In this increasingly "Software as a Service" world, it's nice to have a good alternative where you actually own the software you are using. Being FOSS is just icing on the cake. Huge respect to the team behind Krita, and the KDE community as a whole.
While I share your appreciation of Krita and FOSS in general (long live Gimp and Inkscape), I have to point out that there are good commercial software that are not a total subscription rip-off (I'm looking at you Adobe). Here are some I know of and have used (bugs and limitations and everything):
- The Affinity suite
- Corel Painter
and perhaps a few others. They do their job of paying their developers, cultivating artist communities, doing R&D and pricing their products at something reasonable for the average artist.
Yeah, I picked up Affinity a few years back and haven't regretted it. I don't do graphics work enough to justify a subscription. Affinity's products hit a good price sweet spot of being affordable, and they're well supported.
I actually ended up more heavily switching to Krita though, just because I could install it on machines that weren't "mine" without worrying about the license, and it was enough for my purposes in most cases.
I also love Acorn on the Mac. It’s not as advanced as Photoshop, but I can do my layers, “curves”, selections, masks, etc. And I find the UI easier to manage than GIMP. I think it’s about $30 and you have to pay for major upgrades. I’ve paid twice I think in maybe 5 or 10 years.
Yeah the Affinity programs completely cover everything I used to do with the Adobe Suite. I'm not a professional designer but I often have to do small photo editing / vector design tasks and Adobe always felt like such a rip-off, especially once they switched to their subscription model. Very happy there is some competition in this space.
Corel painter has terrible UX, to the point where I deleted it from my computer after three hours attempting to follow tutorials. On Mac, I strongly recommend Pixelmator.
Note the red message about how to run the installer on Windows despite the SmartScreen popup.
Microsoft really needs to do something about the whole SmartScreen mess if even properly signed, popular and trusted open source tools like Krita require such a "how to get around the SmartScreen popup" note in their installation instructions.
There absolutely is a reason. Microsoft's reason. Scaring users away from independent software distribution means more people will use the Windows Store.
Unfortunately, Android, iOS, and MacOS are the alternatives non-technical people look at, and they're all much worse about installing software than Windows.
Of course! If they made independent software distribution impossible at the same time as introducing the store there would be an enormous backlash.
The strategy is to introduce the store and slowly make independent distribution more and more onerous, using security as justification. When people complain you can say "just put your app in the store and you won't need to worry about signin/notarisation/etc."
You mean the "Open File - Security Warning" popup that has existed since XP?
I have never seen a regular computer user not clicking the "Run" button in less time than it takes to read anything in that window. One notable exception I can see is people who've pirated games from gog.com, and want to check that they're unmodified.
It's not gaslighting to point out the error in @Complexicate's argument. If you want to convince people here then you need to get your facts straight rather than making childish statements.
Have you never had a relative (usually your mom) install malware because they didn't know any better? Most people are not so tech savvy as those of us who frequent Hacker News.
There's nothing wrong about a malware scan on download (Chrome does this automatically too), but this scan should be smarter about detecting actual malware (it's called SmartScreen after all).
But it's basically an impossible problem to solve while not preventing running useful applications. You can only do that well until it becomes too difficult to do better.
Just because it is impossible to solve completely doesn't mean they should get off the hook for conveniently "forgetting" innocent open source packages.
>But it's basically an impossible problem to solve
This is not just possible, but relatively easy to solve. Applications can be sandboxed by default. Signing the application or user granting it extra rights can remove some restrictions from the sandbox.
But the message specifically says MS will only trust applications signed by a Digitcert certificate. The problem isn't that they're doing the check, it's that the check is poor. There's no reason it needs to prevent people from installing software that has been signed.
'Zactly. Every tech company has a strong interest in platform lock-in, not only do they collect a cut on whatever gets sold through the platform, but their data collection is better, so they can sell it to marketers.
> There's no reason to scare users away from independent software distribution.
Can you please for the love of Zeus make up your mind already? "Installing random software from the Internet - bad! Linux good because package manager!" Microsoft offering a "store" (most software on it is free anyway) and allowing signed installers that won't trigger warnings - also bad!
So which is it? And more importantly, how is this any way worse than the common practise in Linux to install 3rd party software via some variation of "wget -O https://some.totally.trustworthy.website/install | sudo bash" that won't show any warning whatsoever?
TL;DR There totally IS a reason to scare users away from installing random crap from the internet. And that reason is independent from operating systems or companies!
