dreamless_patio's recent activity
-
Comment on Arch User Repository compromised, 1500+ packages affected in ~tech
-
Comment on Arch User Repository compromised, 1500+ packages affected in ~tech
dreamless_patio Link ParentYes, they also take additional steps to utilize because they are community provided with all the risks associated with that. The point I was trying to make is that an arch user is expected to be a...Yes, they also take additional steps to utilize because they are community provided with all the risks associated with that. The point I was trying to make is that an arch user is expected to be a full sysadmin and attracts a very different userbase than Ubuntu/Fedora. Sorry if that was unclear, I should have framed it differently.
-
Comment on Arch User Repository compromised, 1500+ packages affected in ~tech
dreamless_patio (edited )Link ParentI would be 100% agreeing with you if this had happened to literally any other distro, but you cannot tell me an arch user running unvetted scripts is not responsible for their actions. That is...I would be 100% agreeing with you if this had happened to literally any other distro, but you cannot tell me an arch user running unvetted scripts is not responsible for their actions. That is ludicrous.
Yes, plenty of things can and should be improved in the broader Linux world, but we're talking about a niche of a niche of a niche that is very different from Ubuntu or Fedora, for example, where there is a claim of trust to precompiled packages in their repos. The documentation surrounding Arch and the AUR is very explicit in it being the user's responsibility to cover their own ass. I would be much more willing to have this conversation around the xz fiasco, for example.
Arch User Repository - ArchWiki
AUR packages are user-produced content. These PKGBUILDs are completely unofficial and have not been thoroughly vetted. Any use of the provided files is at your own risk.
Verify that the PKGBUILD and accompanying files are not malicious or untrustworthy.
Carefully check the PKGBUILD, any .install files, and any other files in the package's git repository for malicious or dangerous commands. If in doubt, do not build the package, and seek advice on the forums or mailing list. Malicious code has been found in packages before.
The AUR is unsupported
-
Comment on Arch User Repository compromised, 1500+ packages affected in ~tech
dreamless_patio Link ParentHow is this blame deflection? The protections you're describing are reasonable, but they apply to a fundamentally different repo than the AUR, which is very specifically not a trusted distribution...How is this blame deflection? The protections you're describing are reasonable, but they apply to a fundamentally different repo than the AUR, which is very specifically not a trusted distribution channel. This isn't the same as installing from a distro's default repositories. User review is the main security mechanism.
-
Comment on Arch User Repository compromised, 1500+ packages affected in ~tech
dreamless_patio Link ParentThis won't be resolved until there is some kind of moderation process surrounding the adoption of orphaned packages.This won't be resolved until there is some kind of moderation process surrounding the adoption of orphaned packages.
-
Comment on Arch User Repository compromised, 1500+ packages affected in ~tech
dreamless_patio Link ParentYes, as far as I understand it any account can adopt a package and push out changes. Until there is some kind of vetting process, timeout, or moderation, this isn't resolved. Brodie posted a good...Yes, as far as I understand it any account can adopt a package and push out changes. Until there is some kind of vetting process, timeout, or moderation, this isn't resolved.
-
Comment on Recommendations for e-ink tablets? in ~tech
dreamless_patio Link ParentI have the Nomad so I can't comment on the Manta specifically, but I haven't had any issues with battery life. The software and community are excellent. I use mine for daily tasks and meeting...I have the Nomad so I can't comment on the Manta specifically, but I haven't had any issues with battery life. The software and community are excellent.
I use mine for daily tasks and meeting notes at work, tracking a handful of long-term projects (just me and two others so nothing crazy), personal writing and puzzles/games (plenty of fun and interesting PDFs around the internet!), and of course reading ebooks. I chose the Nomad to fit in my crossbody bag or cargo pants for site walks and inspections, but if I had more desk time the Manta would make more sense.
I don't connect mine to the internet either, but they just rolled out a private self-hosted cloud option if you don't want to use their servers. About once a month I plug into my computer and make a backup.
-
Comment on What are people's experiences with using Kagi? in ~tech
dreamless_patio Link ParentI think they might be talking about the "Session link" in your user settings, just visit the link in your work browser or copy and paste it into Firefox/Chrome as a new search engine:...I think they might be talking about the "Session link" in your user settings, just visit the link in your work browser or copy and paste it into Firefox/Chrome as a new search engine: https://kagi.com/settings/user_details
The Kagi API is an entirely different thing.
-
Comment on Does anyone want to buy an unused Pixel 10? in ~tech
dreamless_patio Link ParentYeah I was doing some research and it's murkier than I remember. Both functions are at least controlled by the same system: https://grapheneos.org/install/web#enabling-oem-unlocking I've had no...Yeah I was doing some research and it's murkier than I remember. Both functions are at least controlled by the same system:
https://grapheneos.org/install/web#enabling-oem-unlocking
Carrier variants of Pixels use the same stock OS and firmware with a non-zero carrier id flashed onto the persist partition in the factory. The carrier id activates carrier-specific configuration in the stock OS including disabling carrier and bootloader unlocking.
