Latest 30 Comments

Quoting: ROllerozxa

Quoting: mattaraxiaIt seems the issue isn't that npm based packages got compromised, but rather npm was added to packages that don't generally need it. They are using npm *IN THE BUILD STEP* not adding it to your system.

For the malicious packages I saw, the "npm install" was put into a .install file that bundles a hook in the package that gets run after installing a package. So just by looking at the PKGBUILD itself, it's completely fine apart from that addition (and there are packages that do need legit post-install hooks!), and nothing malicious happens when you build the package with makepkg, typically not as root.

It's only when you try to install the package with pacman that it runs the post-install hook... Which happens to run as root! Quite insidious, and I would say this is really clever from the attacker, but in reality it was probably devised by some AI agent with access to the Arch Wiki's packaging documentation...

Quoting: LoudTechie

Quoting: Pyrate

Quoting: LoudTechie

Quoting: Pyrate

Quoting: LoudTechie

Quoting: Pyrate

Quoting: tuubiI view people who get very passionate about crypto the same way I view enthusiastic small-time stock traders. They keep talking my ear off about how they make (or save) money with it and everyone should do it, and I indulge them to a point because I'm nice and patient like that (in real life more than online), but I just don't find any of it interesting. Money is a necessity and I've never been wealthy enough to ignore it. It's just not something I could ever get passionate about.

Im sorry, but point to me where I did this here, where did I talk about making or saving money, market price, hype and all that wall street crap ?

Monero would protect my financial activity from heavily regulated banks and my government, which I'm a lot less concerned about. Some communities have excellent reasons to hide this activity, but most of us do not.

Only if you choose to. You can disclose your transactions for taxes or any other reason. I could explain how it works but I'm getting fed up with still being talked to like a crypto bro, I'll just share that optional transparency is a built-in function into a Monero wallet for auditing and taxes etc.

I'm not paranoid and this isn't about paranoia. Speaking for myself for example, I recognise what is a real and what is a more theoretical danger when I'm constructing my threat model, but most of the time, I use privacy tools out of principle more than out of immediate need. This is something I feel is lost for many people recently, at least that's what I'm getting online. Recently I keep recalling that one Luke Smith youtube video about in projects like Linux, how users are slowly abandoning the freedom hard lines started with Free Software and GNU etc. I think we need more hardasses, the Stallman type, so we don't drift away in convenience and complacency.

On the hyped up cryptobro part.
You're not being treated like a cryptobro. You're experiencing something even more frustrating:
"I've nothing to hide."
A cryptobro would get fundamental disbelief in the promises they make, not in their value.
"crypto is decentralized": except for all the exit scams.
"crypto is the future": except for all the exit scams.
"crypto can do anything": you don't know what you're talking about.
"crypto ...": I'm done hearing about these scams.

As to why this is frustrating,
a. because it devalues other people's needs.
b. because it undercounts one's reliance on fundamental rights.
To say it with a quote I got from schneiers website, but attributed to someone else.
Saying you don't need privacy, because you've nothing to hide is like saying you don't need free speech, because you have nothing to say.

About the complacency part.
I disagree kinda.
Users are going to the centralized semi-free options, because they come from fully proprietary systems and are used to thinking that way and have become to love the strengths of the existing systems.
In general it's going in the right direction.
Just not in the jumps hardliners and early adopters believe in.

Also even a little extra freedom helps a lot.
If Redhat sufficiently fucks up systemD we can fork it with a patch. Would this be a lot of work, yes. Would this be less work than the entire Wine project(which tackles the Windows equivalent) easily, because we have the source code.
Do proprietary kernel modules render your system less free and give root to dangerous parties, absolutely. Still I can patch the interface to limit their power and repair their mistakes For Windows and Mac that requires a jailbreak.
Do locked bootloaders illegally, but unrepentant limit consumer choice. Undeniably, but they still can't sue you under the DMCA for a jailbreak.
Or an example from this forum. If our proprietary electron program botches their testing we can still patch electron without any license problems.

Hardasses are important they remind us how we can improve the world, but they're too blinded by their rage to see the the individual value of the incremental improvements.

I think it's an issue of balance. Taking the SystemD example, when is it that the community draws the line ? Personally, the comically-fast and instant compliance with age verification fiasco a month or two ago was it for ne. I'm sort of coerced to continue to use SystemD currently, even though that was the final straw for me and I'd rather use something else now.

So it's like a continuous battle to balance out the hardass-ness with the complacency. I tend to lean more on the former (even though I don't at all feel like I'm doing a lot of work in doing so, it just seems to me everyone else is so lazy and quick to sideline what they claim to believe in). But as long as the right people don't go all the way and they don't lose the plot, you're right in that fighting back is possible.

