Why so silent, /g/?
Also don't forget the russians put a backdoor into SSH
I kept saying that wanting Linux to go mainstream was a shit idea but /g/ always went like >WE _MUST_ REACH HIGHER MARKET SHARE!!>but why?>WE JUST MUST OKAY??Now look where this got us. Literally anything goes to utter shit once it reaches actual mainstream. SteamOS sell signal.
both windows and linux can run executables. where did the "linux has no viruses" meme come from?
>>109048303>where did the "linux has no viruses" meme come from?From back when Windows was a single user OS that ran everything with admin permissions.
>>109048291Amen.
Linux is the kernel.
>>109048234>Reddit meme>multiple threads on this same topic already exist If only there was a Mediterranean herb I could use to spice this bread.
>>109048291Local news stations telling elderly to install Linux when their PC doesn't support Windows 11 was the sell signal
>>109048234Dunno
>>109048234>allow random anons to take over "orphaned" packages what did they think was going to happen?
>>109048234>silent>multiple threads hitting bump limitbait thread all fields
>>109048339I dumped all my Linux stock when that happened.
>>109048234Let me guess, you (((need))) more?>>109031268>>109038138>>109039307>>109040408
Nonissue if you aren't an Archtranny
>>109048234The AUR attack glows in the dark, but as long as you know what you're doing and don't install skript kiddie shit, you should be fine.
>>109048234AUR is the gloryhole at the local truck stop, you don’t go there if you care about a clean experience
>>109048234herbs, there's a thread.
>>109048234Strawman
>>109048291I stated in 2022 we were living the golden age of Linux. Games now worked, but we were niche enough not to be too enshittified or centralized. But what I did not foresee is LLMs and the hostile MIT takeover of our GPL software stacks. Free software had a good run. The future can only suck.
>>109048234in windows 7 you move the setup.exe file to a flash drive, and it's secuuuur forever (or until the flash drive wears out)
>>109048234>git clone git.com/virus>cd virus>makepkg -si>enter root passwordI have no idea how I got this virus it just happened out of no where, Linux is shit.>connect to the internet>300 viruses + tipPart and parcel of living in the big city.
>>109048234No one says Linux has no viruses.
>>109049006That was a common talking point like 10 years ago tbf
>>109048234>I use Linux mint, a "boring outdated OS"Not my problem
>>109049012Back when it was basically true.
>>109049033heresy! you are not secuur enough!
>>109049055it is still probably, but people became more paranoid
what do you use to list ipv6 connections i dont see it in ss
https://wiki.archlinux.org/title/Arch_User_RepositoryAnyone using this has followed detailed technical instructions to enable it and, in the process, read long, clear, strongly-worded, detailed warnings about the risks and how to mange them.As others have pointed out, it is equivalent to cloning+building+running random github repos operated by unknown people.
>>109048234Linus ix just a colonel, he doesn't have AUR support
>>109048234what does this have to do with linux?
>>109048333>If only there was a Mediterranean herb I could use to spice this bread.Salvia officinalis?
>>109049162/thread>>109049185nothing this is a ragebait/flamewar thread
>>109048234I don't use Arch so it's not my problem.
>>109048234AUR has nothing to do with Linux.
>>109048333>>109049198no i think he means the herb that was used to assasinate a roman emperorAtropa belladonna
>>109049162Some Arch derivatives have AUR helpers in their normal repos, like EndeavourOS. Which is just one reason why I keep recommending before you use any such ez mode for Arch, you should at least set up Arch manually once.
>>109048234>be me>not using arch and their shitty third part repos>never used systemd distros>not running random radioactive shit on my setups>as result never got screwed by any of the shit that is affecting modern linux distrosYeah, posers blindly following trends are always going to get fucked eventually, switching to any os will never change that.
>>109048234You reviewed the shitty C code and the package maintainer's config, right?
