Home

Some decision explanations:

1. Why sandbox applications? Personally I came to linux from windows. And one nice feature of windows is that you can just find apps online and download them. Of course, this is not very safe. You are giving an unknown application admin privileges just to install itself. Package managers claim to solve this but they have their own issues. If you try to download something from a PPA or the AUR you are giving some random, potentially closed source software root access. AppImage requires no such root access, although Neptune installs to root so that each user does not have to install the same AppImage to the hard drive. This gives us the best of both worlds - random applications get no root access but can still be integrated into the system. However, root access is really not important in this day in age - in my opinion. Most people have their own personal computer which they share with no one or with their family. This contradicts the unix idea of a computer for many many people to use. In this model, users install software which they trust completely, and the main goal of the unix system is to protect the root from userspace malware. But, in the era of Personal Computers, the main threat is from closed source or even open source software, in my opinion. In order to protect from that, Neptune also sandboxes its programs. Individual data homes make sure that programs can not spy on your files. In the future I will add a permission manager. As for how complete this future is, it is not complete yet. So far launching from terminal or from your desktop client will launch the program sandboxed, but if you launch directly from your applications directory it will launch unsandboxed. I've consider setting appimage as a mime type so that appimages automatically open with Neptune, but this might be risky as apps could not flag themselves as appimages and run unsandboxed. I think the best solution is unfortunately hiding the actual apps from the user and placing desktop files into the applications directory. This means that the applications directory could even be in your home folder though, so there is some benefits. Other ways I would expand it include adding a nep run command and a mime type so that you could run non-integrated applications in the sandbox. This project uses aisap, available here: https://github.com/mgord9518/aisap
2. GUI I have not attempted to make a GUI yet. One thing about AppImages is that its hard to run programs with different user permissions. What this means basically is that if you run a GUI, you want to run as user. But to access the root, you need root privileges. Unfortunately, only the user who runs the appimage can view the files inside of them, which means so far I have been extracting the integration executable to integrate apps per user. I'm sure I can find a way to package the GUI in one appimage, but this is not my main priority as I have many ideas yet to implement.
3. Future plans For the future, I plan to do many things. First off, if possible I want to give this program a GPL license. I'm not sure if its compatible with my vision of Neptune at the moment but we will see. I want to have a full app store, and a GUI permissions manager. I think AppImages have the potential to work like APK's on android. You can download APK's from the net or from the store. Either way they have permissions. What I would change though is how tight these permissions are. Most users on linux understand how to operate a computer so I would like to have an internet permission for example, because apps that don't need internet should not be connected in my opinion. I would like to add a better package manager such as appimagehub because the central repo for appimages does not work very well. I think AppImages are an odd format, because they depackage themselves into a tmp directory and run from there. But they are quite fast, take much less space then flatpak's or snaps, and fit the windows model better. I'd also like to decrease the size. The appimage update application ingrained in Neptune is most likely bloated, so I might want to code one myself or use a library to make Neptune update itself. I'd also like to make more support for CLI appimages, an arm branch, and manage my memory more responsibility. Basically, before taking this to GUI, I want to have a refined CLI app experience.