When we consider any new features or changes for Steam, our primary goal is to make customers happy. We measure that happiness by how well we are able to connect customers with great content. We’ve come to realize that in order to serve this goal we needed to move away from a small group of people here at Valve trying to predict which games would appeal to vastly different groups of customers.
Thus, over Steam’s 13-year history, we have gradually moved from a tightly curated store to a more direct distribution model. In the coming months, we are planning to take the next step in this process by removing the largest remaining obstacle to having a direct path, Greenlight. Our goal is to provide developers and publishers with a more direct publishing path and ultimately connect gamers with even more great content.
This is a big step for Steam, and will make it incredibly trivial for developers and publishers alike to publish games on Steam.
So does that mean we can soon look forward to malware in the Steam store?
Exactly what I fear.
On the plus side, games are much more self-contained than other types of apps, so they should be easy to sandbox without getting developers to hook into things Flatpak portals.
On Linux, maybe Steam could apply bubblewrap (the Flatpak sandboxing component, usable independently) and then dynamically add and remove stuff from the network whitelist based its knowledge of its own matchmaking.
(If you’re not familiar with them, portals are Flatpak’s solution for allowing application developers to opt into an Android-style sandboxing experience, where, for example, instead of just opening a file-picker and needing access to the filesystem at large, they fire off a D-Bus API call, the picker is provided by trusted code, and they receive a means of accessing the requested file through the sandbox… sort of like how browsers do local file access.)
http://www.jgrulich.cz/2017/01/18/kde-flatpak-portals-introduction/
http://flatpak.org/xdg-desktop-portal/portal-docs.html
(Also, given that it’s being implemented at the level of toolkits like Qt and GTK+, it should finally provide the necessary incentive to ensure that users will be able to pick a desktop and all of their applications will share the same set of common dialogs.)
That pretty much sums up my opinion of mobile gaming; Malware. All of those in-app purchases make movile gaming far more annoying than any joy in the games for me. Especially when it is a pay for game.
Granted, the same could be said of many F2P games that are already on Steam, but at least they don’t pop up the “if you would like to play more, watch this ad.” As soon I see that in anything, that program gets removed.
The problem is that there are plenty of big (albeit not necessarily mainstream) games, especially MMO’s, that are already installing rootkits or needing to run as administrator so their anti-cheating components work (or in some cases because they were designed by idiots and do stupid stuff like copying their program directory to the top of the C drive prior to launch and running from there). The only way to sandbox those is a complete virtual machine, which is impractical for multiple reasons, especially for those wimps who are incapable of playing games except on the highest possible graphics settings with maximal frame rates.
On the Linux side you could at least use stuff like firejail (with the right settings, you can get Steam running fully namespaced with system call filtering under firejail, and about 80-90% of the games available on Linux work pretty much flawlessly when launched from it), but you can’t really do much of anything on Windows as an end user, and proper sandboxing is a serious PITA on OS X.
Firejail and Bubblewrap are actually two different frontends to the same underlying mechanisms.
As I understand it, the reason they both exist is that Firejail was developed before they split Bubblewrap out of Flatpak (then known as xdg-app) to be usable independently and Firejail development spends more effort trying to find ways to make unmodified applications amenable to sandboxing.
Edited 2017-02-13 21:27 UTC
In general, yes, although from my limited knowledge of both, firejail is a bit easier to use if you’re not a programmer. I’d argue though that sandboxing is significantly less useful to an end user if it requires the application to opt-in, which is a large part of why firejail still exists.
No argument there. I plan to Firejail almost everything as soon as I have time to upgrade from Kubuntu 14.04 LTS to one without problems like the PulseAudio compatibility flaw.
How do you know that there isn’t malware on Steam already?
This move could easily make some amazing independent games see the light of day, we will just have to sort through the crappy cash grab titles.
We will have more Sitting Simulators 2017 and advertisement games
Soon steam will be like google play. Boast millions of apps, including flappy bird, tappy bird, clappy bird, snappy bird, patty bird…
Hi,
.. where tappy bird is full of advertising, clappy bird is “freeware” (where you have to buy “clappy points” with real money to unlock core features), snappy bird has a nag screen asking you to donate that pops up every 5 minutes, and patty bird is awesome but only if you buy the 15 DLCs (at $15 each).
– Brendan
I like that there were people vetting and curating things. How will they avoid ending up just like Apple’s App Store or Google Play, with a lot of noise and very little signal – not to mention a race to the bottom in terms of pricing, and therefor content quality
That’s one reason I get all of my games from GOG.com and Humble Bundles.
I’ve got so many games that I’m OK with missing a few that are good but fail to get enough mindshare for me to hear about them outside those avenues.