Latest 30 Comments

Quoting: MayeulCOne-liner to check locally-installed packages against the [published list](https://lists.archlinux.org/archives/list/[email protected]/message/FCH7TT6IOVT7D477JKSVJALBKADAARSW/):
 
pacman -Qq | grep -xFf <(curl "https://md.archlinux.org/s/SxbqukK6IA/download")
I do have 5 matches on my system, but I am not really worried, as I update my AUR packages maybe twice a year 😅

Quoting: SlaxerThis is pretty bad. Luckily, I don't have too many packages from the AUR. I think I'm fine, thank God.

Quoting: doragasuAUR does not have package checks by definition, it puts that weight on the user.

As I always say, I have been using Arch as my main distro for 10+ years, and despite that (maybe because of that) I never recommend Arch!

We all start off as beginners. You don't have to not recommend it. If you do recommend it, just explain the reasons for why someone would want to try Arch. Arch is for people who are interested in really learning how to do things on their own, and don't mind scraping their knees a bit by learning things the hard way. It's also good for people that just want to be aware of every package on a clean install.

My first distro was Slackware, and I reckon it's much harder to get into as a beginner than Arch is, especially during the mid 2000s. If I can learn my way through it, anybody can.

Quoting: CyrilGuys, I'm very curious... what do you think of the Ğ1 ("June"), then?
[https://duniter.org/](https://duniter.org/)

Quoting: Pyrate

Quoting: LoudTechie

Quoting: Pyrate

Quoting: LoudTechie

Quoting: tuubi

Quoting: Pyrate

Quoting: tuubiI view people who get very passionate about crypto the same way I view enthusiastic small-time stock traders. They keep talking my ear off about how they make (or save) money with it and everyone should do it, and I indulge them to a point because I'm nice and patient like that (in real life more than online), but I just don't find any of it interesting. Money is a necessity and I've never been wealthy enough to ignore it. It's just not something I could ever get passionate about.

Im sorry, but point to me where I did this here, where did I talk about making or saving money, market price, hype and all that wall street crap ?

I know, you come from a different angle. My example was mostly about the traders. But both groups (and I'm not talking about you, specifically) want to talk to me about money/currency, or how I'm using it wrong, or maybe how I should use this or that tech to get around the system.

Sorry that I kinda grouped you in with the cryptobros. In my defence, you compared me to Windows and WhatsApp users, which is way worse in my opinion. 😁

Quoting: Pyrate

Monero would protect my financial activity from heavily regulated banks and my government, which I'm a lot less concerned about. Some communities have excellent reasons to hide this activity, but most of us do not.

Only if you choose to. You can disclose your transactions for taxes or any other reason. I could explain how it works but I'm getting fed up with still being talked to like a crypto bro, I'll just share that optional transparency is a built-in function into a Monero wallet for auditing and taxes etc.

Yes, but this is a solution looking for a problem, or rather a solution to someone else's problem, as far as I can tell. And this isn't a disagreement you can fix by explaining. It's not intellectual laziness or lack of understanding on my part, and even less about giving up privacy for convenience. I wouldn't have been using Linux for ~25 years if that was the case, and I'd probably have owned an Android or Apple mobile device at some point. Or caved in and got on WhatsApp or LinkedIn or whatever social media I've been cajoled to join over the years. As I said, I like my privacy, but not everything privacy-related is equal in importance.

I don't mind that Monero exists, but if it's ever accepted as a mainstream currency, its use needs to be regulated and monitored, losing many of its apparent benefits.

Quoting: Pyrate

Quoting: LoudTechiealso relevant to this discussion.
Valve will never accept monero, because it's anonymous and decentralized.
The scammers for which they sacrificed their own gift cards would exploit exactly this decentralization and anonymity to hide their activity.

Even though I can't imagine how that could happen, (just like how I cant believe peoole sfill fall for gift card scams), you're probably right. I wonder when this stops being about a problem with gift cards and currencies, and more about people not thinking clearly when falling for these scams.

