1·
30 minutes agoI miss the browser, but luckily I haven’t played RS since the new CEO cancelled new Pride Events right after the Trump Admin was reelected.
- 0 Posts
- 11 Comments
Joined 6 months ago
Cake day: December 23rd, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Yeah, it seems like these sort of problems aren’t necesarily due to an insecure system like the AUR but moreso because of the target’s publicity and popularity which is definitely the case with the rise of CachyOS.
I’m not real clear on if this is the case but you could try:
-
Have you installed or updated from the AUR before, such as with Yay? Specifically after June 5th? If so, check this list or the post above for a list of compromised packages. https://gr.ht/aur_pkg_list.txt
-
Maybe
pacman -Q | grep atomic-lockfilebecause that appears to be what the threat actor is installing but I’m not really sure if that’s how it works…?
EDIT: If you really want to play it safe then you could try
yay -R $(pacman -Qmq)to remove every aur package and wait out the storm, just be careful to backup important files.-
I tend to be a little antsy around anti-capitalists. Too many bad run-ins with Tankies.
Are you one of the malicious actors? Thats some shit I’d expect to hear from the people doing this, trying to justify the attack by blaming the users for “capitalism”.
EDIT: No, sorry, alvr was just one package, there is no specific source for the infection just one or many malicious users: https://gr.ht/aur_pkg_list.txt
Users can check if they’re already compromised withEDIT: No, sorry, alvr was just one of countless affected packages. Also, several is an understatement since a huge number of packages are affected.pacman -Q | grep alvrI think maybe?Post with more information here: https://lists.archlinux.org/archives/list/[email protected]/thread/FGXPCB3ZVCJIV7FX323SBAX2JHYB7ZS4/
12·21 hours agoNah, while I understand the importance of Proton, I’ve also seen that Andy Yen dude be openly pro-Republican and supportive of Elon Musk, so I’ve got absolutely zero benefit of doubt to give them when controversies pop up and I absolutely understand that they have enemies.
EDIT: A quote comes to mind, “It takes years to build trust. Moments to lose it.”
They might eventually try to pressure Firefox as well, as google is actually the largest funding contributor to Firefox. I wonder what the Open Source license dictates with the GECKO engine that firefox maintains? Could somebody make a fork and profit off of it or would we be forced to a different browser framework entirely?
lol
lmao even
I always check with my contract lawyer before installing or updating from the AUR. It’s worth it for me.