this post was submitted on 19 Jun 2026
747 points (98.1% liked)

Technology

86012 readers
3819 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] SnotFlickerman@lemmy.blahaj.zone 128 points 2 weeks ago* (last edited 2 weeks ago) (2 children)
[–] Reygle@lemmy.world 54 points 2 weeks ago* (last edited 2 weeks ago) (26 children)

Ironically people who "btw I use Arch" have been FREAKING OUT because their precious arch user repository got massively infected with infostealer malware, lol

This was just this week

[–] spicehoarder@lemmy.zip 42 points 2 weeks ago (3 children)
[–] RustyShackleford@piefed.social 15 points 2 weeks ago

I agree. It’s the ideal choice for gaming, and until recently, I had never heard of it. I can’t imagine going back to Windows 11 unless I was held at gun point and even then.

[–] ColeSloth@discuss.tchncs.de 3 points 2 weeks ago (1 children)
[–] Reygle@lemmy.world 1 points 2 weeks ago

Nexus is a good channel, but normies don't even know what linux is. Steve may be tech Jesus but he's no linux bro.

[–] CosmoNova@lemmy.world 37 points 2 weeks ago (1 children)

precious arch user repository

I think you vastly overestimate the importance of AUR. A lot of Arch users had to say something about the incident and many of them didn‘t even use it. It‘s definitely nothing essential.

Also Arch users still don‘t give a fuck about Windows. This whole AUR debacle has little to do with what OP was actually getting at.

[–] Reygle@lemmy.world 5 points 2 weeks ago (3 children)

Maybe so. I use cachy just for the record, so I'm not piling on with linux hate. I'm just enjoying the madness of it all. :)

[–] Cethin@lemmy.zip 10 points 2 weeks ago

FYI, CachyOS is Arch based. It has access to the AUR. If you weren't effected, that proves the point.

The AUR is a repository of last resort. It's useful, but you should be careful. That's true even before this even. It's a repository made by users, and is not verified.

[–] lagoon8622@sh.itjust.works 5 points 1 week ago

CachyOS not only is Arch, it uses packages from AUR out of the box

[–] NikkiDimes@lemmy.world 4 points 1 week ago

Crazy self own my guy

[–] dream_weasel@sh.itjust.works 14 points 2 weeks ago

Nobody is freaking out who isn't a moron.

There are a handful of arch users who eat crayons... if the windows users in 2026 leave any I mean.

[–] plutopos@lemmy.zip 8 points 2 weeks ago (1 children)

This is why I love flatpak and sandboxing in general

[–] Reygle@lemmy.world 2 points 2 weeks ago

Flatpak ruules!

[–] Creat@discuss.tchncs.de 8 points 2 weeks ago

I use arch (kinda), and has zero issues. It was a problem if you used unmaintained packages from arch, as adopting them and contaminating then was the attack vector. Using someone that's unmaintained is always kinda questionable, so instead I'd just manually install that instead (it shouldn't change if it isn't maintained anyway).

I had a mild panic then realised I've never used AUR so I'm fine

[–] lastweakness@lemmy.world 4 points 1 week ago

I use Arch, btw. But no, I wouldn't blame my incompetence on my distro even if I were infected, which I wasn't.

[–] JcbAzPx@lemmy.world 4 points 1 week ago

Mostly because they were doing the linux equivalent to downloading .exe's from limewire.

[–] tomiant@piefed.social 3 points 2 weeks ago
[–] RobMyBot@lemmy.ml 2 points 2 weeks ago (2 children)

I don't use arch btw (I'm a Fedora stan)

[–] Smoogs@lemmy.world 2 points 1 week ago

samesies! fist bump

load more comments (1 replies)
[–] XLE@piefed.social 2 points 2 weeks ago (4 children)

The Windows equivalent of this would basically be the discovery that a bunch of apps on the Microsoft Store were infected with malware.

This really sucks for people that migrated to Linux without becoming Linux experts, and chose a friendly distro based on Arch that came with the AUR, like the often-recommended CachyOS.

[–] cmnybo@discuss.tchncs.de 26 points 2 weeks ago (1 children)

The packages on the AUR are all user created. It's not really comparable to the Microsoft Store.

[–] XLE@piefed.social 1 points 2 weeks ago (2 children)

Is the Microsoft Store not full of apps not created by Microsoft?

[–] EpeeGnome@feddit.online 10 points 2 weeks ago (2 children)

It's apps approved by Microsoft. They only made a small fraction of them.

load more comments (2 replies)
[–] KingKong33@lemmy.ml 3 points 2 weeks ago (1 children)

AUR is not the official repository. Its more like downloading a virus from Mlcrosoft.com.

[–] XLE@piefed.social 1 points 2 weeks ago (1 children)

The AUR is hosted on https://aur.archlinux.org/.

Just like how Microsoft hosts the Microsoft Store.

[–] Cethin@lemmy.zip 2 points 2 weeks ago (1 children)

That's like saying that github is equivalent to the Microsoft store. Sure, they provide the space for the repository. It's controlled by users though, as the name implies. It isn't the official repository, like the Microsoft store is the official "repository" for Windows.

[–] lastweakness@lemmy.world 2 points 1 week ago

Yeah, perfect analogy. No amount of external helper tools making installs from GitHub easier would change the security implications. (Cargo-binstall is an example of such a helper.)

[–] teft@piefed.social 5 points 2 weeks ago (1 children)

The Windows equivalent of this would basically be the discovery that a bunch of apps on the Microsoft Store were infected with malware.

You mean like this?

https://www.howtogeek.com/788382/beware-of-malware-in-windows-apps-on-the-microsoft-store/

[–] XLE@piefed.social 2 points 2 weeks ago

If it was the actual apps and not just look-alikes, yes.

[–] Attacker94@lemmy.world 3 points 2 weeks ago (1 children)

There is a reason why the arch community had such a bad reputation when it came to newcomers, they were gate keeping good technical knowledge of the system. It had the side effect that most people became royal dicks on the forums and stopped being helpful, but it did have what I would consider the intended effect of people being wary of everything they did on their system.

I find the easy arch distros to be fairly interesting since my recommendation has always been that anyone who wants to daily drive an arch distro should install arch through command line at least once and read about the packages they use. I personally run endeavor os, but I started by doing the leg work, which led me to the conclusion that I prefer flatpaks over aur if it is available because they are far more easier to maintain good security practices on.

[–] NewOldGuard@lemmy.ml 13 points 2 weeks ago

I think that's a silly thing to say given that the arch wiki is the most comprehensive source of up to date technical Linux knowledge available to everybody. If you mean support for people on the distro itself, it does explicitly market itself to people who are already knowledgeable and willing to be their own support, so idk what you'd expect

[–] Reygle@lemmy.world 1 points 2 weeks ago (1 children)

CachyOS is completely 100% unaffected UNLESS people chose to install applications from the AUR.

[–] prole@lemmy.blahaj.zone 7 points 2 weeks ago

You could literally say the same thing about Arch though

[–] imjustmsk@lemmy.ml 2 points 2 weeks ago

lmao, but yea- lesson learned anyway 🥀 never will install random packages without properly checking it, Got too carried away by "yay -Essing everything :sob:

[–] MrKoyun@lemmy.world 1 points 1 week ago

Not my linux 😎

I actually do use arch btw, however there really isnt anything to freak out over because I barely even use the aur and am just not updating from the aur for the time being. Its really not a big deal.

load more comments (12 replies)