this post was submitted on 14 Jan 2026
195 points (95.8% liked)

Technology

78661 readers
3981 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
195
Never-before-seen Linux malware is “far more advanced than typical” (arstechnica.com)
submitted 1 day ago by return2ozma@lemmy.world to c/technology@lemmy.world
43 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] ragas@lemmy.ml 11 points 1 day ago (3 children)

So who can you trust?

[–] ambitiousslab@feddit.uk 33 points 1 day ago (1 children)

You can trust the software in your distro's repositories (if you run a distro with well-maintained repositories). This is because, generally only well-known software gets packaged, the packager should be familiar with both the project and the code, and everything is rebuilt on the distro's own infrastructure, to ensure that a given binary actually corresponds to the source.

It might still be possible for things to slip through, but it's certainly much safer than random programs from online.

[–] squaresinger@lemmy.world 6 points 18 hours ago

*insert obligatory xz utils reference*

[–] ZILtoid1991@lemmy.world 4 points 1 day ago

Depends on.

If you're not using your PC for highly critical applications, go high-trust mode, and read news about those who become untrustworthy.

For critical applications, always check the usernames of the developers, use software trusted by others, etc.

[–] RalfWausE@feddit.org 4 points 1 day ago (1 children)

Yourself and the code you read and understand. So as long as you don't use a system where this is possible (say 9Front and the like) you trust nothing and nobody, do careful backups and don't go on a installation spree.

[–] squaresinger@lemmy.world 4 points 18 hours ago

I fear there is no such system where this applies. The tech stack on any old netbook is so advanced and complex that there is nobody on this planet who fully understands it.

Being theoretically able to read the code is certainly better than not being able to, but it's not the same as having actually read and understood all the relevant code to the point where you can be somewhat confident that there's no backdoor in it.

(And even if someone had the time and mental capacity to do that, at some point when going through the stack you always hit a proprietary layer. Be that drivers, the bootloader, component firmware or the hardware itself.)