Also, about regulations being a necessity etc etc, I get it. But I really won't play along if any countermeasure gets implemented ends up chipping away at one of the rights that were once given, that's in brief my angle on all that 'the system is important, actually'.

The community doesn't draw lines or circles.
Everybody makes their own choices, which is why we need these hardasses and early adopters. We need these people to test the waters and show how the world could look like.
Other less hardass people use that information to judge their own stance.

On the "it costs me little effort" thing. As a technical person you're probably familiar with the phrase, "but it works on my system". With the retard: "we're not shipping your system".
Remember that people are different in many ways. Things that are easy for you can be hard for others.
A good sobering measure could be measuring how often you either open the terminal or are configuring a translation layer.

On the rights thing.
What are those rights according to you?
Anonymity, clear.
Decentralization, clear.
The ability to easily spend and hold large amount of assets? Unclear.
Speedy transactions. Unclear.
etc.

One big thing I personally have an issue with is being able to spend X amount of money however I like. Sometimes sending funds to a family member or even my own self through another bank account in my name and the transaction gets picked up by the bank's shitty and probably AI based AML system and now my funds, depending on the bank, could be frozen for up to 24 hours. So the freedom to transact however the hell I want and to whomever I want (without Visa dictating if they're cool or not with the product you're buying). The banking system in this regard is atrocious. So that's in UK banks. Locally, I also have an issue with banks being unreliable in general in online shopping (would rather not share which country) but recently the Central Bank itself got hacked and terabytes worth of database were put up for sale, so I guess that's another thing to add.

What about speedy transactions.
X=X^2+C spending, where X is the amount of money spend in the current Y blocks and C is a constant.

Edit:
On the hackability of confidential info.
You're going to be so dissapointed if you follow my scumbag links.
Someone found a way to publicly trace individual transactions, while they're still in an incomplete block.
Building a non-hackable system is a great ambition and cryptography is the strongest tool we possess for that, but I think you're putting a little too much faith in it.

Someone found a way to publicly trace individual transactions, while they're still in an incomplete block.

Quoting: ROllerozxa

Quoting: mattaraxiaSo it *does* run on the system as a hook, not in the build step?

Does it add npm as a dependency to the package then?

Yeah the ones I saw also added npm as a dependency to the package, which can be a red flag depending on what the package is about. If one is just using an AUR helper or does `makepkg -si` the difference isn't really whether it happens during build time or install time as the two happen at the same time, but there's a big difference in the privileges that the two run at.

Then I also heard that the payload in the npm package itself apparently installs an eBPF kernel module if it is running as root to disguise itself ([link to analysis someone has made of the malware](https://ioctl.fail/preliminary-analysis-of-aur-malware/)), so it does not seem to be a coincidence they did it like that.

Quoting: Cley_FayeFor added fun, I had the game installed. So it is still installed, but can't be uninstalled, and can't be played. I just have a greyed out "install" button.

Nooooot great.

Quoting: Pyrate

Quoting: LoudTechie

Quoting: Pyrate

Quoting: LoudTechie

Quoting: Pyrate

Quoting: tuubiI view people who get very passionate about crypto the same way I view enthusiastic small-time stock traders. They keep talking my ear off about how they make (or save) money with it and everyone should do it, and I indulge them to a point because I'm nice and patient like that (in real life more than online), but I just don't find any of it interesting. Money is a necessity and I've never been wealthy enough to ignore it. It's just not something I could ever get passionate about.

Im sorry, but point to me where I did this here, where did I talk about making or saving money, market price, hype and all that wall street crap ?

Monero would protect my financial activity from heavily regulated banks and my government, which I'm a lot less concerned about. Some communities have excellent reasons to hide this activity, but most of us do not.

Only if you choose to. You can disclose your transactions for taxes or any other reason. I could explain how it works but I'm getting fed up with still being talked to like a crypto bro, I'll just share that optional transparency is a built-in function into a Monero wallet for auditing and taxes etc.

I'm not paranoid and this isn't about paranoia. Speaking for myself for example, I recognise what is a real and what is a more theoretical danger when I'm constructing my threat model, but most of the time, I use privacy tools out of principle more than out of immediate need. This is something I feel is lost for many people recently, at least that's what I'm getting online. Recently I keep recalling that one Luke Smith youtube video about in projects like Linux, how users are slowly abandoning the freedom hard lines started with Free Software and GNU etc. I think we need more hardasses, the Stallman type, so we don't drift away in convenience and complacency.

On the hyped up cryptobro part.
You're not being treated like a cryptobro. You're experiencing something even more frustrating:
"I've nothing to hide."
A cryptobro would get fundamental disbelief in the promises they make, not in their value.
"crypto is decentralized": except for all the exit scams.
"crypto is the future": except for all the exit scams.
"crypto can do anything": you don't know what you're talking about.
"crypto ...": I'm done hearing about these scams.

