Gyroplast

ITT: whooosh

inb4 “Archlinux snobs are gatekeeping packages”

TL;DR: Don’t think of the AUR as a package source, but as of an only mildly moderated, but ultimately free and open, sharing platform for PKGBUILDs, primarily useful for (self-)packagers, not necessarily non-technical end users.

Before the AUR, you had people individually hosting their PKGBUILDs anywhere, sometimes on GitHub or the BBS (yeah, it’s been a while), sometimes along with a repository URL you could add to your pacman.conf to install packages right away, and it was glorious. I didn’t have to write a working PKGBUILD myself from scratch, and I could decide if I trusted that particular packager to not screw me sideways with a pre-built package. An officialized “Trusted User” (TU) role emerged from this idea, which has recently been renamed to Package Maintainer (PM). This is fundamentally still how the AUR works, it just became much bigger, and easier to search for particular software. Packagers gift to you their idea of how software should be packaged, for you to expand upon, take inspiration from, or learn, or use as-is if you determine it to be good for your purpose.

The AUR is ultimately a great resource for packagers, and still useful for users, but “true end users” get the extra repository, and community, kind of, before that, and should try to avoid the AUR if they can, or at least be prepared to put in effort to establish trust, or get help.

A handful of Package Maintainers are manually adopting and subsequently vetting for sufficiently popular packages to move them from the AUR to the official extra repository, which is deemed safe to use as-is, on a best-effort basis. Obviously, this is a bottleneck, as it is not feasible for the few volunteering PMs to adopt and maintain 10k+ AUR packages and be held to any quality standard. That’s why “you are on your own” with the AUR.

On the positive side, there’s a voting system to determine package popularity. AUR packagers have a public list of maintained packages, and a comprehensive git commit history. Establishing trust is still crucial, and I feel hard pressed to name a reasonably popular/useful package that isn’t already in extra or has been maintained in the AUR for a long time.

The biggest risk, IMHO, for malware getting slipped into a package is orphaning a popular package, and having it adopted by a malevolent user. This is something I personally look out for. If the maintainer changed, I make sure to check the commit history to see what they did. Most of the time it’s genuine fixes, but if anything is changed without a damn good and obvious reason, hit up the AUR mods and ask for help. This is how malware is spotted. Also, typically only the version is bumped in a PKGBUILD on an update, which is a change I feel safe waving through, too. If the download URI changes, or patches are added, I do look at them to determine the reason, and if that isn’t explained well enough to understand, that’s a red flag. Better ask someone before running this.

source: personal involvement in Arch since 2002

The argument is not how one gruesome, cruel, sociopathic behavior outweighs the other, but being opposed to extremely anti-social behavior in general. Nobody wins the cruelty olympics.

Frankly, even the idea of “it is ethical, enjoyable, or just tolerable to cruelly hurt X in any way, because they are objectively worse than whatever I can think of” should be fundamentally repulsive to anyone, more so when attempting to take any moral high ground.

It’s too close for (my) comfort to normalizing suffering as somehow deserved by anyone, which is how “the other side” likes to argue how exploitation is totally fine. “Everyone else would do it, too, I’m just faster or better at it than them.” - “If they weren’t subhuman, worthless losers, they could hold a job in my orphan blending factory, and just not be homeless or pay for medication”. These are examples of an anti-social mindset. Honestly wishing, not just out of righteous, powerless anger, another conscious being cruel harm for any reason is a very slippery slope towards that mindset. I try to fight this urge.

I follow the argument insofar that “they” caused unfathomable suffering in multitudes. I would really prefer if the reaction to this wouldn’t be the prevalent “I want to see them hurt in (un)kind, because they deserve it”, but rather “how can such people be effectively discouraged from ever wanting to become a scourge to society”, while still accepting that universal human rights are still universal.

Of course this is much more complicated than “just take the money, and shove it elsewhere”, and quite possibly not even achievable within the time we have left, and coming from societies as they currently are. Without that little quantum of optimism, hope, and belief in a fundamentally sociable human nature, though, I don’t see much in our future than eventual, total destruction, one way or the other.

TL;DR: Yeah, molten lead isn’t even close to the cruelty inflicted by those doused with it. But why are we one-upping each other in cruelty, again? What’s the point?

This reminds me of the tale of the coder tasked to write an input validator for IPv4 addresses. Poor bastard.

Another fun one: 0177.042.017.066

PSA: Don’t zero-pad your IPv4 octets. Decimal is for simpletons.

Yes. 127.0.0.0/8 is reserved IPv4 address space for Loopback. It is perfectly valid, and occasionally useful, to use other loopback addresses that are functionally identical, like 127.0.1.1 or 127.0.0.53, which carry semantic information for the initiated, like “53? Must be DNS-related, obviously!”

2134206969

What AI-generated, non-working, obviously incorrect garbage is this? Also, you want to define this as an alias to type the command 33% faster, too!

alias fc='ffmpeg -c copy -map 0:0 -f data - 2>/dev/null -i '

Amateurs.

In some retirement homes, we hear feeble cries for justice, lamenting “source tarballs are even cross-platform, just build yourself already as intended”, but nobody received that suggestion from their AI assistant, just a list of packaging services you should subscribe to instead.

s/s/iss/g

This is the mostestest blursed things I am going to see today. True art.

The New York market is closing, with Frankfurter memes taking over, going bullish on brainrot.

FOR NO REASON!!?! 🔥 🔥 That “barista” 🫤 deliberately spelled the name of my 😍 daughter 🥰 Brettly wrong on the cup, and did not appreciate her 🦄 uniqueness AT ALL when I demanded them to correct their stupid mistake! The nerve of some people! 🤯