I agree about the risks in terms of the way some sources present the AUR as just extra packages. But I don’t think you can object to the AUR more than any other place on the internet where anyone can upload software; unfortunately, the onus is going to be on the user to verify what they install. The AUR is moderated by volunteers and it wouldn’t be fair to expect them to vet all of the high volume of commits to the AUR. Possibly they could vet new maintainers or new packages or newly adopted packages, but nothing would stop someone from initially uploading a genuine package and then replacing it with something malicious. Or they could require identity verification to be an AUR maintainer but then far fewer genuine packages would be on there because people don’t want to give their real identity to contribute (I maintain some AUR packages, and would stop if required to verify my IRL identity).

I can totally understand if the AUR is not for you; it’s more time-consuming as you have to read PKGBUILDs (I always do). But that doesn’t make it bad that it exists at all. I think there should be more warnings about it for new users, and possibly some more moderation, though like I said above there’s no perfect moderation solution that would simultaneously forgo users’ responsibility to check and keep the AUR as large as it is today. Ultimately the option should still exist for users who want it. If it didn’t exist, I’d have to hand-package every program that’s not in the official repos, and that’s even more time-consuming than pulling and reading through a PKGBUILD that someone else already wrote and shared.

It’s just a repository of user-contributed packages. It’s no different malware-ability-wise to, say, GitHub. If you are running code you found from a stranger on the internet then you are liable for it, and you need to do your due diligence in checking that you are not running malware. It is a good thing that the AUR exists because it means Arch user packages are all in one centralised repository instead of scattered across GitHub, Sourceforge, Codeberg, Pastebin, forums, whatever. If you are just installing random AUR packages then that’s on you. It’s basic internet safety to not automatically trust random scripts you find on the internet.

What an annoyingly uninformative title. Better title: a lot more compromised AUR packages have been found since our last update.

“A lot worse” is intentionally vague to get people to click.

Maybe block on your router and save your router password such that you need to jump through several hoops to unlock it, eg password saved in one password manager DB whose master password is in another DB whose password is in another DB, etc. If you have to unlock like 10 password databases to get into your router, you’ll probably give up on whatever bad habit you were trying to do as it’s too much effort.

If you want to learn more then do LFS. I don’t think Gentoo teaches you much more than a manual Arch install. But very few daily drive LFS. It’s hardly practical. Gentoo is daily drivable but if you don’t care about compiling all your own packages then I don’t think it’s for you.

I’d say just do LFS on an old laptop or a VM.

Yay

I only use flatpak for one Python program because it has a lot of runtime dependencies I don’t want to bother with. I generally wouldn’t use flatpak.

Had no idea Qt had 3D rendering… GUI designers get more creative. Let’s see a 3D email client.

Inkscape is even weirder if you’re coming from PS/GIMP/anything else that’s primarily a raster image editor. I do like Inkscape but it’s not immediately obvious how you even draw anything; I had to look it up.

I don’t think Arch is the distro I would go for if I just wanted speed. I suppose it depends on speed of what—generally systemd Linux will boot noticeably faster than Windows, and non-systemd Linux boots noticeably faster than systemd Linux—but once you’re booted up, I don’t think there’s a significant performance difference. Arch is a Linux distro that uses systemd so it’d be the middle option if you’re wanting fast boots. There are other minimalist distros too, some of which end up in arguably faster systems, but Arch is probably the easiest of the minimalist distros due to being well-documented and supported. But the reason for going for a minimalist distro is usually customisability, not performance. On modern hardware the performance difference is negligible. On very old hardware, you should be looking for another distro made specifically for old hardware (I don’t think Arch even supports 32-bit).

if you cannot even htop, then I doubt a daemon could do something.

The point is that a daemon can catch it before it reaches that point by killing processes that are using too much resources, before all the system resources are used up.

Thanks. I’ve had a couple of comments suggesting that it might be a memory leak instead of CPU usage anyway so I’ve installed earlyoom and we’ll see if that can diagnose the problem, if not I’ll look into CPU solutions.

Open a console with top/htop and check if it will be visible when the system halts.

That would require me to have a second machine up all the time sshed in with htop open, no? Sometimes this happens on the server while I’m asleep and I don’t really want a second machine running 24/7.

Yeah. It looks like a lot of the BSDs might be the way to go if for whatever reason you want/need to stay on X11. I’ve been trying out OpenBSD on one of my machines, and following for quite a lot longer, and progress on Wayland support seems to be relatively slow over there.

I imagine that some graphical environments will always support X11. I’d suggest you switch to one of those. If someone forked Plasma, it’d have far fewer eyes on it than something like i3. I assume XFCE will continue to support X11 for a while too since it’s only just working on Wayland support. Maybe some of the less common DEs like MATE are worth looking into?

Luckily the second hand laptops from that era are still usually perfectly usable if you install some FOSS OS on it (Linux, BSDs, the various more obscure ones, tend to work fine on old computers). You can pick them up for quite cheap on ebay and the like, and then you have a perfectly usable daily driver (plus from before the era of seemingly trying to get rid of all the ports on a laptop).

chezmoi does everything I need. It’s really nice; would recommend.

It is “ready”. The 0.3 branch and the 0.4 branch can be thought of as different compositors, and the 0.3 branch is a fully-functional compositor in its own right. Some people will never upgrade to 0.4 because they either prefer 0.3 or can’t be bothered to make the transition.

Also the way you quoted that made it sound like the 0.4 release has been a WIP for years. Believe it or not 0.3 was not the first River release… They haven’t been planning the RWM release the whole time.

River!! It’s a Wayland dynamic tiler, which sounds like it’s what you’re looking for. I really like it. I’ve been using it for a few years and have been happy.

Note that they’re currently undergoing a significant rewrite for the 0.4 release which will break people’s setups. However, the 0.3 branch will continue to be maintained indefinitely for those who don’t want to switch.

Nobody’s saying it’s mandatory. People don’t want their web browsers to be full of bloated AI slop. Why should there be the AI components of Firefox on my hard drive if I’m never going to use them? Why should my web browser be full of low quality features I’ll never use? It’s enshittification. Not to mention the very quote you’re pasting specifies that it’s opt-out, not opt-in.

It increases the workload for fork devs the more crap they have to remove from upstream and the more the fork deviates from upstream.