I can't speak for others, but for me there is no need to make up my mind:
1) Installing software directly from the developer --along with being able to develop yourself-- is not only perfectly fine, it's what makes personal computing great.
2) Package management is an over-engineered and inflexible solution that creates more problems than it solves.
3) Installers aren't as bad as package managers but are still overly complex and cause problems. Applications should be single files or directories that can be moved or copied anywhere you want. Numerous OSs had applications work this way by convention and it is also how AppImage works.
4) Application-level security should be applied by default and at the OS level. Mobile OSs got this (mostly) right.
> 1) Installing software directly from the developer --along with being able to develop yourself-- is not only perfectly fine, it's what makes personal computing great.
Nobody's stopping you from that, not even SmartScreen. The issue is that close to 100% of all malware is installed by users and the critique has been that Microsoft is offering neither sufficient protection nor a safe(r) alternative.
SmartScreen and Windows Store - whatever your personal opinion about those might be - are completely optional ways to address this critique.
> 2) Package management is an over-engineered and inflexible solution that creates more problems than it solves.
All major *nix-based operating systems and their distributions seem to disagree with you on that; Most programming languages included.
> 3) Installers aren't as bad as package managers but are still overly complex and cause problems. Applications should be single files or directories that can be moved or copied anywhere you want. Numerous OSs had applications work this way by convention and it is also how AppImage works.
And that solves the security and trust issues how?
> 4) Application-level security should be applied by default and at the OS level. Mobile OSs got this (mostly) right.
Oh yeah, especially mobile OSes where every app wants full access to everything or just won't install/run. Pop-ups are just as bad because now you just train users to simply ignore them.
There is no silver bullet here, and SmartScreen isn't some "evil gatekeeper" that just exists to thwart independent software development. It's just an imperfect tool to address security and trust issues with random software packages downloaded from the internet.
> All major nix-based operating systems and their distributions seem to disagree with you on that; Most programming languages included.
Yes, and I still think I'm right and they are wrong. You're welcome to disagree, but I personally wouldn't hold up the distant 3rd place in desktop computing as evidence against my argument.
> Oh yeah, especially mobile OSes where every app wants full access to everything or just won't install/run.
Like I said, only mostly correct.
> Pop-ups are just as bad because now you just train users to simply ignore them.
Agreed, so don't do popups.
> There is no silver bullet here, and SmartScreen isn't some "evil gatekeeper" that just exists to thwart independent software development. It's just an imperfect tool to address security and trust issues with random software packages downloaded from the internet.
I never said otherwise. I just think we can do better than SmartScreen.
> Yes, and I still think I'm right and they are wrong. You're welcome to disagree, but I personally wouldn't hold up the distant 3rd place in desktop computing as evidence against my argument.
FWIW, Windows also has a package “manager”, although it didn’t manage installed packages last I checked (despite being basically a copy-paste of WinGet IIRC). But I see no reason to hold up what AFAIK is the shrinking 3rd place in computing (behind cloud and mobile) as evidence. Servers and phones install software too.
And Linux has AppImage. However, it is the common convention that is important here and for decades Windows convention has been application installers.
> But I see no reason to hold up what AFAIK is the shrinking 3rd place in computing (behind cloud and mobile) as evidence. Servers and phones install software too.
Ok, let's look at mobile... which uses self contained applications. Huh. How about server... where things like VMs and Docker are increasingly popular because they allow self-contained services. Hell, even developers use Docker to create self-contained build environments.
Regardless, I don't think what servers do is very applicable to how desktops should work. Mobile is much more applicable because they are personal devices, like desktops, but they are still a distinct entity with different use cases.
> 3) Installers aren't as bad as package managers but are still overly complex and cause problems. Applications should be single files or directories that can be moved or copied anywhere you want. Numerous OSs had applications work this way by convention and it is also how AppImage works.
I do like this. The only thing that concerns me is disk space (which isn't really that big a deal at this point) and things like crypto libraries. With the crypto libraries, what happens when the statically compiled package has an out of date library/how do you recover without having to upgrade every program individually? (This is a serious question, I'm not trying to be rude. I'm sorry if I come off that way.)
In most systems, but notably not Linux, there is a separation between the "system" and "applications". Things that are part of the "system" are meant to be a reliable platform that anything can use. The platform provides UI, networking, crypto, compression, etc. libraries that are used by basically everything and the self-contained application need only supply its various libfoos that aren't part of the platform.
> "Installing random software from the Internet - bad! Linux good because package manager!"
Yes.
> Microsoft offering a "store" (most software on it is free anyway) and allowing signed installers that won't trigger warnings - also bad!
