Does anyone know if yay gives me the ability to hook my own tool in to review pkgbuilds before accepting them? They argue that they don't want to just give attackers access to a scanning tool, because all they'd do is just iterate on their pkgbuild until it reports "not detected". But if yay gives me an easy way to hook in whatever tool I want, the attacker can't be sure what tool to defeat. If thousands of people all run various tools, surely a few of them will spot the anomaly quickly.

Edit: it looks like they've added this exact functionality in response to the attacks: https://jguer.space/blog/2026-06-15-yay-v13

The AUR should not be thought of as a package manager repo. It should be thought of as a pastebin for pkgbuild scripts, i.e. build instructions. Running them without looking is the equivalent of blindly copying shell commands from stackoverflow.

If you are thinking "I want to install this package I found, it doesn't exist in any repo, but their build instructions are complex and don't have instructions for arch," a pkgbuild is a great resource. At the very least you can read someone's pkgbuild to see what dependencies and build steps worked for them (in the same way that you can disect a shell script line-by-line to understand what it's doing).

The only official way to use the AUR is to manually download a pkgbuild file and use manually run makepkg to execute it. All the other tools that turn it into a convenient repo source (ex. yay, paru, pamac) are unofficial.

That sounds like you're describing someone who is only making a lemmy account because they see potential customers they want to advertise to.

That's the exact reason I don't want someone to make a lemmy account.

Greenland is now asking Trump to invade, hoping to secure a deal similar to the one Iran got.

citing the need for bodily autonomy for servicemembers

Also Hegseth,

No more beardos. The era of rampant and ridiculous shaving profiles is done.

He knows what he is.

Either way you're sorting. The difference is what value you're using the sort by.

I was looking to buy a PC version for longevity/future proofing

For the record, physical PC titles are probably the worst way to preserve old games. Unless you're ok with having to rely on a crack. Modern Windows and drivers often break support for old titles. Also there were a lot of games that relied on a key auth server that is no longer running.

Here's a video from a couple of years ago on the subject.

Ironically, buying a physical console and copy of the game is the most dependable way of preserving old game libraries. Why do you say your 360 is on borrowed time? It should hold up fine.

I also just recently finished Forbidden West a couple of months ago! Just prior to that I had finished Silksong, and just afterwards I returned to Baldur's Gate 3 and finally finished that!

I'm now playing Expedition 33 and Fez.

I would expect to pay $50 for a modern flip phone with hardware comparable to one from 20y ago. But this is running Sailfish OS, has a decent SoC, camera, DAC, and up to 64GB of RAM. This ain't your grandma's flip phone.

Ah yeah, I misread that. I agree $500 is high for what it is, but it's also kind of a novelty device that they'll surely only make a relatively small number of to guage interest. The industry has shifted all of its manufacturing away from making flip phones cheap.

Lol they said that and my first thought was, "what, is there a risk of some billionaire CEO bursting into the courtroom to exact revenge?"

He also keeps explaining to me why Fedora better than my “nerd OS”

lol he's already a true linux user.

But probably best to have a talk about gatekeeping linux though. There's no wrong way to run linux.

After a decade of wondering why my friends still used Instagram, they're finally talking about uninstalling it this week. So I'm all for these new features, keep em coming zuck!

Given recent performances I think most boxing fans won't mind seeing him being escorted back across the border

Am I the only one who thinks this is unsportsmanlike to say? If someone is worth fighting against inside the ring, then they're worth fighting with outside the ring.

Oregon allows public nudity specifically for protests.

I know it will take a lot of bravery, but I honestly believe they should organize full nude, and completely calm protests. The optics of sending the military against protestors who are so little of a threat that they are actually completely nude is powerful.

This post missed the most important part people should know: someone is footing the bill for you to use this service. If you're not paying, they will make their money in whatever what they choose. Potential resulting in you becoming the product. Yes, even on lemmy. So if your instance mod needs funding, kick em a few bucks, be their customer.

It's actually really funny to see review bomb attempts on a non-profit FOSS project. No shareholders to appease, no profits to they need to protect, just a community of people contributing to the tool they use.

https://everynoise.com/

It plots every genre of music on a 2D spectrum ("The calibration is fuzzy, but in general down is more organic, up is more mechanical and electric; left is denser and more atmospheric, right is spikier and bouncier.")

You can click on any genre and get band recommendations.

Or you can search for a specific band and find other bands plotted similarly.

What year is it? Are they going to be offended by SouthPark next?

In the last 10 years there has been a seemingly noteworthy uptick in hardware bugs in both intel and amd CPUs. Security researchers find and figure out potential attack vectors that rely on these bugs (ex. Specter/Meltdown). Then operating systems have to put workarounds in their kernel code to ensure that these hypothetical attack vectors are accounted for, at the cost of performance and more complicated code.

Linus is saying how annoyed he is with all this extra work they have to do, resulting in worse performance, all to plug vulnerabilities that we've never actually seen any real attackers use. He's saying instead we should just write the code how it should be, and if the hardware is insecure, let it be the hardware company's problem when customers don't use the hardware.

The problem is, customers will continue to use the hardware and companies who need a secure OS (all of them) will opt to not use Linux if it doesn't plug these holes.