I've had no issues carrier unlocking (and then bootloader unlocking) an AT&T Pixel 6 and 8, and a Verizon Pixel 7; but clearly the best advice is to just get the unlocked model directly from Google!
Cheers
-
Comment on Does anyone want to buy an unused Pixel 10? in ~tech
dreamless_patio Link ParentIt is the same thing. If the carrier unlocks the phone, the bootloader unlock toggle will be available in dev options. edit: I have installed Graphene on multiple AT&T and Verizon Pixels (***but...It is the same thing. If the carrier unlocks the phone, the bootloader unlock toggle will be available in dev options.
edit: I have installed Graphene on multiple AT&T and Verizon Pixels (***but not a Pixel 10).
-
Comment on Does anyone want to buy an unused Pixel 10? in ~tech
dreamless_patio Link ParentVerizon can unlock it once the payment plan completes. Things might get murky if it's sold to a third party; edit:...Verizon can unlock it once the payment plan completes. Things might get murky if it's sold to a third party;
at the very least you'll need to remain available to the buyer to facilitate the unlock.edit: https://www.verizon.com/business/support/equipment-devices-services/wireless-devices/unlock-device/
Do I have to do anything to have my device unlocked?
No. Your device will be unlocked automatically as long the following applies:
You’re 60 days from purchase (if purchased before 1/27/2026)
Your device is paid in full.
Your device is not flagged for fraud, or reported as lost or stolen -
Comment on Best Bluetooth controller for sub $50? in ~games
dreamless_patio LinkI do not own this specifically but I do have 3 other 8bitdo controllers and I love them all. https://www.amazon.com/Ultimate-Gaming-Controller-Bluetooth-Joysticks-Console/dp/B0DK36N98QI do not own this specifically but I do have 3 other 8bitdo controllers and I love them all.
https://www.amazon.com/Ultimate-Gaming-Controller-Bluetooth-Joysticks-Console/dp/B0DK36N98Q
-
Comment on Upgrade desktop to win11 when hardware isn’t supported? in ~tech
dreamless_patio (edited )Link ParentIt will be a pirated copy of Windows, since if you paid for a license you wouldn't need to use this guide or activation scripts.It will be a pirated copy of Windows, since if you paid for a license you wouldn't need to use this guide or activation scripts.
-
Comment on Accessing a Google account without attaching to the phone on Android in ~tech
dreamless_patio Link ParentK-9 Mail and Thunderbird are functionally identical apps, and I can also recommend FairEmail.K-9 Mail and Thunderbird are functionally identical apps, and I can also recommend FairEmail.
-
Comment on [SOLVED] Requesting help for Android Auto troubleshooting assistance in ~tech
dreamless_patio LinkMost of my problems with Android Auto have been due to poor quality or worn out cables. I would first try a new USB3 spec cable (shielded with a decent jacket) before going crazy with the...Most of my problems with Android Auto have been due to poor quality or worn out cables. I would first try a new USB3 spec cable (shielded with a decent jacket) before going crazy with the software.
Make sure you have all the system and app updates as well.
-
Comment on What is your strangely specific phobia? in ~talk
dreamless_patio Link ParentIt would take an act of god to make a microwave run with the door open. There are many failsafes chained together that bring the probability of cooking yourself inconceivably low....It would take an act of god to make a microwave run with the door open. There are many failsafes chained together that bring the probability of cooking yourself inconceivably low.
https://m.youtube.com/watch?v=f5vQmQ6Wp4U&t=4m34s
That being said, I would NOT buy the ICYXHWP or whatever the newest brand is off Amazon. Get something that's listed and tested in your country (aka something from an appliance or big box store).
-
Comment on United States: What personal (non-business) tax software/program do you use? in ~finance
dreamless_patio LinkI've been using FreeTaxUSA for several years now; I've never had any issues, but my taxes are very simple.I've been using FreeTaxUSA for several years now; I've never had any issues, but my taxes are very simple.
-
Comment on Honey did nothing wrong in ~tech
dreamless_patio Link ParentI took a look at their most recent videos, and all have an affiliate link disclaimer in the description. Amazon affiliate links do not "poach the commissions" like Honey is doing, and the...I took a look at their most recent videos, and all have an affiliate link disclaimer in the description.
poach the commissions from anything that you buy for a few days
Amazon affiliate links do not "poach the commissions" like Honey is doing, and the commissions on indirect product purchases apply to the sale if made within 24 hours of clicking the link, not a few days.
Please provide any references or resources you have available if this is incorrect.
-
Comment on A Helicopter In My Cable Modem in ~comp
dreamless_patio Link ParentYes and no... for home use you can get away with something like this.Yes and no... for home use you can get away with something like this.
-
Comment on A Helicopter In My Cable Modem in ~comp
dreamless_patio Link ParentIt is literally just the cable modem, not an integrated modem/router. Not sure if that would be helpful for your situation.It is literally just the cable modem, not an integrated modem/router. Not sure if that would be helpful for your situation.
I agree the process is terrible; I never tried to justify it. I am simply pointing out that it is a complete misunderstanding of arch and its ethos to claim an arch user is not responsible for their system, especially when they use the AUR. That's all.