Yes, but ONLY because they require you to create a Microsoft account. If you could use it without the account, then it would be fine.
Edit: I also tend to trust package maintainers for established distro's more than I trust Microsoft's QA. This is just me though so only partially relevant.
> So which is it? And more importantly, how is this any way worse than the common practise in Linux to install 3rd party software via some variation of "wget -O https://some.totally.trustworthy.website/install | sudo bash" that won't show any warning whatsoever?
(Windows Store) is worse than (random.exe)||(wget -O some.stupid.site/something.sh | sudo bash) is worse than (Proper package manager)
Technical reason: Microsoft's moderating is kinda garbage. I don't trust them to keep malware out of the store effectively.
Edit: I trust my capability to moderate the sites I download from more than I trust Microsoft to prevent malware on the store.
"Ideological BS": I don't think wanting to stop account proliferation is "ideological BS" I have a certain number of accounts, I want less. I see no reason to make more.
Ideological BS: I don't trust Microsoft to not do more tracking than I find ethical.
> I trust my capability to moderate the sites I download from more than I trust Microsoft to prevent malware on the store.
So you are implying that your personal capabilities reflect the majority of users out there? That's a bold assumption!
The Windows Store is meant for a general audience, and the general audience are users that ended up with 10 rows of custom "toolbars" in their browser after a few days of using the internet.
The fact that you trust your own abilities over those of Microsoft (of course without giving a concrete example to justify your mistrust) has nothing to do with millions of non-tech savvy users that would otherwise just download Krita.Totally.Not.Malware.Believe.Us.exe from webshop24.ru, because they clicked on that cute cat image that told them to...
> The Windows Store is meant for a general audience, and the general audience are users that ended up with 10 rows of custom "toolbars" in their browser after a few days of using the internet.
Maybe at one point, but at this point the general audience
A) Just does everything in the browser.
B) Knows enough to do things right
C) Does not yet know enough to do things right, will screw up an install, and learn from experience.
D) Will manage to repeatedly screw things up.
D is a surprisingly small group, and I'd personally rather group C screw up their stuff and learn.
> The fact that you trust your own abilities over those of Microsoft (of course without giving a concrete example to justify your mistrust) has nothing to do with millions of non-tech savvy users that would otherwise just download Krita.Totally.Not.Malware.Believe.Us.exe from webshop24.ru, because they clicked on that cute cat image that told them to...
What's to stop me from creating "K-Dev LLC" and putting "Krita+ Ultimate" on the Microsoft store, of course with my own malicious add-ins?
As far as "Without a concrete example to justify your mistrust". Yes. I do not have a concrete "I installed this from the Microsoft Store and it was malware story". That being said, Microsoft has repeatedly shown themselves to be ineffective at security. To be clear, They have a _massive_ and extremely difficult task in front of them. I just have no reason to expect it to work, and experience suggesting it won't.
Note that not all these incidents resulted from drive-by-downloads or elaborate hacks:
> Riviera Beach: In June, Riviera Beach, Florida, was hit with ransomware when a police department employee opened a malicious email attachment.
In 2019, people still click every e-mail attachment unchecked, even though e-mail attachments have been a primary vector for attacks for decades at this point.
Putting faith in the abilities of the average user is the first step towards disaster. The average user is not more aware or capable in 2020 than they were in 1995. People still carelessly put random USB drives into their machines, still open dodgy e-mail attachments and still download and execute installers and other executables from random websites.
Some sobering stats for mobile [1]:
> Less than 20% of mobile malware is delivered via a browser — the remainder of the payloads come through an app. (Source: RSA Current State of Cybercrime)
Last but unfortunately not least, unpatched systems are still presenting a completely avoidable attack vector for malware and ransomware, because users (both private and industrial/institutional) fail to update their systems [2].
So no, the harsh reality is that the average user is neither aware, nor capable of "doing things right".
In my experience, B is the smallest group of the four I listed, mostly only gamers and some creative professionals.
That being said, most of my experience is with consumers, not corporate IT. I still believe that consumers should be able to install from any source, and not pressured into using the MS Store. In corporate-land however, of course the user should have restricted rights.
As far as the state of mobile, isn't that supporting my point that moderating app stores is almost impossible unless you curate it yourself?
Edit: +1 for your comment though. It made me sit and think about things for a while, for which I thank you.
Google Chrome has a malware scan for downloads that actually seems to work, unlike Microsoft's SmartScreen which seems to be completely broken. Integrated malware protection is a good thing, but it needs to work to be useful (e.g. not automatically flag properly code-signed non-malware as malware). If users see the SmartScreen popup for regular software too often, they are just trained to automatically find and click the "Run anyway" button.