As to why this is frustrating,
a. because it devalues other people's needs.
b. because it undercounts one's reliance on fundamental rights.
To say it with a quote I got from schneiers website, but attributed to someone else.
Saying you don't need privacy, because you've nothing to hide is like saying you don't need free speech, because you have nothing to say.

About the complacency part.
I disagree kinda.
Users are going to the centralized semi-free options, because they come from fully proprietary systems and are used to thinking that way and have become to love the strengths of the existing systems.
In general it's going in the right direction.
Just not in the jumps hardliners and early adopters believe in.

Also even a little extra freedom helps a lot.
If Redhat sufficiently fucks up systemD we can fork it with a patch. Would this be a lot of work, yes. Would this be less work than the entire Wine project(which tackles the Windows equivalent) easily, because we have the source code.
Do proprietary kernel modules render your system less free and give root to dangerous parties, absolutely. Still I can patch the interface to limit their power and repair their mistakes For Windows and Mac that requires a jailbreak.
Do locked bootloaders illegally, but unrepentant limit consumer choice. Undeniably, but they still can't sue you under the DMCA for a jailbreak.
Or an example from this forum. If our proprietary electron program botches their testing we can still patch electron without any license problems.

Hardasses are important they remind us how we can improve the world, but they're too blinded by their rage to see the the individual value of the incremental improvements.

I think it's an issue of balance. Taking the SystemD example, when is it that the community draws the line ? Personally, the comically-fast and instant compliance with age verification fiasco a month or two ago was it for ne. I'm sort of coerced to continue to use SystemD currently, even though that was the final straw for me and I'd rather use something else now.

So it's like a continuous battle to balance out the hardass-ness with the complacency. I tend to lean more on the former (even though I don't at all feel like I'm doing a lot of work in doing so, it just seems to me everyone else is so lazy and quick to sideline what they claim to believe in). But as long as the right people don't go all the way and they don't lose the plot, you're right in that fighting back is possible.

Also, about regulations being a necessity etc etc, I get it. But I really won't play along if any countermeasure gets implemented ends up chipping away at one of the rights that were once given, that's in brief my angle on all that 'the system is important, actually'.

The community doesn't draw lines or circles.
Everybody makes their own choices, which is why we need these hardasses and early adopters. We need these people to test the waters and show how the world could look like.
Other less hardass people use that information to judge their own stance.

On the "it costs me little effort" thing. As a technical person you're probably familiar with the phrase, "but it works on my system". With the retard: "we're not shipping your system".
Remember that people are different in many ways. Things that are easy for you can be hard for others.
A good sobering measure could be measuring how often you either open the terminal or are configuring a translation layer.

On the rights thing.
What are those rights according to you?
Anonymity, clear.
Decentralization, clear.
The ability to easily spend and hold large amount of assets? Unclear.
Speedy transactions. Unclear.
etc.

One big thing I personally have an issue with is being able to spend X amount of money however I like. Sometimes sending funds to a family member or even my own self through another bank account in my name and the transaction gets picked up by the bank's shitty and probably AI based AML system and now my funds, depending on the bank, could be frozen for up to 24 hours. So the freedom to transact however the hell I want and to whomever I want (without Visa dictating if they're cool or not with the product you're buying). The banking system in this regard is atrocious. So that's in UK banks. Locally, I also have an issue with banks being unreliable in general in online shopping (would rather not share which country) but recently the Central Bank itself got hacked and terabytes worth of database were put up for sale, so I guess that's another thing to add.

the Arch Linux AUR (Arch User Repository) needs some better security and package checks […] for some improvements to the packaging processes to prevent this from happening in future.

Quoting: LoudTechie

Quoting: Pyrate

Quoting: LoudTechie

Quoting: Pyrate

Quoting: tuubiI view people who get very passionate about crypto the same way I view enthusiastic small-time stock traders. They keep talking my ear off about how they make (or save) money with it and everyone should do it, and I indulge them to a point because I'm nice and patient like that (in real life more than online), but I just don't find any of it interesting. Money is a necessity and I've never been wealthy enough to ignore it. It's just not something I could ever get passionate about.

Im sorry, but point to me where I did this here, where did I talk about making or saving money, market price, hype and all that wall street crap ?

Monero would protect my financial activity from heavily regulated banks and my government, which I'm a lot less concerned about. Some communities have excellent reasons to hide this activity, but most of us do not.

Only if you choose to. You can disclose your transactions for taxes or any other reason. I could explain how it works but I'm getting fed up with still being talked to like a crypto bro, I'll just share that optional transparency is a built-in function into a Monero wallet for auditing and taxes etc.

