*Proceeds to wait and pirate it anyway
- 7 Posts
- 114 Comments
sonofearth@lemmy.worldto
Games@lemmy.world•Steam Machine pricing announced (from $1049-$1428 USD), reservation lists openEnglish
41·14 days agoThey are shit
sonofearth@lemmy.worldto
Linux@lemmy.ml•Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware
1·23 days agoFine agree with all of what you say. But still the AUR is the only repo where this happens majority of the times. So what to do next? I am sure the solutions I mentioned in a comment below are not that difficult to implement.
sonofearth@lemmy.worldto
Linux@lemmy.ml•Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware
1·23 days agoAnd what do you need so many packages for?
Zen Browser, Elecwhat (Whatsapp – which is recommended in Arch Wiki), Razer peripherals drivers, heroic games launcher.
sonofearth@lemmy.worldto
Linux@lemmy.ml•Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware
1·23 days agoWithout the AUR Arch becomes a third world country distro because the official repos have only the basics.
sonofearth@lemmy.worldto
Linux@lemmy.ml•Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware
11·23 days agoI am not talking about the code. I am talking there are basically zero security measures.
Edit:
Demanding to do more work from volunteers which already do a lot of work for free is rude. If you want something done - do it yourself
Then don’t make the platforms in the first place. This is such a stupid argument. It’s like someone creating a nuke but then ignoring the security measures and telling the rest of the people to take care of it. Genius. Should stop asking people to switch over to Linux as well then. Might as well I should just start bad mouthing and defaming Linux because users are left on their own by a hostile community.
sonofearth@lemmy.worldto
Linux@lemmy.ml•Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware
21·23 days agoThat’s why we have warnings plastered all over.
Plastering warning labels everywhere is a cheap way to shift 100% of the accountability onto the user. Security should be built into the AUR’s design (throttling new accounts, forcing forks for orphaned takeovers or maintainer-developer verification), not outsource your job to the users as a reading assignment before every system update. Humans are the final layer of defense not the first.
Or maybe don’t use AUR blindly? You’re doing the equivalent of sudo curl — | bash… So only do it if you truly trust it.
There is a massive difference between blindly curling a random script from the open web and using a centralized, organized community repository. Yes AUR helpers are not recommended but they exist and are used by majority of Arch users and you can’t expect the user to know code and pkgbuilds especially when distros like CachyOS make it so damn easy to install the OS with AUR being just a checkbox away.
sonofearth@lemmy.worldto
Linux@lemmy.ml•Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware
11·23 days agoJust don’t run random code that you don’t understand
I don’t understand any code so does that mean I shouldn’t use any software? that is 99% of the world.
whole purpose of AUR, users can create and share packages with minimum fuss
This doesn’t take away responsibility away from the Arch team. I can manually review pkgbuilds all day trying to understand no problem but expecting the user to do it every update is stupid. At some point the user will just start to trust that package maintainer. I already mentioned few steps that the Arch team can take in a comment below.
sonofearth@lemmy.worldto
Linux@lemmy.ml•Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware
21·23 days agoI am gonna get a lot of hate for this but the AUR flaws are hidden behind a legal warning of “At your own risk”. They just don’t want to take the legal consequences for this. That’s why there are basically 0 preventive measures for detecting bad actors and preventing malicious attacks.
I can think of some solutions:
- If a package is orphaned then let a potential maintainer just fork it and flag the original for deletion. So the user who has actually installed the old package and want an update will manually go out looking for the updated one instead of just doing a
yay -Syuone day and getting malware on the system. - If the developer and maintainer are the same for an AUR package, let them maybe add a ArchWiki style captcha, whose output can be added to the upstream repo like in
.aurverificationfile, which can be detected by AUR when putting in the upstream repo URL and the maintainer must verify with that captcha every 6 months or so just to prove active development. If they fail to do so, mark the package as abandoned or unverfied. - Newly created accounts will have a cooldown of a week to add a new package to the AUR (I don’t know if this exists already as I haven’t looked into it). And they can only create one repo in a month until a year has passed. They can takeover or fork orphaned packages only after a year and if they are maintaining at-least one repo of their own.