That's fair, but completely besides the point of the OP.
If the complaint is "because it doesn't work well enough", the proper solution is to just disable it, which is of course an option. Crying "foul!", however, is neither constructive nor helpful in way.
> If the complaint is "because it doesn't work well enough", the proper solution is to just disable it, which is of course an option. Crying "foul!", however, is neither constructive nor helpful in way.
Are you sure you meant exactly what you wrote?
I mean: The correct thing to do if you have a smoke detector that gives false positives isn't to throw out smoke detectors but to complain to the place that sold it and get a new one that works.
I am sure I mean what I wrote. If someone thinks SmartScreen isn't a good solution, they should disable it. Using a different solution is independent of that.
To use your smoke detector analogy: if a smoke detector goes off twice a day and once in the middle of the night every other night, you sure as heck DO throw it out. If only because every false alarm desensitises you to actual alarms and makes your default reaction to just remove the batteries of that thing.
The real issue is that the false alarms don't necessarily come from a faulty detector, but are due to the fact that someone keeps smoking in the house or keeps burning their food all the time and then keeps telling everyone that smoking doesn't affect them negatively, because they only smoke one cigarette every other day so smoking is actually safe for everyone and that the detector is to blame for all the false alarms.
I trust Linux disto maintainers hell of a lot more to curate software in line with _my_ interests. Microsoft has profit as their overriding goal, so anything that contradicts that will be eradicated from their app store.
They are just imitating Apple's macOS - their GateKeeper also irritates you similarly when you install stuff not available in the app store (which I specifically avoid). Nobody wants their mac to turn into an iPad / iPhone.
Getting past Gatekeeper on macOS is roughly the cost of a $100/yr developer program certificate and rigging up notarization support into your build pipeline. SmartScreen is way worse - from the grumblings I've heard it basically doesn't care all that much about code signing. Even if it did, code signing on Windows is more expensive than it is on macOS. There's constant reports of Free Software developers of niche software packages getting their new releases stopped by SmartScreen and then Microsoft manually approving it. It runs on some fuzzy logic/ML nonsense so even Microsoft themselves doesn't entirely know why SmartScreen is constantly flagging Free Software developers.
Apple's next move is to disallow unsigned software entirely, Gatekeeper popup or no. They already announced it for ARM Macs [0]. It currently allows adhoc signatures, but I'd be shocked if that didn't go away in the next couple of versions unless they were built locally.
That document doesn’t appear to say what you are claiming.
Disallowing unsigned software altogether would contradict other statements they have made.
That said, I wouldn’t be surprised if it becomes something you can only enable from the command line.
They have clearly stated that Apple Silicon Macs will be open to whatever software you want, but they may well choose to make that more difficult for inexperienced users.
It's awesome that the Linux version is distributed right on the website as an AppImage next to the Windows and MacOS downloads. I very much appreciate software that doesn't require me to wait for a third party maintainer to get around to building it for every distro or require me to add a new repo to a config file somewhere just to use the latest version.
I've become a big fan of AppImages. I found a project on Github called AppImageInstaller which will create a Gnome/KDE integration shortcut for you and move the AppImage file to a "programs" directory of your choosing.
I usually just "Open with AppImageInstaller" when I download them, it pops up and asks if you want to run once or integrate. When you get a new version you can right-click the old one's shortcut/icon and AppImageInstaller's integration give you a "remove from system" type option.
I use Cura as an AppImage, FreeCAD, Lens (Kubernetes "IDE") Zettlr, and a few others as AppImages. It's really clean and convenient.
It really upsets me when I find tools I want only have snaps, because like any sane person, I kill snapd the second I install an Ubuntu system (Laptops) and I run Manjaro on my desktop so snapd isn't going anywhere near it.
Not if you want to run more versions side by side including betas, if you are a professional you don;t update your tools mid-project and pray it will be fine.
In fact, I think Linux's package management is too inflexible. You always need to wait for maintainer to package it for you, and it is not as fast as upstream. To have multiple version of a same package usually require to compile yourself, use a PPA or download a package and install it. Compiling a software not always easy, and it takes times. The PPA and install a random package from Internet isn't really securer than Windows's way of software distribution IMO.
Linux has the advantage of many choices so you can use what fits you best.