People will always fall for scams. That's not a problem that'll ever go away. Which is why we need governments, laws and regulations to protect the vulnerable. Of course governments do that with varying success and enthusiasm, but that's a political and social problem that doesn't have a technical solution.

On the anonymity thing
Anonymity from the bank is still achieved.
Only the regulator gets access to this information this way.

Also anonymity is valuable for everybody, because its a big part of our shield against oppression. In transactions and in communications. It's all the same.
Nothing to hide is a myth(kinda).
In this case for example you wouldn't be comfortable sharing your transaction details with me(don't do it please) proving there's at one person you want to hide this data from.
You don't know [who ](https://unbanx.substack.com/p/banks-are-selling-your-data-heres)your bank is sharing it with(maybe I'm it) or [what](https://artoftruth.org/data-broker-stalking-spokeo-harassment/) they're using it for.
Also anonymity is a herd immunity thing. Only when we're anonymous together are we truly anonymous(simplest case, when I know Monero has only one payer and one payed all transactions can easily be traced).

On the regulation thing.
I disagree that finance needs to be regulated on the current level.
It needs to be limited on the current level.
If crypto wants to succeed it must find a way to implement the currently centralized controls in a decentralized manner.
So not by sacrificing transaction anonymity, so the centralized police and banks can take care of it.
No by, building those controls in the system itself.
First start by copying the features of a good banking app.
MFA, double naming, transaction tagging, daily limits, blacklists, geoblocking, etc.
From that moment it can at least call itself a real decentralized alternative to banks.
If it wants to become an alternative to financial regulators.
It needs to obtain dedicated Big Fish controls, trusted judgement, sanctions, white listing, public minting, etc.

So contrary to you I believe Monero like crypto has great potential. Contrary to Pyrate I think it's not there yet.

I simply no longer take "I have nothing to hide" people seriously. Maybe in time they'll realise how naive a statement that is.

Yeah you seem to have a low view of the naive.
I think naivety is a great good.
It's trust the glue of our society.
People assume that it will be alright and don't look in that direction, because someone they trust handles the issue.
They believe they've nothing to hide, because they believe the things they want hidden are already hidden.
I'm simply a security engineer. It's my passion to patch the distance between trust and trustworthiness with cold hard logic, so society can get used to an even more trustworthy world.

Edit:
In a way the naive are just like the hardasses they show us how our society should be.

Forgot to reply to this, sorry. I like your perspective, I find it interesting. I do feel like going deeper into this though is well beyond the topic here and this is not the place.

This is how I would ideally like the equation to be: the people should always be critical, hard-ass, and pick on the smallest things when it comes to their governments. Meanwhile governments should stop what I can only describe as "everyone gets punished and treated as a criminal" with the increasing regulations, and instead return to this naive and trust-based outlook on society.

Quoting: Phlebiac

Quoting: LoudTechieIf Redhat sufficiently fucks up systemD we can fork it with a patch.

FWIW, the primary SystemD developer has been an employee of Microsoft for some time now.

Quoting: ExplosiveDiarrheaThat's like saying "people who can't swim can drown in the sea, so we should have every single access to the sea guarded and protected at all time".
That is insane...

Quoting: Pyrate

Quoting: LoudTechie

Quoting: Pyrate

Quoting: LoudTechie

Quoting: Pyrate

Quoting: tuubiI view people who get very passionate about crypto the same way I view enthusiastic small-time stock traders. They keep talking my ear off about how they make (or save) money with it and everyone should do it, and I indulge them to a point because I'm nice and patient like that (in real life more than online), but I just don't find any of it interesting. Money is a necessity and I've never been wealthy enough to ignore it. It's just not something I could ever get passionate about.

Im sorry, but point to me where I did this here, where did I talk about making or saving money, market price, hype and all that wall street crap ?

Monero would protect my financial activity from heavily regulated banks and my government, which I'm a lot less concerned about. Some communities have excellent reasons to hide this activity, but most of us do not.