I'm not paranoid and this isn't about paranoia. Speaking for myself for example, I recognise what is a real and what is a more theoretical danger when I'm constructing my threat model, but most of the time, I use privacy tools out of principle more than out of immediate need. This is something I feel is lost for many people recently, at least that's what I'm getting online. Recently I keep recalling that one Luke Smith youtube video about in projects like Linux, how users are slowly abandoning the freedom hard lines started with Free Software and GNU etc. I think we need more hardasses, the Stallman type, so we don't drift away in convenience and complacency.

On the hyped up cryptobro part.
You're not being treated like a cryptobro. You're experiencing something even more frustrating:
"I've nothing to hide."
A cryptobro would get fundamental disbelief in the promises they make, not in their value.
"crypto is decentralized": except for all the exit scams.
"crypto is the future": except for all the exit scams.
"crypto can do anything": you don't know what you're talking about.
"crypto ...": I'm done hearing about these scams.

As to why this is frustrating,
a. because it devalues other people's needs.
b. because it undercounts one's reliance on fundamental rights.
To say it with a quote I got from schneiers website, but attributed to someone else.
Saying you don't need privacy, because you've nothing to hide is like saying you don't need free speech, because you have nothing to say.

About the complacency part.
I disagree kinda.
Users are going to the centralized semi-free options, because they come from fully proprietary systems and are used to thinking that way and have become to love the strengths of the existing systems.
In general it's going in the right direction.
Just not in the jumps hardliners and early adopters believe in.

Also even a little extra freedom helps a lot.
If Redhat sufficiently fucks up systemD we can fork it with a patch. Would this be a lot of work, yes. Would this be less work than the entire Wine project(which tackles the Windows equivalent) easily, because we have the source code.
Do proprietary kernel modules render your system less free and give root to dangerous parties, absolutely. Still I can patch the interface to limit their power and repair their mistakes For Windows and Mac that requires a jailbreak.
Do locked bootloaders illegally, but unrepentant limit consumer choice. Undeniably, but they still can't sue you under the DMCA for a jailbreak.
Or an example from this forum. If our proprietary electron program botches their testing we can still patch electron without any license problems.

Hardasses are important they remind us how we can improve the world, but they're too blinded by their rage to see the the individual value of the incremental improvements.

I think it's an issue of balance. Taking the SystemD example, when is it that the community draws the line ? Personally, the comically-fast and instant compliance with age verification fiasco a month or two ago was it for ne. I'm sort of coerced to continue to use SystemD currently, even though that was the final straw for me and I'd rather use something else now.

So it's like a continuous battle to balance out the hardass-ness with the complacency. I tend to lean more on the former (even though I don't at all feel like I'm doing a lot of work in doing so, it just seems to me everyone else is so lazy and quick to sideline what they claim to believe in). But as long as the right people don't go all the way and they don't lose the plot, you're right in that fighting back is possible.

Also, about regulations being a necessity etc etc, I get it. But I really won't play along if any countermeasure gets implemented ends up chipping away at one of the rights that were once given, that's in brief my angle on all that 'the system is important, actually'.

The community doesn't draw lines or circles.
Everybody makes their own choices, which is why we need these hardasses and early adopters. We need these people to test the waters and show how the world could look like.
Other less hardass people use that information to judge their own stance.

On the "it costs me little effort" thing. As a technical person you're probably familiar with the phrase, "but it works on my system". With the retard: "we're not shipping your system".
Remember that people are different in many ways. Things that are easy for you can be hard for others.
A good sobering measure could be measuring how often you either open the terminal or are configuring a translation layer.

On the rights thing.
What are those rights according to you?
Anonymity, clear.
Decentralization, clear.
The ability to easily spend and hold large amount of assets? Unclear.
Speedy transactions. Unclear.
etc.

Quoting: Pyrate

Quoting: LoudTechie

Quoting: tuubi

Quoting: Pyrate

Quoting: tuubiI view people who get very passionate about crypto the same way I view enthusiastic small-time stock traders. They keep talking my ear off about how they make (or save) money with it and everyone should do it, and I indulge them to a point because I'm nice and patient like that (in real life more than online), but I just don't find any of it interesting. Money is a necessity and I've never been wealthy enough to ignore it. It's just not something I could ever get passionate about.

Im sorry, but point to me where I did this here, where did I talk about making or saving money, market price, hype and all that wall street crap ?

I know, you come from a different angle. My example was mostly about the traders. But both groups (and I'm not talking about you, specifically) want to talk to me about money/currency, or how I'm using it wrong, or maybe how I should use this or that tech to get around the system.

Sorry that I kinda grouped you in with the cryptobros. In my defence, you compared me to Windows and WhatsApp users, which is way worse in my opinion. 😁

Quoting: Pyrate

Monero would protect my financial activity from heavily regulated banks and my government, which I'm a lot less concerned about. Some communities have excellent reasons to hide this activity, but most of us do not.