- If a package is orphaned then let a potential maintainer just fork it and flag the original for deletion. So the user who has actually installed the old package and want an update will manually go out looking for the updated one instead of just doing a
sonofearth@lemmy.worldto
Linux@lemmy.ml•Arch Linux's AUR Sees More Than 400 Packages Compromised With Malware
112·24 days agoMaybe maintenance of packages shouldn’t just be handed over to newly created accounts. This is a design flaw on AUR’s part. As Linux popularity rises, these types of attacks will just keep growing. There should also be some sort of system where it is easy to verify that the maintainer of the package is also the actual developer. Like brave-bin has brave has the maintainer who are also the creator. Just give a green check mark to them or something.
sonofearth@lemmy.worldto
Games@lemmy.world•Valve to no longer offer physical gift cards due to scammersEnglish
4·26 days agoI think it is for the better. Digital gift cards are more convenient. Plus less paper and plastic use is a net positive for the environment as most people throw physical gift cards (that are redeemed digitally) in the trash anyways. Although it is good to acknowledge that people who will lose out on the attachment in physical sense, like wrapping it up for a friend and seeing the excitement on their faces or a kid or a teenager going getting a physical one with their pocket money cash. But this is mostly in the west though as in the East the concept of physical gift cards is long gone now and even kids spend money digitally through parental access payment methods.
Absolutely but it is not easy. It needs to have several layers of abstraction by hiding what packages are being updated and auto approving themselves without prompting for password. There should be an automatic rollback mechanism in place in case an update goes bad. Some programs will need to auto-update themselves as users would expect like google chrome, firefox — which I don’t think we currently have other than steam. Otherwise if a person skips an update, they will leave their system vulnerable to the security bugs in browsers.
Only tech savvy people will actually install an OS. Unless you put a “Install OS” button on the keyboard most people will never switch. So they will probably never use Linux because the idea of switching defaults is scary because it is not “officially supported” by the manufacturer. Using the terminal is not a big deal. Most people can learn and adapt very easily, it’s not rocket science. The official defaults mindset is a barrier.
If we want Linux to grow, we need it to be installed by default on major hardware.
deserve an OS that is easier to use
Mint, Zorin, Ubuntu. They exist and have existed for a long time. They simply are not the default OS on any major piece of hardware.
That is not the barrier. Most people stick to defaults and don’t know how to install an OS. When any person switches, they will try to learn an adapt. If it is a shitty experience, they will switch back to defaults. Updating your system through command line is not a shitty experience.
sonofearth@lemmy.worldto
World News@lemmy.world•Pakistanis who gang-raped French tourist in front of her children after her car ran out of fuel will be executedEnglish
1·1 month agoLook at my other main comment in this post bud. I called out India specifically. And the OC point is not Hinduism vs Islam but how extreme Islamic regimes have a rape culture that is legal. All religions are shit in my opinion and they should never be integrated into the government systems.
It’s funny how when I criticise the Modi government, I get called out Anti-National and Anti-Hindu and when I call out religious non sense in Islam, I get called out as a victim of Propaganda by a fascist party and Islamophobic. Whereas in reality both religious arguments are being extremely right wing.
I love how 1998 looks. It is clean and servers the purpose. 2001-2009 feel over designed, 1988 and 2012 not sure whether the dark part is the scroller or the light part lol.
sonofearth@lemmy.worldto
World News@lemmy.world•Pakistanis who gang-raped French tourist in front of her children after her car ran out of fuel will be executedEnglish
51·1 month agoNo Epstein because they pretty much don’t give a shit about child marriages so no one talks about it as if it something bad. Parents marry their girls off even before puberty. Only an idiot will think any religious state is progressive. Just because West has problems that their right wingers ignore doesn’t mean some other religion extremist regime is any better. You simply cannot compare two bads and conclude “AtLeAsT tHeY sEeM mOrE PrOgReSsIvE”.
sonofearth@lemmy.worldto
World News@lemmy.world•Pakistanis who gang-raped French tourist in front of her children after her car ran out of fuel will be executedEnglish
6·1 month agotwo wrongs don’t make a right.
sonofearth@lemmy.worldto
World News@lemmy.world•Pakistanis who gang-raped French tourist in front of her children after her car ran out of fuel will be executedEnglish
406·1 month agoOne instance doesn’t mean Pakistan is for women. This incident happened in 2020. It’s just because of the protests that led to the arrests.
Pakistanis will kill a woman for being a Hindu. It’s a one religion state. Pakistan also sponsors terrorism and extreme Jihadists who believe women must wear burkhas all the time. It is a failed state that borrows money from the west just to keep itself floating and sponsor terrorism.






The argument can also be flipped by saying that companies won’t make a better game on launch because customers are happy paying for a subpar experience even after knowing the game is not optimised. It doesn’t matter to them when a few customers leave as long as they are making a profit and the stock prices remain up. And pre-booking sales already help them with that.