>>109048234>arch is the ENTIRETY of linux>AUR is used by THE ENTIRETY of linuxwhat happend to AUR is a huge shit show. HOWEVER they always made a big point over it having zero check ups with every user being able to upload shit willy nilly, which is hopefully finally going to fucking change
>>109048234>one distro is all of linux
>>109049947>every user being able to upload shit willy nilly, which is hopefully finally going to fucking changeYou do know what the U in AUR stands for?
>>109048329No one is writing viruses for gnu.
>using Fedora>nothing ever happensFeels good to not be a Jeetbian or Tardch user.
>>109048535I'm de-transitioning tomorrow. I only use one unaffected AUR package, but too close for comfort when I could just compile it directly from source on OpenSUSE and not even be tempted to use anything AUR again.
>>109048234>why so silentBecause everybody uses Windows. We just pretend to use Lelnux.
>>109048234>>109048240
>>109048234Nobody but pretentious, ignorant dipshits runs Arch.
>>109049204You before this>I use arch btw
>>109048317>ran everything with admin permissionsIt still does to this day
>>109051509>we
>>109048234I feel like installing slackware
>>1090518596.5/10
>>109050966I'm firing up my Slackware install.
>>109048234Free GNU/Linux distros do not have this problem. They reject malware if it's found.
>>109048240OpenSSH is used in everything, so blame the third party that took OpenSSH from OpenBSD and did as they wanted to.
>>109052459Don't forget to use a big ass magnet to fuck your hd data (to be safe), thrash your old hardware and buy a macbook, even better a chromebook, so all your data will be kept safe in a remote serverfarm.
>>109051737it doesn't. that was the whole point of uac.
>>109048964This. I wanted Linux to be mainstream, knowing some popular distros, desktops and core software would be enshittified. I still do, but I didn't expect it to be this bad. You can still avoid most of it if you know what you're doing at least and there are some initiatives being started by OGs to preserve the golden age Linux ecosystem.
>>109048234Not an issue on my debian machine
>>109048234>linux is more secureThis is true, windows security has always been dogwater>it has no virusesIt has significantly less than jeetware>AUR compromisedIt didnt. If you are retarded enough to run untrusted binaries on your system is not an AUR problem.
>>109053053Mentally ill trannies write pretty good software all things consideredI think its because of the tism
>>109048234>Bleeding EdgeIf you really care about security over new features there's an option for you
i'm back from holidays. just booted my arch. what should I know?
>>109048379They wanted to prevent squatting. imo more damning that we as a people need to get use to namespaced names instead of these one word ones. Winget does the same, using the stupid backwards domain names and flatpak as well.
nixpkgs > AURProve me wrong.
>>109053329Trannies love statically and strongly typed languages and immutability. It's incredibly ironic given their fluid nature.
>>109053417I was thinking of moving from the aur to nixpkgs after this...>>109053494Trve, i also find ironic that their hobbies are all male dominatedI know 0 biological women who know what a software is let alone ramble about "immutable declarative linux distribution inspired by functional programming patterns"
>>109048234So if the aur is "compromised" how come I never got hacked?
>>109053329They don't have the tism. They have psychosis. Completely different thing.
linux unironically needs active avthere i said it faggots. clam doesnt count. cope.
>>109053771AV doesn't work. Maybe in the near-future with magical on-device AI that can determine intent of some software, in realish time, but we aren't there. Currently, anything malware does is just as likely to be valid non-mallicious behavior.
>>109048234>use Ubuntu with snaps>archtrannies hate it for some reason>meanwhile i can actually work on it and never care about muh securitylife is good as always for us ubuntuchads
>>109053857>CVE-2026-3888, CVE-2022-3328, CVE-2021-44731Cry more snaptranny
The official Arch repositories are just as insecure. To become an official Arch developer you just have to go on IRC and confirm you're an unemployed troon.
>>109051699If by "before this" you mean over a decade ago.
>>109053857this except fedora with flatpaks. I don't know why I'd ever go back to Ubuntu at this point, fedora is basically what Ubuntu should have been.