Only if you choose to. You can disclose your transactions for taxes or any other reason. I could explain how it works but I'm getting fed up with still being talked to like a crypto bro, I'll just share that optional transparency is a built-in function into a Monero wallet for auditing and taxes etc.

Yes, but this is a solution looking for a problem, or rather a solution to someone else's problem, as far as I can tell. And this isn't a disagreement you can fix by explaining. It's not intellectual laziness or lack of understanding on my part, and even less about giving up privacy for convenience. I wouldn't have been using Linux for ~25 years if that was the case, and I'd probably have owned an Android or Apple mobile device at some point. Or caved in and got on WhatsApp or LinkedIn or whatever social media I've been cajoled to join over the years. As I said, I like my privacy, but not everything privacy-related is equal in importance.

I don't mind that Monero exists, but if it's ever accepted as a mainstream currency, its use needs to be regulated and monitored, losing many of its apparent benefits.

Quoting: Pyrate

Quoting: LoudTechiealso relevant to this discussion.
Valve will never accept monero, because it's anonymous and decentralized.
The scammers for which they sacrificed their own gift cards would exploit exactly this decentralization and anonymity to hide their activity.

Even though I can't imagine how that could happen, (just like how I cant believe peoole sfill fall for gift card scams), you're probably right. I wonder when this stops being about a problem with gift cards and currencies, and more about people not thinking clearly when falling for these scams.

People will always fall for scams. That's not a problem that'll ever go away. Which is why we need governments, laws and regulations to protect the vulnerable. Of course governments do that with varying success and enthusiasm, but that's a political and social problem that doesn't have a technical solution.

On the anonymity thing
Anonymity from the bank is still achieved.
Only the regulator gets access to this information this way.

Also anonymity is valuable for everybody, because its a big part of our shield against oppression. In transactions and in communications. It's all the same.
Nothing to hide is a myth(kinda).
In this case for example you wouldn't be comfortable sharing your transaction details with me(don't do it please) proving there's at one person you want to hide this data from.
You don't know [who ](https://unbanx.substack.com/p/banks-are-selling-your-data-heres)your bank is sharing it with(maybe I'm it) or [what](https://artoftruth.org/data-broker-stalking-spokeo-harassment/) they're using it for.
Also anonymity is a herd immunity thing. Only when we're anonymous together are we truly anonymous(simplest case, when I know Monero has only one payer and one payed all transactions can easily be traced).

On the regulation thing.
I disagree that finance needs to be regulated on the current level.
It needs to be limited on the current level.
If crypto wants to succeed it must find a way to implement the currently centralized controls in a decentralized manner.
So not by sacrificing transaction anonymity, so the centralized police and banks can take care of it.
No by, building those controls in the system itself.
First start by copying the features of a good banking app.
MFA, double naming, transaction tagging, daily limits, blacklists, geoblocking, etc.
From that moment it can at least call itself a real decentralized alternative to banks.
If it wants to become an alternative to financial regulators.
It needs to obtain dedicated Big Fish controls, trusted judgement, sanctions, white listing, public minting, etc.

So contrary to you I believe Monero like crypto has great potential. Contrary to Pyrate I think it's not there yet.

I simply no longer take "I have nothing to hide" people seriously. Maybe in time they'll realise how naive a statement that is.

Quoting: mattaraxiaSo it *does* run on the system as a hook, not in the build step?

Does it add npm as a dependency to the package then?

Quoting: ROllerozxa

Quoting: mattaraxiaIt seems the issue isn't that npm based packages got compromised, but rather npm was added to packages that don't generally need it. They are using npm *IN THE BUILD STEP* not adding it to your system.

For the malicious packages I saw, the "npm install" was put into a .install file that bundles a hook in the package that gets run after installing a package. So just by looking at the PKGBUILD itself, it's completely fine apart from that addition (and there are packages that do need legit post-install hooks!), and nothing malicious happens when you build the package with makepkg, typically not as root.

It's only when you try to install the package with pacman that it runs the post-install hook... Which happens to run as root! Quite insidious, and I would say this is really clever from the attacker, but in reality it was probably devised by some AI agent with access to the Arch Wiki's packaging documentation...

Quoting: Pyrate

Quoting: LoudTechie

Quoting: Pyrate

Quoting: tuubiI view people who get very passionate about crypto the same way I view enthusiastic small-time stock traders. They keep talking my ear off about how they make (or save) money with it and everyone should do it, and I indulge them to a point because I'm nice and patient like that (in real life more than online), but I just don't find any of it interesting. Money is a necessity and I've never been wealthy enough to ignore it. It's just not something I could ever get passionate about.

