The Theological Problem Behind Firefox in Ubuntu 22.04

by Ploum on 2022-04-05

Warning to all Ubuntu users. Starting with Ubuntu 22.04, Firefox users will be forced to migrate to the "Snap" version of Firefox. This will be done automatically. Ubuntu doesn’t provide a native Firefox anymore. You had probably been warned with Ubuntu 21.10.

You may observe that Firefox is slower to start, that it doesn’t follow your theme anymore and other problems. But the main issue is that Snap Firefox is, by design, unable to speak to other software. In Belgium, this breaks the official Belgian id authentication.

It should be highlighted that Belgian officials are doing a really good job at providing the official electronic ID tool for Linux (they have a Debian/Ubuntu repository) and they are well aware of the issue.

• Belgian eid under Linux
• FAQ answer about Belgian eid under Ubuntu 21.10

Quick Solution (before a long, philosophical rambling about the situation)

The solution is convoluted for people unfamiliar with Ubuntu. That’s the problem with making things complex. Complex solutions use a lot of resources,

1) Remove snap Firefox:

sudo snap remove Firefox

2) Install Mozilla PPA :

sudo add-apt-repository ppa:mozillateam/ppa

3) Pin Firefox version from ppa to disable upgrades to the snap version. This one is trickier. You need to edit a file. So type :

sudo gedit /etc/apt/preferences.d/99firefox

In the open editor window, copy/paste the following:

Package: *
Pin: release o=LP-PPA-mozillateam
Pin-Priority: 1001

Save the file and close the editor

4) Install native Firefox

sudo apt update
sudo apt install Firefox

Voilà. You now have your good old Firefox that should work with your Belgian eid.

Why do we have this problem?

When a human doesn’t understand something, he has two choices. The first and hardest one is to try to understand the root cause. Deeply. To dig. To retrace the whole history. This can sometimes lead to a lifetime of research. Or he can quickly create a top layer out of his mind, put it above and declares victory as "nobody will ever need to understand what I didn’t understand, they simply need to use my layering".

This is, of course, short-termism which often leads to either stupidity or a waste of intelligence. Nearly all of modern computer engineers are working above so many layers that there’s no human way to understand what they are doing. If you are a software developer, chances are that you are cargo-culting *stuff* with the vague feeling of *understanding*. That’s maybe the point. If you did really understand what you were doing, you would not spend your waking hours to basically optimise advertising placement.

Software developers are not alone. Every single pseudo-science is basically layering above nothing to give people the impression they understand something about the world. We call that "theology" which is the academic word for "bullshit that sounds wise".

I have a good anecdote about that. I started my career as a young engineer for a huge company. They felt I was a "creative" guy and they put me in a very small "crazy team" that was tasked with developing new exciting stuff in J2EE. I had never done J2EE. I spent months and didn’t manage to understand what we were even trying to do. I felt stupid then I left and, a few jobs later, I find myself in a room with a J2EE specialist that wanted to sell us that crap. I took the opportunity to ask him, "What is J2EE?". His answer : "an application server". "What is an application server ?".

He never managed to explain it to me. The guy was a top J2EE consultant that earned way more than me. I was the young guy in the room. And I concluded by "So you don’t know what you are doing?". It took me 20 years of career to understand that nearly every single employee out there doesn’t understand what he/she is doing. And that it’s a blessing. Understanding is a curse.

Thanks old fart but what’s the matter with Ubuntu ?

I digress, let’s go back to Ubuntu which, even if they tried at some point (remember the Amazon integration?), is *NOT* trying to shovel more advertisements into your brain and is *NOT* trying to obfuscate purposely how their system work. Ubuntu is thus a really good system to get started with computers or to use them without caring too much about how they work. Ubuntu is good. Windows makes your life miserable and you know it. MacOS makes your life miserable but you find it cool because marketing makes you believe it but Ubuntu is a starting point to knowledge and freedom, two words that are synonyms in my philosophy.

The root problem of Firefox/Ubuntu is that modern browser requires frequent upgrades. New versions are released monthly or more. Ubuntu is based on the Debian operating system which was designed with stability in mind : how to make an operating system stable enough so you don’t need to upgrade it too frequently. There could be something like two or three years between two Debian releases. In 2004, Ubuntu decided to make this paradigm more user-friendly by providing a scheduled upgrade every six months.

Early 2004, I was part of the very first, secret team that helped make Ubuntu out of Debian. Believe me : six months seemed a very good idea at the time (although I argued for a yearly release schedule). But it revealed too frequently for most people (remember that an upgrade can break things) and, in 2020, not enough for browsers. 90% of websites are used to feed you with text and pictures but, for some reason, they insist doing it in the most complicated possible way, which requires you to upgrade your browser regularly. If your job involves giving user text through multiple layers of javascript or to get data about users thanks to the aforementioned javascript, you are part of the problem (this is a fact, not a judgement. We all need to feed our kids). If you write code which, as some point, involves a browser but you really believe that it’s more than just giving text and pictures, then think again, you probably don’t understand what you are doing.

Why not provide normal upgrades for Firefox ?

You could imagine that only the Firefox package would be upgraded but, as every big piece of software, it depends on other software called "libraries". A new Firefox frequently requires new libraries. But if you upgrade those libraries too, you break other pieces of your operating system which expect the old version of the library. In the end, the Debian model is something like "you upgrade everything or nothing".

That’s not entirely true. Most Firefox updates could probably be built with ancient libraries. This would work most of the time. But it has to be tested because it may also fail. Testing takes time and work. There’s a common trope in current society, largely theorised by David Graeber, that the goal of administration is to put the workload on citizens instead of the system. That’s exactly what is happening. Mozilla and Canonical, companies behind Firefox and Ubuntu, have developed Snap as a solution to have less work to do on their side and put the weight on the end-user shoulder. Is it good or not? Well, it’s hard to say because both companies have a noble mission that nobody else is filling. But they have their dark aspects.

