Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
As ThrowAU said, off-the-reservation repo/supply-chains (including Homebrew on the Mac!) greatly increase a User's attack-vector.

It's not the 'distro' per-se, but how we use it. "linux" just allows us to see (and do) things with a granularity not usually allowed/available with major vendors.

I have faith that my trusty router running a seasoned version of Debian will ensure that no weirdos other than I can use it outside of the scope that I've defined. It also helps, I believe, that access is only allowed with a pre-configured SSH key.

Faith comes in many forms . . . wherein sits the trust when we drive a car at 100km/h down a busy two-way road? 😉
Doesn't really help when all issues i've had to deal with was with stock software (for example, with bazzite right now, I have to reboot a million times until it actually boots instead of giving me a frozen screen of vram garbage)
 
Ive generally not been a fan of flatpaks but, they do go through a deeper vetting process, they don't let you take over abandoned projects (or at least easily take them over like AUR). I think if you need some sort of user package, flatpaks will be a safer option moving forward.
 
The immutable and flatpak concept is the future of Linux, that system was always going to work better than any distro repo.
 
The immutable and flatpak concept is the future of Linux
I'm not quite sold on the idea that the immutable concept is the future. Doesn't that largely go against a rolling release disto?

As for flatpaks, yeah I agree it's largely the future and I can see recent malware issue move the need top accepting flatpaks.

Go over to the AUR, and the CachyOS subreddits, people are losing their collective minds. Pop over to the EndeavorOS sub and I think I saw a single thread on the topic.
 
I'm not quite sold on the idea that the immutable concept is the future. Doesn't that largely go against a rolling release disto?

As for flatpaks, yeah I agree it's largely the future and I can see recent malware issue move the need top accepting flatpaks.

Go over to the AUR, and the CachyOS subreddits, people are losing their collective minds. Pop over to the EndeavorOS sub and I think I saw a single thread on the topic.
Distos like Vanilla that use A/B root are essentially rolling. I don't think the changeover will happen tomorrow but as new distros pop up more and more will be immutable. I'll leave it to the server drivers to decide whether it would work on there end but for Ian from Idaho that just wants to do work and play some games it makes sense.
 
Distos like Vanilla that use A/B root are essentially rolling.
Perhaps but that seems one of the more obscure distros, and in all honesty I don't know too many distros that are based off of debian's unstable/rolling branch I know Ubuntu is based off of Debian unstable, but its just a snapshot and work off of that for their release.

I'm not knocking it, but I don't see immutable being the future
 
Perhaps but that seems one of the more obscure distros, and in all honesty I don't know too many distros that are based off of debian's unstable/rolling branch I know Ubuntu is based off of Debian unstable, but its just a snapshot and work off of that for their release.

I'm not knocking it, but I don't see immutable being the future
I agree vanilla is obscure but immutables have been growing which leads me wonder when they will outnumber traditional distros. RHEL/SUSE/Ubuntu will realistically not convert but where does everyone else go. The Steam deck is tamed Arch and ChomeOS is tamed Gentoo so taking obscure distros and making them mass market has some history.
 
  • Like
Reactions: maflynn
I'm not knocking it, but I don't see immutable being the future

"Immutable by the user under normal conditions" is the future, basically what modern macOS and Bazzite do.

You can of course upgrade core system/protected files but there is inherent protection of these files from being modified during normal operation.

Makes it much clearer WHEN the system is being modified and presumably additional sig checks, etc. should be verified as part of that process.

It still doesn't protect against user credential/data theft though, if you enable apps to run in the user's context (e.g., out of their home folder) then all the data the user has in that context is at risk.

This is why macOS for example prompts before allowing apps filesystem access, etc.


In short: this whole supply chain risk is why we can't have nice things (nice things being "desktop that doesn't hassle me for permissions occasionally").
 
That's true for any system though.

Yes and no.

People hate it but macOS makes apps request permission for things like access to sensitive folders.

On Linux, I believe selinux can do this sort of enforcement but the policies out of the box are trash and its a beast to administer so people generally just disable it on workstations, defeating the purpose...
 