Im sorry, but point to me where I did this here, where did I talk about making or saving money, market price, hype and all that wall street crap ?

Monero would protect my financial activity from heavily regulated banks and my government, which I'm a lot less concerned about. Some communities have excellent reasons to hide this activity, but most of us do not.

Only if you choose to. You can disclose your transactions for taxes or any other reason. I could explain how it works but I'm getting fed up with still being talked to like a crypto bro, I'll just share that optional transparency is a built-in function into a Monero wallet for auditing and taxes etc.

I'm not paranoid and this isn't about paranoia. Speaking for myself for example, I recognise what is a real and what is a more theoretical danger when I'm constructing my threat model, but most of the time, I use privacy tools out of principle more than out of immediate need. This is something I feel is lost for many people recently, at least that's what I'm getting online. Recently I keep recalling that one Luke Smith youtube video about in projects like Linux, how users are slowly abandoning the freedom hard lines started with Free Software and GNU etc. I think we need more hardasses, the Stallman type, so we don't drift away in convenience and complacency.

On the hyped up cryptobro part.
You're not being treated like a cryptobro. You're experiencing something even more frustrating:
"I've nothing to hide."
A cryptobro would get fundamental disbelief in the promises they make, not in their value.
"crypto is decentralized": except for all the exit scams.
"crypto is the future": except for all the exit scams.
"crypto can do anything": you don't know what you're talking about.
"crypto ...": I'm done hearing about these scams.

As to why this is frustrating,
a. because it devalues other people's needs.
b. because it undercounts one's reliance on fundamental rights.
To say it with a quote I got from schneiers website, but attributed to someone else.
Saying you don't need privacy, because you've nothing to hide is like saying you don't need free speech, because you have nothing to say.

About the complacency part.
I disagree kinda.
Users are going to the centralized semi-free options, because they come from fully proprietary systems and are used to thinking that way and have become to love the strengths of the existing systems.
In general it's going in the right direction.
Just not in the jumps hardliners and early adopters believe in.

Also even a little extra freedom helps a lot.
If Redhat sufficiently fucks up systemD we can fork it with a patch. Would this be a lot of work, yes. Would this be less work than the entire Wine project(which tackles the Windows equivalent) easily, because we have the source code.
Do proprietary kernel modules render your system less free and give root to dangerous parties, absolutely. Still I can patch the interface to limit their power and repair their mistakes For Windows and Mac that requires a jailbreak.
Do locked bootloaders illegally, but unrepentant limit consumer choice. Undeniably, but they still can't sue you under the DMCA for a jailbreak.
Or an example from this forum. If our proprietary electron program botches their testing we can still patch electron without any license problems.

Hardasses are important they remind us how we can improve the world, but they're too blinded by their rage to see the the individual value of the incremental improvements.

I think it's an issue of balance. Taking the SystemD example, when is it that the community draws the line ? Personally, the comically-fast and instant compliance with age verification fiasco a month or two ago was it for ne. I'm sort of coerced to continue to use SystemD currently, even though that was the final straw for me and I'd rather use something else now.

So it's like a continuous battle to balance out the hardass-ness with the complacency. I tend to lean more on the former (even though I don't at all feel like I'm doing a lot of work in doing so, it just seems to me everyone else is so lazy and quick to sideline what they claim to believe in). But as long as the right people don't go all the way and they don't lose the plot, you're right in that fighting back is possible.

Also, about regulations being a necessity etc etc, I get it. But I really won't play along if any countermeasure gets implemented ends up chipping away at one of the rights that were once given, that's in brief my angle on all that 'the system is important, actually'.

Quoting: TriciaPearsona bit unsettled by the Reddit posts.

I want to be happy

Quoting: LoudTechie

Quoting: tuubi

Quoting: Pyrate

Quoting: tuubiI view people who get very passionate about crypto the same way I view enthusiastic small-time stock traders. They keep talking my ear off about how they make (or save) money with it and everyone should do it, and I indulge them to a point because I'm nice and patient like that (in real life more than online), but I just don't find any of it interesting. Money is a necessity and I've never been wealthy enough to ignore it. It's just not something I could ever get passionate about.

Im sorry, but point to me where I did this here, where did I talk about making or saving money, market price, hype and all that wall street crap ?

I know, you come from a different angle. My example was mostly about the traders. But both groups (and I'm not talking about you, specifically) want to talk to me about money/currency, or how I'm using it wrong, or maybe how I should use this or that tech to get around the system.

Sorry that I kinda grouped you in with the cryptobros. In my defence, you compared me to Windows and WhatsApp users, which is way worse in my opinion. 😁

Quoting: Pyrate

Monero would protect my financial activity from heavily regulated banks and my government, which I'm a lot less concerned about. Some communities have excellent reasons to hide this activity, but most of us do not.

