The opensource apps like Newpipe, SmartTube, termux and many others are the “malware”, not the ones with binary blobs on PlayStore that fork VLC, Newpipe and many opensource apps illegally, supposedly “verified” but don’t follow opensource license like GPL, creating fake clones with ads and (real) malware.

https://itwire.com/business-it-news/open-source/81652-google-ignores-licence-violating-clones-of-vlc.html

Right, only install “verified” from Google Play, but that is where malware is, other 3rd party app stores like F-Droid, that really verify apps are at risk of getting killed by Google

Do One Thing Well: Each program should focus on a single task and perform it effectively.

At the moment im not hosting a music server, but used to use Navidrome, it worked fine and used a small footprint.

Having all in one it’s more issues to solve, if something breaks, everything breaks.
Having all on Jellyfin is more convenient.

But adding hundreds or thousands of songs along with movies and episodes will create a huge database, more resources used, slower searches

Red Hat Linux 7.3 (2002)

Tried it to install a few months ago on 86Box and couldn’t figure it out to setup network card.
Today everything is mostly plug & play, back then was a pain to setup graphical server, network

KISS (Keep It Simple Stupid)
That’s why i use Markor on, it saves on markdown (.md), text (.txt) files, and sync with Syncthing to other devices.

Without databases, or third party hosts, i can open any file on other devices using the apps of my choice, can use Markor on Android and nvim on PC.

No need to pay extra or use specific apps to work.

I also tried other not taking apps, but I needed to use some electron app that uses 1GB RAM to edit a markdown file, and decrypt some proprietary online storage. Why use some overcomplicated software when i can do the same Kwrite or nano

Unlocked bootloader not only allow to install more private ROMs like Graphene and CalixOS but also prolong the life of smartphones with regular security updates and new versions of Android.

Looks like giving the user data to Chinese (and others) are the new standard on EU.

Some day also the laptops are blocked with SecureBoot and the customer aren’t allow to change the OS

2026 the year of desktop Linux

Yes, im very interested watching digital characters having sex

They do this for years, i’ve several games for free from GOG, what’s different?

Some of the games didn’t even installed, “it’s free cool, let me grabbed”

My ISP doesn’t provide IPv6, and with other ISP using CGNAT instead don’t think that IPv6 will be the main standard any time soon.
It’s more of “if it works, don’t fix it”, just apply workarounds like tunnels

The Fly

Just the case of the packages being removed only a few hours after been published just makes my point of “trusted users” reviewing and reporting then.

And is not only an archlinux/AUR problem, the same happens with python pip, npm, dockerhub, github… With bigger popularity, bigger the target.

These days after the success of Steamdeck many users switched to Linux, and many of those started using arch or based distros like EndeavourOS because some one on reddit, YouTube or other said is the best for new hardware and you can find everything you need on AUR.
New users won’t review scripts or PKGBUILD, that’s gibberish, just search and install, and a few hours could be too late for some.

I don’t care if Linux loses or gains popularity, but if there’s no guard rails of some kind of control things could get worse, and even end AUR as it is now.

Having people control what’s published or not, probably not the best solution, but leaving it as a wild west also not

Arch also warns uses about AUR, use at at your own risk, and can break your system.

My approach isn’t definitely not the best solution, I was saying this is only the beginning, and with other arch based distros also using AUR only gets worse, if there’s any moderation and some kind of package control before publishing then when thins get real bad maybe too late and arch starts loosing users.

Now is just some packages, later could be some popular package take overs or some kinda spoofing of other packages.

I use arch BTW (since 2011), and Debian Armbian on Raspberry Pi, one is rock solid the other sometimes break with updates

Is it?

Android uses Apache License 2.0, which means vendors can modify and distribute without publishing their modifications, like include proprietary blobs and other proprietary code.

It’s like using Google Chrome instead of Chromium.

Yes you can debloat the system, but many system apps can’t be disabled without breaking the system, and ROMs based on AOSP the code can be reviewed or modified and built it yourself.

Xiaomi and mostly stock ROMs these days come bundled with ads, and apps that collect user data, even with debloat or DNS blackhole isn’t 100% private or better than a custom ROM.
That’s why Graphene and CalyxOS exist.

That’s why you shouldn’t blindly trust AUR, and always review the scripts before installing.

But something needs to change:

• packages need to be reviewed (maybe also updates on new/untrusted users)
• New package adoption need to be reviewed
• Trusted users don’t need package review
• Trusted users can review new packages (from other users)

This won’t stop here, more malware packages will appear, arch and Linux in general is getting more users and becoming a target, not only ArchLinux AUR but also other distros with custom repositories. Many users install packages from custom repositories blindly, or follow guides without any knowledge what they do.

2025 is the year of malware on Linux

In Portugal it’s called Salazar, the same name of the dictator