If you have a chatGPT account (even free) i built a PKGBUILD scanner:


Paste in the PKGBUILD file, or a diff of it or whatever and it will review it.

Example chat (this one using a known bad diff for a compromised package with obfuscated code):


 
I believe selinux can do this sort of enforcement but the policies out of the box are trash and its a beast to administer so people generally just disable it on workstations, defeating the purpose...

SEL threw some weird notifications when I first got my Fedora install up (probably just too quick of a "drop it to the background" thing on KDE).

Still enabled, and haven't noticed anything since...
 
  • Like
Reactions: throAU
Beware all those dual booting Win 11 and Linux (Ubuntu) after latest 11 updates it will change or may change the boot order as to make it to where one must enter the bios and change back happened to me .
 
  • Like
Reactions: eltoslightfoot
Need to clarify this one, so all the attacks and what not are just happening with the Arch kernal? I want to make sure before I start using my Linux box again.
 
Need to clarify this one, so all the attacks and what not are just happening with the Arch kernal? I want to make sure before I start using my Linux box again.
AUR(is for Arch only distros) and is a community driven repository that is by and large set of build scripts (PKGBUILDs) which lets you compile and install packages not available in the official Arch repos. The problem with AUR, is the extremely lax oversight. If developer X has a package there but then gives up on it (abandons), anyone can take control of it, which is exactly what happened.

What could be a concerted effort, is over 1,500 abandoned packages were adopted, malware code in a post install script was added. This malware was an info stealer type malware btw.

You're on Zorin, so this attack vector has no impact on your, but I think we all can learn a lesson or two and avoid installing programs you're not 100% sure about. Most large scale distros offer user repository, and its hit and miss in how they are managed, and protected. I guess Arch was one of the worst offenders.

Using flatpaks offers a measure of increased security and assurance in that there's more oversight with regard to the flathub repository. Still, practicing safe computing habits will definitely help you in the long run

Edit: let me just add, that you can easily avoid these user repos. When this malware thing blew up, I had a small number, today I have a single AUR package installed and I'll be looking to find another solution for that app.
 
Last edited:

Attachments

  • 1781780875350.png
    1781780875350.png
    266.8 KB · Views: 18
  • Like
Reactions: S.B.G
Beware all those dual booting Win 11 and Linux (Ubuntu) after latest 11 updates it will change or may change the boot order as to make it to where one must enter the bios and change back happened to me .
This has been standard since at least 1994 with windows and bootloader management unfortunately.

At least now its just messing with the order vs. just wiping the linux boot loader entirely... which is what it used to do... so many times booting from some media, runining lilo to restore linux boot... not fond memories 😀
 
Back on my little linux box since I found out that it's only Arch based distros with the issues. I use this as my iPad at this point. lightweight, decent battery, good performance, and just fun to use.
 
KDE Plasma 6.7 came out a few days ago, and CachyOS was one of the first distros to have it ready for installation. As the saying goes, speed kills, and the cachyos sub is full of people posting issues after updating their machines.

As previously noted, I'm more of a gnome guy, so I'm on the sidelines watching this one play out.
 
KDE Plasma 6.7 came out a few days ago, and CachyOS was one of the first distros to have it ready for installation. As the saying goes, speed kills, and the cachyos sub is full of people posting issues after updating their machines.

As previously noted, I'm more of a gnome guy, so I'm on the sidelines watching this one play out.

I am not a fan of the Arch based, bleeding-edge pace. KDE is continuing to innovate and refine, while respecting its user base by offering options and customization. So of course, staying on the bleeding edge in that environment is going to be risky.

I'll still take KDE over any other DE/WM any day.
 
KDE Plasma 6.7 came out a few days ago, and CachyOS was one of the first distros to have it ready for installation. As the saying goes, speed kills, and the cachyos sub is full of people posting issues after updating their machines.

As previously noted, I'm more of a gnome guy, so I'm on the sidelines watching this one play out.
I don't think it was tested long enough. Too many impatient people on reddit whining they're not getting it fast enough and now look what happened.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.