Only if you choose to. You can disclose your transactions for taxes or any other reason. I could explain how it works but I'm getting fed up with still being talked to like a crypto bro, I'll just share that optional transparency is a built-in function into a Monero wallet for auditing and taxes etc.

Yes, but this is a solution looking for a problem, or rather a solution to someone else's problem, as far as I can tell. And this isn't a disagreement you can fix by explaining. It's not intellectual laziness or lack of understanding on my part, and even less about giving up privacy for convenience. I wouldn't have been using Linux for ~25 years if that was the case, and I'd probably have owned an Android or Apple mobile device at some point. Or caved in and got on WhatsApp or LinkedIn or whatever social media I've been cajoled to join over the years. As I said, I like my privacy, but not everything privacy-related is equal in importance.

I don't mind that Monero exists, but if it's ever accepted as a mainstream currency, its use needs to be regulated and monitored, losing many of its apparent benefits.

Quoting: Pyrate

Quoting: LoudTechiealso relevant to this discussion.
Valve will never accept monero, because it's anonymous and decentralized.
The scammers for which they sacrificed their own gift cards would exploit exactly this decentralization and anonymity to hide their activity.

Even though I can't imagine how that could happen, (just like how I cant believe peoole sfill fall for gift card scams), you're probably right. I wonder when this stops being about a problem with gift cards and currencies, and more about people not thinking clearly when falling for these scams.

People will always fall for scams. That's not a problem that'll ever go away. Which is why we need governments, laws and regulations to protect the vulnerable. Of course governments do that with varying success and enthusiasm, but that's a political and social problem that doesn't have a technical solution.

On the anonymity thing
Anonymity from the bank is still achieved.
Only the regulator gets access to this information this way.

Also anonymity is valuable for everybody, because its a big part of our shield against oppression. In transactions and in communications. It's all the same.
Nothing to hide is a myth(kinda).
In this case for example you wouldn't be comfortable sharing your transaction details with me(don't do it please) proving there's at one person you want to hide this data from.
You don't know [who ](https://unbanx.substack.com/p/banks-are-selling-your-data-heres)your bank is sharing it with(maybe I'm it) or [what](https://artoftruth.org/data-broker-stalking-spokeo-harassment/) they're using it for.
Also anonymity is a herd immunity thing. Only when we're anonymous together are we truly anonymous(simplest case, when I know Monero has only one payer and one payed all transactions can easily be traced).

On the regulation thing.
I disagree that finance needs to be regulated on the current level.
It needs to be limited on the current level.
If crypto wants to succeed it must find a way to implement the currently centralized controls in a decentralized manner.
So not by sacrificing transaction anonymity, so the centralized police and banks can take care of it.
No by, building those controls in the system itself.
First start by copying the features of a good banking app.
MFA, double naming, transaction tagging, daily limits, blacklists, geoblocking, etc.
From that moment it can at least call itself a real decentralized alternative to banks.
If it wants to become an alternative to financial regulators.
It needs to obtain dedicated Big Fish controls, trusted judgement, sanctions, white listing, public minting, etc.

So contrary to you I believe Monero like crypto has great potential. Contrary to Pyrate I think it's not there yet.

Quoting: mattaraxiaIt seems the issue isn't that npm based packages got compromised, but rather npm was added to packages that don't generally need it. They are using npm *IN THE BUILD STEP* not adding it to your system.

Quoting: LoudTechie

Quoting: Pyrate

Quoting: tuubiI view people who get very passionate about crypto the same way I view enthusiastic small-time stock traders. They keep talking my ear off about how they make (or save) money with it and everyone should do it, and I indulge them to a point because I'm nice and patient like that (in real life more than online), but I just don't find any of it interesting. Money is a necessity and I've never been wealthy enough to ignore it. It's just not something I could ever get passionate about.

Im sorry, but point to me where I did this here, where did I talk about making or saving money, market price, hype and all that wall street crap ?

Monero would protect my financial activity from heavily regulated banks and my government, which I'm a lot less concerned about. Some communities have excellent reasons to hide this activity, but most of us do not.

Only if you choose to. You can disclose your transactions for taxes or any other reason. I could explain how it works but I'm getting fed up with still being talked to like a crypto bro, I'll just share that optional transparency is a built-in function into a Monero wallet for auditing and taxes etc.

I'm not paranoid and this isn't about paranoia. Speaking for myself for example, I recognise what is a real and what is a more theoretical danger when I'm constructing my threat model, but most of the time, I use privacy tools out of principle more than out of immediate need. This is something I feel is lost for many people recently, at least that's what I'm getting online. Recently I keep recalling that one Luke Smith youtube video about in projects like Linux, how users are slowly abandoning the freedom hard lines started with Free Software and GNU etc. I think we need more hardasses, the Stallman type, so we don't drift away in convenience and complacency.