So, what is the solution in the end?

To solve the problem of upgrading one software without touching the whole system, which plagues any modern operating system, the popular solution is to provide, for each software, all the libraries it needs in a container. That’s why it is usually slower: each software runs its mini-operating system. That takes disk space and memory but those are considered cheap those days. This is also considered as more "secure". If an application runs in its own container, it cannot do anything bad to other applications.

For most users, the argument is quite stupid because everything happens in their browser anyway. People already give all their data to be analysed by marketing companies because they called it "cloud computing", which sounds cool. What could be really worse for most users? Well, nothing. Anyway, the whole Belgian EID debacle demonstrated that people need their computer to interact with other software. So there are discussions to allow that the "contained" application to talk with other apps. Making the whole security argument quite absurd. The moral of the story is that your "new layer above everything" always seems smart because you don’t understand the problem. You feel smart because you invent something nobody did. The reason nobody did is because the problem is hard. As soon as you face part of the problem you didn’t know beforehand, your genius-layer becomes complex, unsecure, full of exceptions. And someone comes and add a new layer on top of it to make it simple.

Another, unpopular, solution to "upgrade some stuff but not the other" is the one chosen by FreeBSD and OpenBSD : keep a stable operating system layer while upgrading applications separately. But this requires lot of work. It’s not perfect. Accepting it requires learning 60 years of computer history to understand why we have what we have. Hiding complexity feeds complexity. It makes it grow. The only sustainable fight against complexity is exposing it. Fighting complexity requires to educate users and to sacrifice the quick and dirty solution. It’s hard. People paying for it are, usually, not interested in simplification. They litteraly earn a living from complexity. How would you sell "new shiny solutions", "corporte services", "consultancy" if people were basically educated about technologies?

Containing containers is the "let’s add one more complexity layer above everything" quick fix. In most engineering fields, every quick fix will be paid one thousand times in the next decades. I guarantee that "containers" will be to our children what COBOL and J2EE are to us: incredibly huge pile of shits that someone needs to clean but that nobody understands.

We are at a point where server-side applications are now distributed as "virtual images". Yep. It’s too hard to deal with an installation process so we basically give you a copy of our whole development computer so you can run it in a virtual machine. It is today "easier" to give you a whole virtual machine to run a random server than to tell you how to install and configure it. Does it feel right?

What are Snap and Flatpak ?

Snap is the Ubuntu solution, Flatpak the Red Hat solution.

As with each new software concept, competing products emerges. In the Linux Desktop world, there’s always an emerging consensus (often pushed by Red Hat but not always) and Ubuntu challenges that by making a rival. In the end, Red Hat wins. Each. Single. Time.

Git vs Bzr
Systemd vs Upstart
Wayland vs Mir
Gnome-shell vs Unity
Flatpak vs Snap

Given the record, I won’t even bother trying to understand Snap. Ubuntu is really good at doing something easy to install that "just works" on every computer. But they are really bad at developing new stuff. And they are really pushy with their own stuff that nobody wants.

I really dislike the idea of using yet another abstraction on top of my operating system but I must recognise that Flatpak works really well. It’s fast, easy to manage, transparent and has no impact on your system when not used. Snap, in my experience, is awful. Hotter laptops, less battery, slower applications. My advice is to remove it completely.

sudo apt autoremove snapd

Beware: this will break the Ubuntu Application Manager or Ubuntu Store (or whatever it is called).

To be complete, I must also add that one selling point of flatpak/snap is that it allows proprietary developers to provide a Linux version without caring about the inner distribution and the installed libraries. In fact, if you need to install proprietary tools, I currently think that Flatpak is really the best way to do it. Your proprietary thing will have its mini-subsystem without touching yours and will be easily removable without any trace. A welcome improvement over the install.sh. The huge drawback is that, by browsing flathub.org, you start installing many proprietary software without really knowing who packaged them and without realising they are proprietary. There’s for example an unofficial protonmail-bridge build there. Yep, so much for the security model. So be really careful.

You may find proprietary vendors with Snap packages and no Flatpak packages. That’s because Ubuntu is good at marketing and have a large user base. If you need it, use Snap, of course. Be pragmatic. But if you develop an app, you should know that Flatpak is already available in nearly every single Linux distribution out there. Snap is less common and rarely seen outside Ubuntu. But don’t take my word for it, just look at the list above. On the left are mainly Red Hat sponsored or independent solutions and on the right are Ubuntu proposed technologies. Besides Snap, none of the solutions on the right exist today.

Unnecessary theological conclusion

Let me assure you that Ubuntu people worked really hard on them, including on marketing. They were not simple experiments. Each time, they really thought it would be the default for Ubuntu during 2 or 3 years. I spent three years investing myself in bzr while dismissing git. I know what it feels.

But remember what I told you about learning useless layers of things added on top of others. I called "theology" for a reason. You spend your life studying theology, studying one lone book because you believe that this is the truth, the only one.

Waking up is painful. Realising there are plenty of books is painful. Feeling that people around you are either stupid or lying is painful. That’s probably why most people don’t really want to understand what they are doing. Ignorance is more comfortable than knowledge. And the more you give to ignorance, the more knowledge hurts. Being proud of one’s ignorance is called "faith".

• The cost of being convinced

Have you ever realised that the mere dictionary definition of "faith" is "Believing something is true without evidence, without logical reasoning". Which is, in my own world view, the exact same definition as "stupidity". Which is exactly what religions and marketing are trying to grow in our brain.

Which is exactly what most of us, software developers, are paid to do. We are working for the new dogma. We are making the world stupider. Starting with ourselves.