CoyoteFacts

I’m not a security expert by any means, but here are a few things I know as a regular user:

Always keep your system up-to-date and only download and execute software from the official Arch repository if you can help it. Malware often takes advantage of outdated systems that don’t have the latest security patches, so by staying as up-to-date as possible you’re making yourself a very difficult target. The AUR is a user-based repository and is not inherently trusted/maintained like the official Arch repos, so be careful and always read PKGBUILDs before you use AUR software. Don’t use AUR auto-updaters unless you’re reading the PKGBUILD changes every time. Ideally try not to use the AUR at all if you can help it; official Arch Linux is usually quite stable, but AUR software is often responsible for a lot of the “breakages” people tend to get with Arch. If you have to run sketchy software, use a virtual machine for it, as a 0-day VM escape is almost certainly not going to happen with any sort of malware you’d run into. ClamAV or VirusTotal may also help you scan specific files that you’re wary of, but I wouldn’t trust that a file is clean just because it passes an AV check. Also, never run anything as root unless you have a very specific reason, and even then try to use sudo instead of elevating to a full root shell.

Don’t open up any network ports on your system unless you absolutely have to, and if you’re opening an SSH port, make sure that it: isn’t the default port number, requires a keyfile for login, root cannot be logged into directly, and authentication attempts are limited to a low number. If you’re opening ports for other services, try to use Docker/Podman containers with minimal access to your system resources and not running in root mode. Also consider using something like CrowdSec or fail2ban for blocking bots crawling ports.

As far as finding out if you’re infected, I’m not sure if there’s a great way to know unless they immediately encrypt all your stuff and demand crypto. Malware could also come in the form of silent keyloggers (which you’d only find out about after you start getting your accounts hacked) or cryptocurrency miners/botnets (which probably attempt to hide their CPU/GPU usage while you’re actively using your computer). At the very least, you’re not likely to be hit by a sophisticated 0-day, so whatever malware you get on your computer probably wants something direct and uncomplicated from you.

Setting up a backup solution to a NAS running e.g. ZFS can help with preventing malware from pwning your important data, as a filesystem like ZFS can rollback its snapshots and just unencrypt the data again (even if it’s encrypted directly on the NAS). 2FA’ing your accounts (especially important ones like email) is a good way to prevent keyloggers from being able to repeat your username+password into a service and get access. Setting up a resource monitoring daemon can probably help you find out if you’re leaking resources to some kind of crypto miner, though I don’t have specific recommendations as I haven’t done this before.

In the case of what to do once you’re pwned, IMO the only real solution is to salvage and verify your data, wipe everything down, and reinstall. There’s no guarantee that the malware isn’t continually hiding itself somewhere, so trying to remove it yourself is probably not going to solve anything. If you follow all the above precautions and still get pwned, I’m fairly sure the malware will be news somewhere, and security experts may already be studying the malware’s behavior and giving tips on what to do as a resolution.

They could be you! They could be me! Admittedly, there’s a higher chance that it’s me.

I am paid a fuck-ton so my answer is definitely yes, but I really think it would vary person-by-person. “Should” people need to work 5 days per week to get that pay? My answer is probably no.

My corporate job is one of the better ones in terms of pointless BS and people pretending to be their corporatesonas, but every time I take time off I’m reminded that we’re wasting our entire lives with work. I take a few 4-day work weeks and suddenly my house is clean again, I’m cooking more interesting meals, writing code for fun, hanging out with friends, catching up on shows, etc. Imagine how much progress, art, and innovation we could have if everyone’s natural talents and interests were given space to exist. Long-term we would have so much more of everything, and everyone would be happier and healthier. Unfortunately, short-term we’ve gotta layoff 4% of our workforce again because Mr. AI said it might make the line go up.

How so? I feel it is an example of the effect because customers are drawn in with a low price and are surprised by a plethora of seemingly-sneaky fees, which take up a large portion of the total bill. Customers feel negatively about the long list of fees and the implication that they’ve been tricked, but they wouldn’t think twice if the fees were just included in the base price. It is against their best interest to be automatically and opaquely charged for all regular services (i.e. normal airlines) instead of being transparently given the option to forego those that they do not care about (i.e., fee-based airline).

I remember someone talking about an airline that advertised very low prices up-front but then added tons of fees for every individual thing, and when adding all the fees up for the service you’d expect with any other airline the end price would be the same. However, given that all the services/fees are technically optional, this is actually an ideal pricing model since you don’t have to pay for any services you don’t want.

The comment collapsing I think is fine; Lemmy-style forums already heavily rely on voting to move content around, and I think net -10 is a pretty good indicator that the comment in question has bad info, is a troll, or is otherwise not good content (as voted by the local community).

The low karma icon I’m seeing out in the wild and honestly, so far every time I see someone with that icon I look at that profile and sure enough there really are a lot of downvoted comments and antagonistic behavior. It’s probably handy to determine whether someone is sealioning, trolling, or just otherwise has a lot of bad takes (again, as voted by their local community) before deciding whether to waste energy trying to engage in a thoughtful conversation.

4chan screenshots being reported is pretty opinionated (the rationale being that it’s not about the content itself, it’s about the normalization of 4chan and the enablement of the alt-right pipeline it provides), but hopefully it’s at least optional?

It’s much better at federation than Lemmy.

Do you have an example or source for what this means? Like is it faster/more efficient to propagate things, more featureful in what it federates, etc.?