Probably makes more sense than putting them in a friggen vacuum.

For those worried, I found a repo with a collection of up-to-date scripts and package lists to help check for any infections: https://github.com/lenucksi/aur-malware-check

I did the malware check using Claude, providing it with the same list (https://md.archlinux.org/s/SxbqukK6IA), and it did essentially the same things as this script does to verify. So either way should do the trick.

I think, for this, I'll trust something community verified and not the potential hallucinations of an AI. But we all put our trust in something I suppose. Glad you're clean.

Malware has started sprinkling references to nuclear shit and other strings that trigger model safety so they'll refuse to actually scan them.

Good instinct. I did both. The script came out later.

The AUR is user supported and thus malware sneaks into packages all the time, although admittedly not to this scale. Still, it's pointedly not secure and has always had "here be dragons" signs plastered all around it.

That’s not so much an example of who is using best practices, as it is an example of who is using worst practices.

It's not the AUR. It's the rolling release cycle, and probably even more importantly, lack of support options.

The AUR has absolutely nothing to do with the rolling release cycle

yes & comment didn't mention that both are dependent, fooqux is correct.

He literally said "It's the rolling release cycle" he is not correct

You're reading it wrong. He's giving an alternative reason why it's not used in enterprise.

Agree

> Is it possible to have E2E encryption on emails?

You literally have a proton email address on your profile.

I mean having it as a default. Big tech benefits from making emails unencrypted.

The question is, Can the encrypted mail be a default?

That can push email companies to make access to email a paid service. And that would cut out a huge chunk of world population from access to email.

It's a full chain reaction and that's why companies like Proton remain small

Looks well documented. I applaud the author for not just sharing code, but taking the time to teach how to use it and how it was made.

I dunno, the readme is clearly LLM vomit. It's hard to praise docs that might not even have been read yet.

Seems like a contradictive reply, have you given it a read ? Yes it's a skimmed over LLM written readme.

This sounds exactly like the kind of thing that will be outlawed in thirty years after tracing back the root cause of the second great depression.

That would require regulators to actually pay attention, something they haven’t done actively since a long, long time

First step would be to prevent the regulators from profiting to begin with.

In my experience, if we don't (meaningfully) root out corruption and ineptitude, we will continue to be governed+leveraged by one/both.

Can't root it out, it's part of the system. Sortition is the best we can hope for now.

Why was it not outlawed post dotcom crash? This was exactly the thing that led to the dotcom crash.

It all was many years ago after the great depression, and similar. Then people kept voting in republicans who's life mission is to gut the SEC and all related regulation keeping them from doing things like this.

Maybe there wasn't enough damage, either economical, financial or societal?

Perhaps but the AI drone based WW3 might put nvidia in the black before that.

Outlaw what? Prevent companies from selling goods and services to each other?

The problem described isn't companies buying goods and services. It's buying from an entity they partially own and then profiting as that entity becomes more valuable because of the purchase.

It’s still very tenuous you can’t prevent companies that own 5% of other companies from buying services from the that company

We can prevent anything we want. If there's a major AI crash analogous to the Depression, we'll probably institute a lot of new regulations.

If the parent comment is true, it seems the problematic aspect is the leverage created by the P/E ratio more than the percentage of ownership. What a weird situation.

Oh yeah, these are definitely circular financial games but you have to be wary about putting in insane regulations that will break growth.

Yes, if it's done with an intent to defraud the general population, which could be the case here. Effects and intent really matter when deciding actions.

Except the regulators first outlawed what is generally considered to have caused the great depression (savings banks allowed to invest, which translates to very, very rich people being allowed to take massive risks with poor people's money) ... then re-legalized it.

So not only are the regulators not going to allow things that cause another great depression, they're allowing the things that caused the first great depression too. They must want a rerun.

(Because if you don't allow this you're effectively demanding the extremely rich make good investments to stay rich ... and not even France, otherwise pretty socialist, dares to go that far)

it's not about that. it's about how it gets reported in their financials.

My preferred fix is "corporations can't buy stock, their own or others".

The market seems to value both rockets and magical calculators.

I mean, we all understand that this is some sort of circular financial play, but at the end of the day Google is paying SpaceX $1 billion for compute. This is no different from AWS or Azure.

Exactly. If AI is going to start being graded on how many LoC it generates- oh, I'm sorry, how much it "accelerates", than guess what newer models will start doing more of?

Surely they can train AI on the signal to change as few lines as possible. Indeed, this is something I'd want to have control over when making requests. In a traditional UI, I'd imagine some kind of slider between "fewest lines" and "be bold".

I've been having some success asking Claude to run sloccount after each change. Seems to help a little, though it's prone to forgetting over a long session.

I'm actually hopeful that the recursive code training will improve quality over time. I'm definitely producing higher quality code, tests, and docs. It does take attention and oversight, iteration and refinement, one cannot just let these things loose on a code base and expect good things to happen. You have to leverage them to make the good things happen.

Because if they suddenly stop, it will quite likely have devastating repercussions for the entire globe. Weather patterns (which also effects food growing), sea life (more food), and probably some other non-food related things too!

Thanks for posting this. I've been looking at getting one but this has made me pause.

Yeah it's a shame because his keyboards are genuinely good, I just find it strange that he operates like this. If he charged an extra $100 or whatever and acted like a normal company (fully assembling and testing prior to shipping out products, packaging things properly so they don't get damaged in shipping, having a mail-in warranty service, that sort of thing) I think he'd have better sales.

All of those things would cost a hell of a lot more than $100 unit. Probably closer to doubling the price.

See my sibling comment: the v2 beam spring keyboard (metal version) worked immediately out of the box and all I had to do was but key caps on.

This is an enthusiast producing these and the beam spring mechanism is entirely redone with modern touches (e.g. support for mx style keycaps) so there is risk, but mine works great. I think that the fully enclosed beam spring mechanism should hold up better during shipping than the spring-and-barrel mechanism on the model F.

Of course YMMV and it is an expensive and rare keyboard, but my experience has been good.