>>109048240israelis*
>>109049012Being capable of critical thought I've watched Freetards with amusement for years.>Linux is more secure than Windows!>Also, Linux has package managers which makes it better than Windows!So what you're saying is all of your software is MitM'd, and you call this, "secure"?
>>109048234There's no such thing as 100% secure operating system. but the more popular and mainstream is the OS, the more people will want to attack it and the open nature of Linux development makes it a relatively easy target.>>109048291 is kind of right, but the actual problem is the fact that governments and big organizations started being interested with Linux. Linux being mainstream on it's own is not a problem - it's the fact that now hacking it means hacking EU, USA, fucking North Korea and other countries and companies is now a reality.
>>109048234herbs. it hasn't been silent. There have been threads on this. There's not much to say except that the Arch bros who were so arrogant got knocked down a peg, however, some Arch guys are amazing, Arch is the only place you can find some legacy rocm binaries.
anyone have a way to prove how quick this was discovered? Cus it seems to me like it was pretty instant and response was as well (first comment on alvr 2026-06-11 16:10, updated to remove malware 2026-06-11 16:49). Kinda seems non-issue considering.
>>109056262Security could be massively improved in many ways, but the eternal boomer and gen x golfer is too busy filling a bank account to be of any account to humanity. Just worthless trash that got in the way of worthwhile things.I'm not dissing golfing, btw, it's just a trait of the shittiest people that they golf.
>>109056316Also when going through affected packages I couldn't find a single one I could ever imagine actually using. alvr I guess is the closest thing. And there were some python/lib shits, but if you're installing those from aur you're retarded. Also can't get this officially but seems like chaotic were the ones that first caught it.
>get pwned by a dll or exe>user error>get pwned by a third party build script>THE ENTIRE ECOSYSTEM IS POZZED PANIC NAOMost honest corporate cocksucker.
>>109056643Literally nobody ever said that running an exe was not risky. It's the opposite, and everybody knew that, and everybody said you had to exercise common sense.It is freetards who claim their systems and app stores are heckin' safe and valid.
>>109056688The whole point of AUR is SPECIFICALLY that it is not part of the "app store".
I got a warning earlier today about new firmware being installed for KEK CA and for a minute I thought I had been haxxored.
>>109056688Nobody ever said the AUR was not risky.In fact most distro's will pop up explicit warning when you try to enable it.
>>109056704Yes, but don't act like archfags aren't going around saying it's the best thing in the world and every Linux user should use it.
>>109056732>KEK CAlel
>>109048234I am a long long arch boomer user,whenever I need something from AUR I always git glone it manually, check the PKGBUILD file to see what the fuck is going on.And of course I don't have any of the affected packages, I have like 4 aur things.It sucks being a tech illiterate normie I guess
>>109056747They're saying they have the most software available thanks to the AUR, and archfags have always been retarded. But I've never seen them claim that AUR is part of the arch repos, or that AUR packages are nice and safe. Generally they see it as a last resort option and always blame AUR first when anything goes wrong (e.g. instability or otherwise).
>>109048234>"silent">multiple active threads about it So are you willfully ignorant or just retarded?
>>109048291I have said this for years but no one listened
i think i'm going to move to debiancustomizing maintaining arch when i break something is fungetting hacked by malicious actors isn't
>>109052314kek this, upstream openssh (sane distros) was not affected by it. it's why the openbsd guys hate when people randomly patch their shit.
>>109056854Exactly.And you have to compare it to the alternatives which typically involves downloading code from either github or some random website and compiling it manually, and doing so again and again every month or however often you update your system.Unless you use some other unofficial repository which comes with the same risk as the AUR.
>>109048234>AUR got compromisedIt didn't. Arguably it's worse than that. This whole shitshow was always possible by design. Letting literally anyone register an account and adopt orphaned packages and assuming they were acting in good faith was a ticking time bomb, a relic from a different, better era.
