Inlay

Profile

The Magic Blade of Asterisk Order, ready to heed your orders! (🗡️✨) | Spellcaster VTuber and Programmer My mama: https://bsky.app/profile/yushaainari.bsky.social YouTube: https://www.youtube.com/@MorganVonAsteria Blog: https://firmamentum.nekoweb.org/

Morgan von Asteria | Magic Blade VTuber

About 400+ packages in the Arch User Repository were compromised with malware. This thread is a wake up call NOT to fully trust community-submitted packages /or/ the blanket statement that Linux is 'more secure'. A big enough platform will entice bad actors. lists.archlinux.org/archives/lis...

So, once again, I say this: please be careful with AUR. Vet and verify. Just because you run Linux does not mean you're magically immune to malware, because all it takes is one little carelessness like that for your system to be vulnerable.

Essentially, we're seeing this new wave escaping the usual grep/regex detection by /slightly/ obfuscating the command used to fetch the infostealer package. It's not a complex method of obfuscation -- you can even decipher it by looking at it -- but it does place an obstacle when regex is used.

There are weird UI that look charming, but are an UX nightmare -- think terrible keyboard navigation, bad navigation flow, and menus that only make sense once you've downed a couple shots of Chartreuse. These I don't like, because I firmly believe in an accessible computing for everyone.

And then there are corporate, sterile UI that can't let designers express or impart any sort of artistic detail. These I also don't like, because I also believe that computing is as much form as it is function. I /loved/ Aqua used in OSX, because it had tiny details never visible in modern UI.

One of the aches that people always bring up regarding Linux is the community. And that's fair, Linux communities are always a toss-up: you either meet people that'll deliberately troubleshoot with/for you, or people that'd dismiss your struggles with "well, don't use Linux like WinDOOZE."