You must log in or # to comment.
Yeah I’m pretty glad that I’ve been behind in upgrading my aur packages recently.
It was certainly a weekend.
… so ufw?
Never use things like yay, just read the PKGBUILD and run makepkg. AUR wasn’t meant to be automated. But it’s better to use Flatpak, because it provides sandboxing (not for every app, but it can be reviewed before installation).
Using aur helpers is fine if they make it easy to read the pkgbuild, which paru does. It’s too annoying to check for PKGBUILD and upstream/vcs updates for each package individually.
Ideally the aur helper would point out when 1) a package changed maintainers since your last install, 2) a package’s PKGBUILD itself changed (not just the upstream/vcs source), 3) the PKGBUILD is less than 24h old or so. And for #2, it should also show you the changes similar to what you see on the AUR site’s “view changes” page. I’m not aware of any aur helper that does these things, but hopefully recent events prompt a change.
I never had any issues on TempleOS.
Same on Secureblue.
My OS is a temple. 🧘
Zero remote exploits since it was released. That’s what divinely-inspired coding looks like, everyone.
Out of curiosity, is that actually true? Surely our lord and saviour must have made a tiny slip-up
Edit: Apparently TempleOS doesn’t have networking
It is networked >!to God!<
I learnt a lesson yeah. It looks like I got away, there’s no rootkit, I found nothing weird running, I don’t have npm Installed, and up until now it doesn’t seem like the packages I had installed were compromised. But I had way more AUR packages installed than I was aware of. And I was just updating them without really caring about the pkgbuild, I have better things to do. Multiple packages were outdated crap that shouldn’t have been there anymore.
I was careless and took too much risk. I reduced the Installed AUR packages to a minimum, and from now on I will verify the PKGBUILDs on every update. Maybe Arch isn’t really what I need. I’m on the LTS kernel and I no longer really use the AUR. But switching will be a huge hassle and this setup will work well from here on out, so I’ll stick to it for now
I’ve been using Bazzite for a couple of years now and it’s great. Almost boring how stable it is.
And I access the AUR with an Arch distrobox if I need to
ClamAV users, how’s it going?
Did clamav work with AUR affected packages? Sorry if the question is idiotic, cause im ignorant when it comes to security
So what are good antivirus options for Linux? is it still pretty much just ClamAV?
Our company uses eset https://www.eset.com/us/home/antivirus/
But afaik it costs money to really work.
But your brain should be the best antivirus you have.
But your brain should be the best antivirus you have.
True of virtually every OS.
But “only stupid people get viruses” is exactly the kind of trap that catches folks.
I have eset home but now I’ve gone completely linux, and they don’t do it for home - only business
Which sucks, as I have a year left on my subscription I can no longer use :/
But your brain should be the best antivirus you have.
It’s useful to use brain, but any security layer has holes which is why it’s good to have several layers. Some attacks might be way beyond user’s understanding or come from trusted sources.
But your brain should be the best antivirus you have.
Is there an AUR package for it? seems not in the official repo
one thread I found from 2 years ago where someone asked for the same thing, a lot of the replies are just “you don’t need antivirus on Linux” lmao
There is no malware on Linux and there is no war in Ba Sing Se
I am at “no fucking yays and the bunch, check the package create/update dates, read PKGBUILD, only update when necessary”. Has served me well so far
Arch users just randomly dropping “I use Arch btw” everywhere, it was only a matter of time.
I use Arch btw
Use the AUR, have an antivirus, no infected packages. However I was thinking of switching to https://chimera-linux.org/ before the infected packages went out.
Custom OS that no one else has access to. It might be full of exploits and bugs, but only you would know that. 😉
I was on arch as a vestige from my school days, having never quite found the time to switch to something more stable. When I saw the news over the weekend, I checked and found 1 would-be-infected package on my machine that was thankfully months out of date. I’m well past the point of wanting to examine PKGBUILDs every time (hence the out of date package). But, instead of just removing AUR packages and sticking to arch repos, I decided to sweep up the technical debt by wiping and installing Fedora. I’m liking it so far, minus the absolute pain in the ass that is Nvidia on Linux. Fuck academics and their insistence on writing everything targeting CUDA; otherwise, I’d have saved a good bit of money a few years ago with a much more compatible AMD card.
Have you looked into drop-in (ZLUDA) or recompile (SCALE, chipStar) things? Though they may not have been helpful with the years gone by (and may each have their own pros/cons).
I’m still using a 1050Ti (and legacy driver shifting to AUR did block me from updating), value doesn’t seem great and not going to buy something used from eBay. So that still complicates things for me.
Distro-wise I probably want something slower than Arch but not sure about point releases. And I am hoping for something that does updates in a way more friendly to slower internet (giving less update friction), but I suspect it doesn’t exist. Some things (OpenSUSE, NixOS) seem like they might be closer to I want but I have hangups about them (Patterns on SUSE and lack of videos for Slowroll, NixOS having multiple solutions for dynamically linked executables especially if I decide to stop using Steam directly).
Isnt it just a single line command to get nvidia working?
You add the rpmfusion repo and install a few nvidia packages from there. Kernel modules are then built for the driver. If secure boot is used, they need to be signed too. Sometimes the grub entry isnt updated and doesnt load nvidia drivers. Sometimes you boot into a black screen, sometimes Wayland throws a hissy fit. Hardware accelerated video decoding needs more packages, in browsers it may need extra configuration…
The components are all there and they work, but sometimes the stars don’t align and you just curse a little and wonder why you didn’t just buy AMD because that, just works.
And you believe that makes you safe?
Shit like this is a blemish on the Linux community.
Thatsthejoke.jpg
My eyes, I look at AUR packages before building them, as any real arch user does. AFAIK, antivirus programs would do the same to compiled binaries, looking for suspicious things and blocking if it finds something.
