THEY ARE EATING THE FROGS

😝🐸

Not even a single screenshot of the game on the project page ? :/

If you want to go for a large print, I suggest vectorizing Tux or finding a vector image so you can get it to any size.

Maybe this ?

https://seeklogo.com/vector-logo/274040/tux

Here is how I wish we would solve this problem :

Every adult citizen gets an electronic ID card. Said smartcard let’s you authenticate on government websites (FIDO2). And maybe it could sign your vote for referendums if that’s possible in your country. Every smartcard would be secured with a PIN code.

It also can create an anonymous “adult cryptographic token” to register on adult sites, gambling sites and social networks.

Parents could create a token for their childs but they take responsibility for any illegal use, for example in this case using social networks below 16 years old.

Edit : This seems to already be a project in the EU with the EUDI Wallet. It is supposed to start deployment before the end of 2026. Too bad the UK left the EU, this EUDI wallet has features to prove anonymously that you are an adult…

Now what really will happen is politics will say “think of the children” and use that opportunity for more surveillance of their population.

It’s too bad technical problems are answered by politicians and not engineers. We are also very late in term of digital ID cards. Everybody should have for free the means to authenticate online and do so anonymously when needed. We live in a digital world, we need the tools to evolve in it.

Correct, SSL was deprecated in 2015 in favor of TLS.

He and the Google guys are some of the richest data brokers in the world, but he’s the only one who openly hates the people who made him his fortune and let’s them know by asking them to train their AI replacement.

Fuck Spez BTW.

I can’t believe the guy that wasted 80B$ in the metaverse did that mistake… Such a surprising turn of events.

If that’s not lithium batteries, I think it’s “ok”.

Still just in case, you should probably remove the tools that are in this drawer 😀

Proof that Americans are blind to rich pedophiles :p

That was my understanding but I’m not sure I agree with your conclusion though.

This hack drops an infostealer that could steal passwords and other secrets, so even if the system removes the malware, the data stolen would still be an issue.

So you can be infected for even a few days and get some passwords stolen that would still be problematic.

But yeah the subset of Steamdeck users that activated write mode and installed an affected AUR package must be pretty small.

Either Linux’s built-in display drivers are black magic or microslop is incompetent

Why not both :) ?

I just realized that since switching to cachyos 4 months ago I have never had to install any driver or driver updates (outside of just running the system update).

Even during initial setup I don’t think I installed anything driver related.

It’s really a step up from Microslop. Last time I installed my W10 I had to prepare all the necessary drivers and collect them on each manufacturers websites.

It is so much more streamlined on Linux.

I just wanted to warn the Steamdeck users that there might be a risk their device could be infected because of the recent Arch User Repository (AUR) hack.

I have no idea how critical the infection can practically be on Steamdecks but just in case you might want to check your setup.

They could also put a checking tool into CachyOS Hello, which is shipped and pops up by default.

What would this “checking tool” look like? What would it check?

I personally have deactivated the opening cachyos Hello a long time ago. Why would I need that popup once I setup everything?

And I’ve definitely gotten “urgent” text notifications that all-but-required manual action through pacman.

Pacman has no idea if it is installing something malicious. It notifies you only on functional actions that are required.

Basically, none of the suggestions you make would have avoided the AUR attack to work. Nor a future one?

The only thing I would maybe agree is for some notification system that let’s the cachyos maintainers send an urgent message but that would mean they would have to sign that message in some way. If that signature verification ever fails someone could send malicious notifications to all cachyos users and that would create another threat.

And even then if the malicious package is noticed after a few days, if you already installed/updated it, it’s too late. You could receive a notification giving guidelines to cleanup but that’s too late. The infection could disable these notifications or worse.

And if you have an emergency notifications systems, is it a “pull” or “push” notification? Is it your computer that checks if there is a notification? How long between pulls? If that’s a push then the notification servers basically has a full list of cachyos IPs which would suck too.

Sorry if I look nitpicky but I just want to illustrate that this is a very very complex problem to solve while respecting user privacy and “sovereignty” over their system. Supply chain attacks are extremely difficult to defend against and open source projects have increasingly numerous dependencies…

How else would you have wanted to be warned ?

In my opinion that’s the other side of the privacy coin.

What happens on my system is only for me to check. And in that case that means I’m on my own to be aware of its current state.

I mean the cachyos devs or the AUR maintainer have in some way by design no way to reach me. And creating some kind of malware monitoring or scanning tool included by default would be against the ethos of the OS…

So it’s up to each user to determine if they want to use random scripts or just read the blog of their OS and do everything manually. There isn’t an adequate universal solution there.

I’m not familiar with Mint but couldn’t OP just boot on a liveUSB and check if it works ?

I wonder if a SteamDeck could somehow get infected this way…

That would surely be a rather unlikely scenario but it’s interesting.

I think you understand correctly.

Your setup seems quite insecure considering your keyring seems to be always open and that you use a password that is already used to login.

On the other hand a keyring can be unlocked only when used and could also have it’s own dedicated password for it. Security is more a gradient than something binary.

Also if you store keys that are particularly sensitive in it they are as vulnerable as the container that stores them.

Not blaming you of anything of course, I think you are asking the right questions. 👍

Considering I haven’t been home since the 6th of June, I assume I probably couldn’t have been infected. But I will still do a thorough check when I get home next week.

With the current AUR that’s a straight path to STDs…

I thought that in the US you could say pretty much anything beside :

• Threatening to kill the president
• Diffamatory stuff

Am I misunderstanding how it works ?

What do you mean by “repercussions and consequences” ?