Anyone catch that hilarious LLM exchange on aur-general mailing list over the weekend?
E: found it
this post was submitted on 15 Jun 2026
651 points (97.9% liked)
linuxmemes
31767 readers
767 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
- Don't get baited into back-and-forth insults. We are not animals.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudoin Windows. - No porn, no politics, no trolling or ragebaiting.
- Don't come looking for advice, this is not the right community.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
5. š¬š§ Language/ŃŠ·ŃŠŗ/Sprache
- This is primarily an English-speaking community. š¬š§š¦šŗšŗšø
- Comments written in other languages are allowed.
- The substance of a post should be comprehensible for people who only speak English.
- Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
6. (NEW!) Regarding public figures
We all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations. - Keep discussions polite and free of disparagement.
- We are never in possession of all of the facts. Defamatory comments will not be tolerated.
- Discussions that get too heated will be locked and offending comments removed. Ā
Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.
founded 3 years ago
MODERATORS
Well that's fun. Odd someone named Campbell asking was for a tomato soup recipe, you'd think that would just be built into their bloodline or something.
While I'm glad no JS package managers were hurt to make the soup, I do wish the recipe didn't waste so much water.
Just keep sending requests and use as many tokens as possible. My wife spent 30 minutes on the phone with a bot the other day, just getting it to dump huge sets of instructions to waste tokens.
Yeah I'm pretty glad that I've been behind in upgrading my aur packages recently.
I never had any issues on TempleOS.
Zero remote exploits since it was released. That's what divinely-inspired coding looks like, everyone.
Better than OpenBSD
Out of curiosity, is that actually true? Surely our lord and saviour must have made a tiny slip-up
Edit: Apparently TempleOS doesn't have networking
It is networked >!to GĢ·ĶĢĢĢĢĢĶĢ„ĶĢ¼Ģ Ģ©ĶoĢ·ĢĢ ĶĶĢĶĢĶĢ½ĶĢĢŖĢ®ĢĶĢØĢĢ¹ĢĢ¤ĶĶĢŖĢ¢dĢ·ĢĢ½ĢĢĢ¾Ķ ĢĢĶĢ®ĶĶĢ„Ģ”!<
My OS is a temple. š§
It was certainly a weekend.
ClamAV users, how's it going?
I am really curious about this. If someone had ClamAV and updated any of these packages from the AUR during the attack, would ClamAV have "solved" that problem? I would love to know the effectiveness of that.
To be honest I'm not really sure, my comment was meant as a question to potential clamav users, I'm wondering the same thing as you.
AFAIK ClamAV is mostly for looking for windows targeted malware so I doubt it
Did clamav work with AUR affected packages? Sorry if the question is idiotic, cause im ignorant when it comes to security
To be honest I'm not really sure, my comment was meant as a question to potential clamav users, I'm not really one of them.
The more popular Linux becomes, the less true this will be.
Tbf most major attacks we saw recently are cross-platform thanks to npm. AUR has always been a security risk.
Wasn't that long ago when I was downvoted to oblivion for saying that. Glad to see the community is maturing.
Avoid success at all costs - Simon Peyton Jones
So what are good antivirus options for Linux? is it still pretty much just ClamAV?
Our company uses eset https://www.eset.com/us/home/antivirus/
But afaik it costs money to really work.
But your brain should be the best antivirus you have.
But your brain should be the best antivirus you have.
Is there an AUR package for it? seems not in the official repo
But your brain should be the best antivirus you have.
It's useful to use brain, but any security layer has holes which is why it's good to have several layers. Some attacks might be way beyond user's understanding or come from trusted sources.
But your brain should be the best antivirus you have.
True of virtually every OS.
But "only stupid people get viruses" is exactly the kind of trap that catches folks.
load more comments
(1 replies)
one thread I found from 2 years ago where someone asked for the same thing, a lot of the replies are just "you don't need antivirus on Linux" lmao
There is no malware on Linux and there is no war in Ba Sing Se
load more comments
(3 replies)
I learnt a lesson yeah. It looks like I got away, there's no rootkit, I found nothing weird running, I don't have npm Installed, and up until now it doesn't seem like the packages I had installed were compromised. But I had way more AUR packages installed than I was aware of. And I was just updating them without really caring about the pkgbuild, I have better things to do. Multiple packages were outdated crap that shouldn't have been there anymore.
I was careless and took too much risk. I reduced the Installed AUR packages to a minimum, and from now on I will verify the PKGBUILDs on every update. Maybe Arch isn't really what I need. I'm on the LTS kernel and I no longer really use the AUR. But switching will be a huge hassle and this setup will work well from here on out, so I'll stick to it for now
I've been using Bazzite for a couple of years now and it's great. Almost boring how stable it is.
And I access the AUR with an Arch distrobox if I need to
errr... just FYI, if you have AUR packages through distrobox, you are basically just as vulnerable as someone running vanilla arch. You checked if you have anything form the AUR on the nearly 2k (last I checked) package list?
And you believe that makes you safe?
Shit like this is a blemish on the Linux community.
load more comments
(1 replies)
Never use things like yay, just read the PKGBUILD and run makepkg. AUR wasn't meant to be automated. But it's better to use Flatpak, because it provides sandboxing (not for every app, but it can be reviewed before installation).
Using aur helpers is fine if they make it easy to read the pkgbuild, which paru does. It's too annoying to check for PKGBUILD and upstream/vcs updates for each package individually.
Ideally the aur helper would point out when 1) a package changed maintainers since your last install, 2) a package's PKGBUILD itself changed (not just the upstream/vcs source), 3) the PKGBUILD is less than 24h old or so. And for #2, it should also show you the changes similar to what you see on the AUR site's "view changes" page. I'm not aware of any aur helper that does these things, but hopefully recent events prompt a change.
Linux Users: haha those silly windows users, always searching the web for their software and getting viruses.
Linux Users: oh no I got malware by searching the AUR!
load more comments
(17 replies)
I am at "no fucking yays and the bunch, check the package create/update dates, read PKGBUILD, only update when necessary". Has served me well so far
I was on arch as a vestige from my school days, having never quite found the time to switch to something more stable. When I saw the news over the weekend, I checked and found 1 would-be-infected package on my machine that was thankfully months out of date. I'm well past the point of wanting to examine PKGBUILDs every time (hence the out of date package). But, instead of just removing AUR packages and sticking to arch repos, I decided to sweep up the technical debt by wiping and installing Fedora. I'm liking it so far, minus the absolute pain in the ass that is Nvidia on Linux. Fuck academics and their insistence on writing everything targeting CUDA; otherwise, I'd have saved a good bit of money a few years ago with a much more compatible AMD card.
load more comments
(8 replies)
btw, I use malware
view more: next āŗ