>>109057034Yes, but I my point is that I've never seen archfags say otherwise, ever. That is, it's no worse than doing manual installs like you describe, but no better either.
>>109057121>assuming they were acting in good faith was a ticking time bomb, a relic from a different, better era.didn't know it was that retardedalways assumed you would still have to go to some neckbeard irc channel and ask a janny to hand you over the ownership of a package in a private-torrent-tracker-like invite interview minor humiliation ritual
>>109048234AUR is not Linux
>>109048234we found out AUR got compromised way sooner than microsoft would ever let us know things got compromised.
>>109056688>Literally nobody ever said that running an exe was not risky. It's the opposite, and everybody knew that, and everybody said you had to exercise common sense.Then why is it being used at such a massive scale to distribute software to this day? It’s the same situation as the AUR. You cannot just tell people to be careful and call that a layer of security.And yes there are multiple layers and eyes on any package that eventually makes it into my distro’s stable repo before I can download it so I do actually trust my gay little app store over random websites or things like the AUR.
>>109048234Real /g/entoomen use Qubes OS, deploying /g/entoo into different TemplateVMs with different world files and /etc/portage/ subtrees. Only niggers use fat fuck fArch.
>>109056771I didn't know what it was and could just make out the words "unknown application", "firmware", "install" (or "update"?) and "KEK CA" before the message disappeared.
>>109052972>>109048964>>109048339>>109048389iToddlers and Winjeets on the march ITT.You can't beat the combined security and turn-key nature of Qubes OS, and it filters the worst elements in the community: gaymer-crack addicts.
>>109056199On Linux you (ideally) depend on 1 source to be safe and uncompromised, the distro package repository. On Windows you depend on every apps own auto-updater on being secure. And their websites when you first downloaded the program. On Windows you have overwhelmingly more attack vectors for supply chain attacks, and that's exactly what we've seen in practice.It barely even makes the news when Windows software gets autoupdate supplychain'd or website compromised with malicious builds. Tho particularly bad cases, like LITERALLY EVERY SINGLE WINDOWS MACHINE with Notepad++ being backdoored by the chinese, does make the news.
every system is exposed to supply chain attacks.From github to repository channels.Is your duty to audit the source code you are consuming.
>>109048329>>109050881I'd just like to interject for a moment. What you're refering to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called Linux, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called Linux distributions are really distributions of GNU/Linux!
>>109057830The viruses run on the kernel.
>>109058166pee is stored in the balls
>>109058299also true
>>109057454>Then why is it being used at such a massive scalebecause it's the best solution for getting software you want directly from its developers without much fuss on either the dev's or the user's end.
>>109057454>And yes there are multiple layers and eyes on any package that eventually makes it into my distro’s stable repo>eventuallythere's your problem. the app stores are a primary reason why linux is limited to mostly shitty underdeveloped software that's not intended for human use because proliferation, changes and user feedback are so sluggish.
windows won
>>109048234lucky for me i only bother to yay -Syyu once every 6 months
What's an aur?t. debian user
>>109058785Downloading software from random people on the internet, but with a Linux package management skin.
>>109048234with linux, when a backdoor is detected, everyone knows about it via independent code checking and eventually patched by the community. linux does not have a single developer: stuff slips in when some random dependency gets compromised, but it's never the fault of linux or its distributors.when windows gets backdoored, it's because the company that made the operating system hates you and sucks NSA cock, and you'll never know about it unless there's a whistleblower in the company because they're closed source. oh, and said whistleblower will no doubt be feeling suicidal in the next few weeks or so.you are only posting this because you want us to think that linux is inherently less secure. you are probably a microsoft or government agent, perhaps both.
