the first image in this article again.
Instead of sharing the dependencies, we can now package them all together in one bundle called a snap (the image on the right). When we install a snap, everything it needs, is included with it. So if I have one snap that requires a different version of a dependency, no more worrying about it, because I know it's included in the snap.
This might sound familiar. Sometimes, this sort of process is called sandboxing. Everything within the box is isolated from everything outside the box, however snaps takes advantage of making sure that everything we need is in the box and everything we don't need gets left behind!
The good doesn't stop there...
Security
Everything we need is inside the snap, or inside a box. As a result, this can actually add extra security when using an application for when we want to do something outside of the box. Like so:
For the application in the snap to connect to the internet, it will communicate something outside of the box. It makes it easier for us to control this. It makes it easier for us to control anything that comes out of the box, which adds an extra layer of security. In the next few years, we can work on ways to monitor this, while allowing the user to see exactly what goes on in and out of the snap. Remember snaps is new and it will take some time to develop. We've got a long way to go...
Connecting to the internet is just an example. There are so many possibilities of things we would be able to monitor:
- Peripherals like microphones, and headphones
- Network activity / Connections
- Location information
- Reading and writing files
- Other Operating System functions.
I think it's fair to say that in the Ethical Hacking world, Linux is high up on the list of operating systems preference and in the future this could help a lot in making systems more secure!
Easier updating:
With a snap including all it's dependencies and their respective versions it means one snap can update, without affecting any other part of the system. When you share dependencies on a Linux system, it's possible that one application will update a dependency that another is unable to support. Putting only what you need in a sandbox, means when you push an update out and you need to update the dependencies, it's only updates the dependency within that snap. Cool, eh?Easier distribution.
Previously mentioned, there are so many distributions out there. Proof of that is by how many different distributions have started work to port this to their own operating systems: Arch, Fedora, CentOS and Linux Mint, to mention a few. Using snaps provides me with the knowledge that installing a snap on CentOS is also going to work on Linux Mint. Again, everything I need to run the program, is included in the snap. No fuss. It's similar to downloading an .exe files for one Windows PC, copying it to another Windows PC and running it there but just across Linux distributions instead of Windows PCs.
There's got to be a downside
All this comes at the cost of bigger files to download. In this day and age of speedy broadband and easy expandable storage, it isn't that much of a problem really; just something to think about. Instead of sharing dependencies on the system, we're downloading them again and and again, every time we download a snap.
Conclusion:
For me, I say the downside is well worth the cost for the advantages we get with snaps. It's a new technology and this style of packaging applications has been tried before, but with such keen interest from other Linux distributions, I think it will take off. I know we've got a long way to go before we actually take full advantage of what snaps have to offer.
Do you think snaps will be successful? Where else would you like to see this kind of technology. Comment below!
Also, for those of you who don't understand the reference to the title of this post, check out this video.
No comments:
Post a Comment