On the hyped up cryptobro part.
You're not being treated like a cryptobro. You're experiencing something even more frustrating:
"I've nothing to hide."
A cryptobro would get fundamental disbelief in the promises they make, not in their value.
"crypto is decentralized": except for all the exit scams.
"crypto is the future": except for all the exit scams.
"crypto can do anything": you don't know what you're talking about.
"crypto ...": I'm done hearing about these scams.

As to why this is frustrating,
a. because it devalues other people's needs.
b. because it undercounts one's reliance on fundamental rights.
To say it with a quote I got from schneiers website, but attributed to someone else.
Saying you don't need privacy, because you've nothing to hide is like saying you don't need free speech, because you have nothing to say.

About the complacency part.
I disagree kinda.
Users are going to the centralized semi-free options, because they come from fully proprietary systems and are used to thinking that way and have become to love the strengths of the existing systems.
In general it's going in the right direction.
Just not in the jumps hardliners and early adopters believe in.

Also even a little extra freedom helps a lot.
If Redhat sufficiently fucks up systemD we can fork it with a patch. Would this be a lot of work, yes. Would this be less work than the entire Wine project(which tackles the Windows equivalent) easily, because we have the source code.
Do proprietary kernel modules render your system less free and give root to dangerous parties, absolutely. Still I can patch the interface to limit their power and repair their mistakes For Windows and Mac that requires a jailbreak.
Do locked bootloaders illegally, but unrepentant limit consumer choice. Undeniably, but they still can't sue you under the DMCA for a jailbreak.
Or an example from this forum. If our proprietary electron program botches their testing we can still patch electron without any license problems.

Hardasses are important they remind us how we can improve the world, but they're too blinded by their rage to see the the individual value of the incremental improvements.

Quoting: GrishnakhNot panicking, for now, as I don't use npm or have any apps that do. But I agree with the sentiment: Oh dear.

Quoting: tuubi

Quoting: Pyrate

Quoting: tuubiI view people who get very passionate about crypto the same way I view enthusiastic small-time stock traders. They keep talking my ear off about how they make (or save) money with it and everyone should do it, and I indulge them to a point because I'm nice and patient like that (in real life more than online), but I just don't find any of it interesting. Money is a necessity and I've never been wealthy enough to ignore it. It's just not something I could ever get passionate about.

Im sorry, but point to me where I did this here, where did I talk about making or saving money, market price, hype and all that wall street crap ?

I know, you come from a different angle. My example was mostly about the traders. But both groups (and I'm not talking about you, specifically) want to talk to me about money/currency, or how I'm using it wrong, or maybe how I should use this or that tech to get around the system.

Sorry that I kinda grouped you in with the cryptobros. In my defence, you compared me to Windows and WhatsApp users, which is way worse in my opinion. 😁

Quoting: Pyrate

Monero would protect my financial activity from heavily regulated banks and my government, which I'm a lot less concerned about. Some communities have excellent reasons to hide this activity, but most of us do not.

Only if you choose to. You can disclose your transactions for taxes or any other reason. I could explain how it works but I'm getting fed up with still being talked to like a crypto bro, I'll just share that optional transparency is a built-in function into a Monero wallet for auditing and taxes etc.

Yes, but this is a solution looking for a problem, or rather a solution to someone else's problem, as far as I can tell. And this isn't a disagreement you can fix by explaining. It's not intellectual laziness or lack of understanding on my part, and even less about giving up privacy for convenience. I wouldn't have been using Linux for ~25 years if that was the case, and I'd probably have owned an Android or Apple mobile device at some point. Or caved in and got on WhatsApp or LinkedIn or whatever social media I've been cajoled to join over the years. As I said, I like my privacy, but not everything privacy-related is equal in importance.

I don't mind that Monero exists, but if it's ever accepted as a mainstream currency, its use needs to be regulated and monitored, losing many of its apparent benefits.

Quoting: Pyrate

Quoting: LoudTechiealso relevant to this discussion.
Valve will never accept monero, because it's anonymous and decentralized.
The scammers for which they sacrificed their own gift cards would exploit exactly this decentralization and anonymity to hide their activity.

Even though I can't imagine how that could happen, (just like how I cant believe peoole sfill fall for gift card scams), you're probably right. I wonder when this stops being about a problem with gift cards and currencies, and more about people not thinking clearly when falling for these scams.

People will always fall for scams. That's not a problem that'll ever go away. Which is why we need governments, laws and regulations to protect the vulnerable. Of course governments do that with varying success and enthusiasm, but that's a political and social problem that doesn't have a technical solution.

Quoting: GrishnakhNot panicking, for now, as I don't use npm or have any apps that do. But I agree with the sentiment: Oh dear.