>>109048234you're supposed to use selinux saaaaaaar
>>109048234The silence is deafening huh
>>109057577irrelevant unless you're running libreboot at least, canoeboot preferably
>>109059035the difference is that it's impossible for Windows to ever be secure because proprietary code simply cannot be auditedaudit, by definition, is a test to check for backdoors and bugs that is available to any interested partiesIf you can't read the audit then by definition it isn't actually an audit, it's a third-party review.that's the crux of the issue, and the EU governments are starting to figure it out
>>109059139i can't even tell if proprietary OS makers like microsoft or google are any more organized than a hundred different linux mirrors.it used to be that the main advantage of a proprietary operating system was that it was developed and maintained by a single organization with the money to keep everything running smooth: no dependency BS or driver faggotry.now it feels like no one is "in charge" of microsoft, and that their entire codebase is just 20 years of hotpatches for the same operating system accumulated across versions. if you look under the hood, you can find windows XP interfaces on windows 11, particularly if you go into powershell or whatever winaero does.now they're using AI to code and there's a serious risk that the next update can brick your computer just as bad as fucking around linux will. proprietary software has lost the reliability that made it tolerable.
>>109048234the AUR are user-submitted packages, this is like saying you installed freerobux on windows and got a virus.
>>109048234all OS es are compromised OP. Depends on the user base. Before Linux was more or less avoided because the userbase contained mostly engineers and IT people. Nowadays, as more normies pour in, these incidents will increase. At this point, either go BSD (security by obscurity) or Mac (security by unaffordability).
>>109058450just like the aur
>>109057577The gay community?
>>109060019the way mac pushes its proprietary cloud service shit hard makes me think it's not really ideal for anyone suitably paranoid
>>109048234>Silent>Loads of threads about itOne of these things is not like the other. If you use AUR you get what you deserve anyway. I have zero packages from AUR across 13 total systems running some flavor of Arch because I'm not retarded. I do what I've always done on every distribution; if it's not in the official repositories from the actual package manager (aka stuff actively maintained by the developers with signed packages) then I go to the project page for the software that isn't in the official repos where I'm able to audit the code myself and check it for anything malicious before building and installing it myself. If you absolutely, positively, MUST use AUR (not that I can think of a single scenario where this would be the case) then read the goddamn PKGBUILD and see what it's doing. If it does anything other than install dependencies via pacman then automate the build process from the official project page, then don't fucking install it, you tardball.gzip
>>109059120>just run Qubes on 15 year old underpowered hardware goyWay to hamstring the experience.
>>109056977I moved off of arch based distros after the xz utils scare. I know it couldn't activate its payload on arch specifically but the packages still made it onto the systems and thats too close a call for me to use bleeding edge anymore. Been using devuan for 2 years now.
Who the fuck mains Arch? You'd be better off main'ing Gentoo, unironically, because at least then you can set limits on what you emerge and better isolate the system codebase. Arch is for fucking around, trying things out, and constantly re-installing. It's the Linux of Linux. Debian-stable or literally any BSD should be your main.
>>109048234I saw this exact same image used to advocate Arch over point release distros, serves them right.
>>109062225>BSDcuck license>Debian stableUse case for old software?Hate Red Hat as much as you want but Fedora is objectively the best and most secure distro for anything, and shit like this is exactly why.
>>109057454>You cannot just tell people to be careful and call that a layer of securityWell it seems like you can. I downloaded plenty of .exe installers in my time, even pirated ones. Then I installed shit from all kinds of sources, AUR and even curl|bash. Never got malware. The secret is use your brain and don't be a retard. If anything I worry a little about supply chain attacks reaching official repos, like xz, because I actually trust those and the damage would be beyond extensive.
>>109063144>Use case for old software?Literally everything.
>>109063144FEDora is literally unusable. KDE *krashes* all the time. FEDora *krashes* even when KDE doesn't, to put some krash in your krash.
>>109063250>using kde over guhnome
>>109063250i've been using Fedora KDE for my old toaster and no crashes, the fuck are you guys doing it o cause this much troubles?
>>109064309>FEDora>no crashesConfirmed paid shill lmao
>read posts about this elsewhere>yes sirs arch badsome shill farm is definitely working full time
>>109063144i'm poor, but isn't fedora pay to use?