Only if you choose to. You can disclose your transactions for taxes or any other reason. I could explain how it works but I'm getting fed up with still being talked to like a crypto bro, I'll just share that optional transparency is a built-in function into a Monero wallet for auditing and taxes etc.

I'm not paranoid and this isn't about paranoia. Speaking for myself for example, I recognise what is a real and what is a more theoretical danger when I'm constructing my threat model, but most of the time, I use privacy tools out of principle more than out of immediate need. This is something I feel is lost for many people recently, at least that's what I'm getting online. Recently I keep recalling that one Luke Smith youtube video about in projects like Linux, how users are slowly abandoning the freedom hard lines started with Free Software and GNU etc. I think we need more hardasses, the Stallman type, so we don't drift away in convenience and complacency.

On the hyped up cryptobro part.
You're not being treated like a cryptobro. You're experiencing something even more frustrating:
"I've nothing to hide."
A cryptobro would get fundamental disbelief in the promises they make, not in their value.
"crypto is decentralized": except for all the exit scams.
"crypto is the future": except for all the exit scams.
"crypto can do anything": you don't know what you're talking about.
"crypto ...": I'm done hearing about these scams.

As to why this is frustrating,
a. because it devalues other people's needs.
b. because it undercounts one's reliance on fundamental rights.
To say it with a quote I got from schneiers website, but attributed to someone else.
Saying you don't need privacy, because you've nothing to hide is like saying you don't need free speech, because you have nothing to say.

About the complacency part.
I disagree kinda.
Users are going to the centralized semi-free options, because they come from fully proprietary systems and are used to thinking that way and have become to love the strengths of the existing systems.
In general it's going in the right direction.
Just not in the jumps hardliners and early adopters believe in.

Also even a little extra freedom helps a lot.
If Redhat sufficiently fucks up systemD we can fork it with a patch. Would this be a lot of work, yes. Would this be less work than the entire Wine project(which tackles the Windows equivalent) easily, because we have the source code.
Do proprietary kernel modules render your system less free and give root to dangerous parties, absolutely. Still I can patch the interface to limit their power and repair their mistakes For Windows and Mac that requires a jailbreak.
Do locked bootloaders illegally, but unrepentant limit consumer choice. Undeniably, but they still can't sue you under the DMCA for a jailbreak.
Or an example from this forum. If our proprietary electron program botches their testing we can still patch electron without any license problems.

Hardasses are important they remind us how we can improve the world, but they're too blinded by their rage to see the the individual value of the incremental improvements.

I think it's an issue of balance. Taking the SystemD example, when is it that the community draws the line ? Personally, the comically-fast and instant compliance with age verification fiasco a month or two ago was it for ne. I'm sort of coerced to continue to use SystemD currently, even though that was the final straw for me and I'd rather use something else now.

So it's like a continuous battle to balance out the hardass-ness with the complacency. I tend to lean more on the former (even though I don't at all feel like I'm doing a lot of work in doing so, it just seems to me everyone else is so lazy and quick to sideline what they claim to believe in). But as long as the right people don't go all the way and they don't lose the plot, you're right in that fighting back is possible.

Also, about regulations being a necessity etc etc, I get it. But I really won't play along if any countermeasure gets implemented ends up chipping away at one of the rights that were once given, that's in brief my angle on all that 'the system is important, actually'.

On the age gating fiasco.
That was a reaction to a passed law.
Yes, it's problematic, but the reason they can get away with it is that the government is backing them.
Anyone who wants to make that fork has to fight the law and [we know the law often wins.](https://genius.com/The-clash-i-fought-the-law-lyrics)
Most distros also include an Api for handling USA crypto export controls.

It was more about how fast they jumped on that. I remember within the same newsfeed that day, I read how System76 CEO advising open source devs to hold on for a bit because he was exploring exclusion for FOSS OS's, and shortly after SystemD implements the thing.

And sure, they would've eventually had to by law, it still counts as a redflag for me.