If your hardware has good Linux drivers and if the software you need has a Linux version then IMO you can find a distribution that will match your needs. Arch could be great for some people but an LTS will be more popular with other people. For example in my case I use Intellij for work and it comes in a tar.gz file format that I can use and I can keep the old version around when updating. The only time I compiled things was when I modified stuff to add my own changes to open source software.
If you are gaming I think you should still use Windows or a console, even some will claim Proton works with most games the experience can be frustrating with many of the games that are claimed to work.
Which is why I use Windows much more than Linux despite in principle preferring FOSS. It's a shame the Linux Desktop community is so hostile to criticism, otherwise maybe I could use Linux more.
The specific criticism I think that generates the hostility you're experiencing is something like "Linux should be easier to use / easy to use for the everyday computer user". In general I think most people would agree with you, but it comes across as an ignorant comment given the well-known economics; and especially in the context of a conversation about someone who is unwilling to contribute or at least build their own software.
Where am I saying that? I have a specific criticism, that package management is unnecessary complexity that introduces more problems and limitations than it solves. It has nothing to do with being easy.
> but it comes across as an ignorant comment given the well-known economics
What the fuck does economics have to do with it?
> and especially in the context of a conversation about someone who is unwilling to contribute or at least build their own software.
I do both of those things. Your condescending conclusion otherwise is emblematic of my problems with Linux Desktop as a community.
Consider: it's not that Linux users are hostile to criticism, it's that your criticism is of the laziest, least-intelligent part of the spectrum of criticism.
Arch's Krita was updated to 4.4.0-4 at 2020-10-13 18:23 UTC, approximately 18 hours and 52 minutes ago.
While I can't see when the original blog post was submitted, I know this forum post was posted 2 hours ago. Are you sure you would benefit from updating even faster?
EDIT: In any case, you could use the AUR package that points directly to the git repo.
Would the AUR let me have the current Krita and the old one installed simultaneously? My experience with repo/package models suggests it very much would not.
I don't think so. It should be possible to install the older version in different prefix (e.g. `./configure --prefix=/opt`) but I don't think AUR supports multiple slots (like portage does) out of the box.
My cursory search on the interweb did not yield any promising results on the Arch wiki either. Happy to be corrected, of course.
It is _beta_. Don't use it for production work! I'm currently paying Sharaf who did the original port to work full-time on fixing Android/ChromeOS issues, but we're not even at the stage where we can think of implementing a tablet-friendly user interface again.
We just made it build, which needed a bit of hacking in Qt, and then some hacking in Krita, but it was doable within the scope of a Google Summer of Code. Of course, the devil is in the details, and that's what Sharaf is working on now.
This update looks terrific. One nitpick: Krita should have a high-res logo in their navbar. I could see it being a slight turnoff for potential adopters looking for a professional art program.
Is Krita good for vector art? I often use InkScape to touch up or modify icons, but have found InkScape's UI to sometimes completely bug out. (besides looking generally bad).
It has some rudimentary vector support, though. It is possible to create a SVG layer and even apply effect layers to it -- most notably, text is handled that way.
Yes. My children use a Wacom tablet with Krita. It was actually less trouble to get it working on Linux than on my MacBook. On Linux I just had to plug in the Wacom table and I was immediately able to start drawing in Krita.
For me, plugging it in worked flawlessly, getting it to work with Bluetooth took some fiddling.
Got it to work but it was one of those Linux things where I don't know what I did to get it to work, but it works now, and the next time I set up a new machine, it will be another few more hours of my life.
Yes you really need one with this kind of program. It emulates pencils, pens and brushes much better. Like the pressure sensitive aspect in particular.
They do a bit. I often do adjustments and editing on raw photos from my camera with Krita (colour curves, minor rotations, copying heads between group photos so everyone's eyes are open, etc.). Historically GIMP couldn't handle the higher bit depth, so Krita was it.
If there's something that GIMP can do that Krita can't, I never encountered it in over two years of using it for front end development and graphic design work.
There are some photo-specific effects and tools present in GIMP that are missing from Krita. I remember having to switch to GIMP for some edits, but I can't recall the specific features. 95% of the time, though, Krita is all you need for photo editing.
Oh but they do. If Krita had just a couple more filters, GIMP would be basically obsolete. Out of the photo manipulation I do on Linux, more than 90% I do in Krita.
I'm not doing any painting in Krita, I'm using it for image editing. I always hated when I had to use GIMP in the past and it ways a joy to discover Krita and find that it does everything I needed GIMP for, but with a sensible user interface.
Judging by the pace of development, adoption among users and general attitude I think that sooner or later Krita will surpass GIMP and make it obsolete.
