Discover itself doesn’t guarantee anything. Flathub (the Flatpak repository you are presumably using) requires a human review for new applications but not updates (and the human review doesn’t include a full audit of the app). I’m not aware of malware being distributed via Flathub in the past, but that doesn’t mean it can’t happen.

I tried a git log --grep=claude but it doesn’t net much, basically just this PR (which in fairness does look vibecoded).

Maybe there’s some development branch in the repository that has a commit authored by Claude but if so it’s not on main.

I think this is the right take on this.

All of this is fundamentally rooted in legal compliance things and the only reason you can see any western open source organizations not following suit is because their “violation” has flown under the radar so far. While going European-based helps with a lot of other US bullshit, in this case it doesn’t because the sanction situation is largely the same across most of the world. You could go with one of those Chinese or Russian (maybe Indian?) distributions I suppose, but those come with their own problems.

Even if you’re prepared to make your own Linux distribution - If you’re in the US, Europe, or much of the rest of the world, you’re in the same legal situation as all the existing projects and risk criminal persecution for violating sanctions. Well, in theory at least, I haven’t heard of many arrests or convictions actually happening because of open source software. If you want to gamble on it never actually happening then sure, go ahead.

As humans we like our agency, which makes it tempting to think of \<any world problem\> as something that can be solved by making mildly inconvenient lifestyle decisions, but unfortunately that’s just not how things work at this scale. Solving this issue requires lifting the sanctions, which requires a successful left wing (or at least left leaning) political movement to happen in a large chunk of the world. It’s perfectly fine to also make that lifestyle decision, but it’s important to keep the bigger picture in mind.

Clarification edit: At the same thing, it’s also important to see that the problem is happening, so signal boosting blog posts like this absolutely has value despite all of this.

Bad RAM is still a thing (even on regular PCs), there’s a reason ECC memory has a market (true ECC, not the stuff that DDR5 has built-in). But I agree that it’s likely just an OOM/Thrashing situation. Linux famously doesn’t handle them very well, and the behavior OP is seeing is very much consistent with that.

If your DE/Launcher uses systemd scopes properly you might be able to see something in the journal. As an example somewhere in my logs I can see this:

Jan 17 17:52:50 sky systemd[2171]: app-niri-steam-40213.scope: Failed with result 'oom-kill'.
Jan 17 17:52:50 sky systemd[2171]: app-niri-steam-40213.scope: Consumed 6h 32min 39.773s CPU time, 9.4G memory peak, 6.2G memory swap peak.

That’s pretty clearly severe thrashing and an eventual OOM event caused by a game. If you’re not familiar, the command journalctl -e -b -1 gives you the last log lines from the last boot. Use d and u to navigate the pager and q to quit. This will only work if the launcher you are using sets up transient systemd scopes and doesn’t just fork-exec into the application (Fuzzel does the wrong thing by default, as do many others).

I’ve also seen large Steam downloads causing such issues, so capping your download speed might help. As could enabling ZRAM.

Edit: Also, this is most likely completely unrelated but do note that Neon is basically abandoned. You should very much consider switching to a maintained distribution, whether that’s another Ubuntu spin or Fedora or something else entirely.

The GNU utils vs BSD utils issue should be easy to work around with a bit of symlinking and PATH modification:

> type find
find is /bin/find

> type gfind
gfind is /usr/local/bin/gfind

> sudo mkdir -p /usr/local/opt/gnuutils/bin/
> sudo ln -s /usr/local/bin/gfind /usr/local/opt/gnuutils/bin/find

> PATH="/usr/local/opt/gnuutils/bin:$PATH" type find
find is /usr/local/opt/gnuutils/bin/find

or in script form:

#!/bin/sh
# install as /usr/local/bin/gnu-run
# invoke as gnu-run some-gnu-specific-script script-args
export PATH="/usr/local/opt/gnuutils/bin:$PATH"
exec "$@"

/usr/local/opt/... is probably not the best place to put this but you get the idea, you can make it work with POSIX tools. I don’t know that much about Chimera Linux but I’d be very surprised if nobody has thought of doing this systematically, e.g. as part of a distributable package.

This is probably the main reason every mainboard has TPMs now, since all common operating systems (Android, iOS/MacOS and Windows) do it.

From what I heard the Ubuntu installer offers a version that doesn’t suck (if secure boot is enabled at install time) so using that is probably fine, but I would beware of trying to DIY it since it’s easy to do incorrectly, most guides are wrong, and you will likely end up with easily bypassable encryption.

If your privileged user doesn’t have a password, in some cases this could lead to any program being able to elevate their privilege quietly, unlike UAC.

I think this is the most important part. There really isn’t any protection against random processes trying to do some version of exec sudo $0 except for the fact that it requires a password.

The FSF says this is the case but the actual legal situation is less clear, especially in the EU. Linking does not necessarily constitute a derivative work. Even decompilation of a (proprietary) library in order to link to it might be acceptable depending on the circumstance.

This isn’t something that can be fixed with a license, it’s a direct result of EU copyright law. Historically companies have tended to err on the side of the FSF interpretation, but it is on somewhat shaky grounds.

Sure it’s a problem when that happens. It’s not the only problem, and honestly in the case of coreutils it’s not really the most relevant one.

Do you think it’s likely that corporations will take over UNIX-likes with proprietary coreutils extensions forked from uutils? Because that’s the one thing that is legal to do with an MIT/BSD licensed coreutils but not with GPL licensed ones.

GPL has been battle tested in court

Well… parts of it have been. Others have not. Notably the FSFs view on whether or not linking to a GPL-licensed library constitutes a derivative work (and triggers the GPLs virality) is not universally shared by legal scholars. In the EU in particular linking does not necessarily create derivative works, despite what the FSF says. This has not been tested in court.

Some other parts like the v3 anti-tivoization hasn’t gone to court either, but that has lesser ramifications (assuming you’re not TiVo).

THAT’S how we have corporations profiting from GPL. Not because GPL allows anyone to use it.

What distinction are you trying to draw here exactly? They can do it precisely because the GPL (v2) allows it. The GPLv3 has some extra restrictions but doesn’t do anything about closed source drivers (beyond the linking thing) or the Google Play Services type of proprietary extensions.

Funny you say that because OS X shipped (and probably still ships) plenty of copyleft licensed software such as Bash. The Linux kernel is used in Android and ChromeOS.

If you want to stop corporations from profiting off your work, putting a GPL on it isn’t gonna do it. In fact no free software license will do it, because by definition they allow anyone to use and ship your software.

All of the 5 people who use (non-ESR) Firefox on their 2002 Pentium 4s will certainly be very unhappy about this.

The term used is “Solução final”, and it’s a pretty literal translation. It’s absolutely possible to make the connection between the terms, but it does require bot ha somewhat in-depth education on the Holocaust and some linguistic sense. Now it’s entirely possible that LGFaé’s history teachers really dropped the ball on the first part, but it’s not clear to me that this is what must’ve happened here.

Speaking for myself I would be embarrassed but not especially surprised if some phrase that I use frequently has a similarly unfortunate meaning, especially regarding an African or Asian genocide. As bad as all genocides are, you just can’t be well educated on all of them, especially with just a regular K-12/A-level/equivalent history education which also has to do things like teaching people how to read (something most of the world is currently failing at).

In defense of the author and their education… They’re Brazilian so English probably isn’t their native language, and their history education was almost certainly in Portuguese. I don’t think it’s necessarily an indictment of their education that they weren’t taught about the English translation of a German phrase, and I don’t think it’s reasonable to apply the same standards of subtext awareness to native and non-native speakers either.