Quoting: LoudTechieIf Redhat sufficiently fucks up systemD we can fork it with a patch.

Quoting: Liam Squires-Hand

Quoting: JugglingJesterSorry, which part of arch user repository is that hard to understand?

And this is a user comment section. I, as the person who runs it, still have a duty to ensure nefarious crap isn’t shared and spread. The same applies to the AUR and who run it, the same applies to literally any online service. Is that hard to understand?

Quoting: scratchiTwo articles in a row about combat games with hockey sticks :)
Can we get an actual hockey game soon? :D
(yes i'm from Canada)

Quoting: Liam Squires-HandIf they cannot do any checks - that's just a glaring flaw in the entire design of the AUR and so yes - it should be shut. If it's just going to repeatedly be a huge security issue like this, then why should it exist? It's dangerous.

Quoting: Turkeysteaksfor anyone who doesn't use an AUR helper, I made this basic little bash script:

for dir in ~/AUR/*/
do
dir=${dir%*/}
echo "${dir}"
cd ${dir}
cat PKGBUILD | grep $1
cd ~/AUR/
done

if you don't keep your AUR packages in ~/AUR/, you will need to change that in the code.

run it with `./<script-name>.sh <bad-package>`. so for this one, if you do `./script.sh atomic` and any of them print anything, you have been compromised. If none of them do, you're hopefully safe.

Quoting: Purple Library GuyBitcoin in particular, and I believe the blockchain in general to a significant degree, is really slow at doing transactions.

Quoting: Purple Library GuyI think another thing may be that the main place to keep crypto is these exchanges, and they're insecure as fuck.

Quoting: SlaxerAs Linux users, I can't help but wonder how this kind of justification works on some of us. We're getting close to the day when you start seeing headlines on your local Pravda news source saying, "Prime Minister Dipshit has proposed a ban on Linux because drug lords have been known for using Linux distros such as Whonix to sell illegal and untaxable drugs".

Quoting: SlaxerIsn't this a current problem on Steam?

Quoting: Purple Library Guyright wing pseudo-populist claims about money.

Quoting: JugglingJesterSorry, which part of arch user repository is that hard to understand?

Quoting: CarollyI'll also point out that what Monero is most known for among the general public is its prevalence in malware and popularity with the criminal element including Darknet retailers and CSAM traders. Saying it has a bit of a reputation problem would be significantly understating the situation.

Quoting: PyrateYou can't dismiss a technology just because criminals make use of it

Quoting: PyrateSo the freedom to transact however the hell I want and to whomever I want (without Visa dictating if theyre cool or not with the product you're buying). The banking system in this regard is atrocious. So that's in UK banks. Locally, I also have an issue with banks being unreliable in general in online shopping (would rather not share which country) but recently the Central Bank itself got hacked and terabytes worth of database were put up for sale, so I guess that's another thing to add.

Quoting: SlaxerIt's funny you mention that. Canada's in debt $1.3ish Trillion (capital T), so the money sitting in your bank account is increasingly becoming more and more worthless by the day - and that's on top of the fact that you're also being taxed more on it than they did in the past. So you're losing money on two fronts, inflation, and taxes - which is something that can be entirely blamed on one group of people. Take a guess who? In theory, Bitcoin could fix half of that problem.

And btw, I would be considered "wealthy" by the government's standards... which is why HALF of my sweat blood and tears goes to the government - only to be squandered and spent in ways that only benefit themselves, and not the country. Trust me, people like me aren't the ones stealing from you. But anyway... let's bring it back to those gift cards eh? lol

Quoting: SlaxerOther than volatility, why do you suppose businesses choose not to take it as payment? Not debating here, just picking your brain.

Quoting: CatKillerStay away from Reddit; be happy.

Quoting: doragasuAUR does not have package checks by definition, it puts that weight on the user.

As I always say, I have been using Arch as my main distro for 10+ years, and despite that (maybe because of that) I never recommend Arch!