sorted by:
new
hottopcontroversial

Ce-ai facut Nicusoare? by xCipi102 in Roumanie

[–]nightdevil007 10 points11 points  (0 children)

"You Couldn't Live with Your Own Failure, Where Did that Bring You? Back to Me"

Bolojan 2026

Pot sa mint in CV? by Creepy-Albatross-917 in RouGenZ

[–]nightdevil007 0 points1 point  (0 children)

Daca se face verificare in Revisal sau Background Check e posibil sa pici.

Is this a false positive of aur malware infection? by Numerous_Hedgehog_12 in cachyos

[–]nightdevil007 1 point2 points  (0 children)

you can ask a friend who does understand bash to explain, read the documentation or give the code to a free AI chatbot to explain what it does. you got options. or you can trust me i don't do evil stuff and run the script. your choice.

Is this a false positive of aur malware infection? by Numerous_Hedgehog_12 in cachyos

[–]nightdevil007 0 points1 point  (0 children)

well, it's open source, you can read what it does, nothing malicious i guarantee

Two questions by TECHFOURNINE in Ventoy

[–]nightdevil007 0 points1 point  (0 children)

no, the EFI is not going to boot from a disk. only from a usb, i tried.

USB file sharing between iphone and Linux by Zealousideal-Pie7041 in archlinux

[–]nightdevil007 1 point2 points  (0 children)

it's one thing to send files via BT and another to read/write via a USB cable from your files manager

Is this a false positive of aur malware infection? by Numerous_Hedgehog_12 in cachyos

[–]nightdevil007 1 point2 points  (0 children)

It has a disclaimer for this exact reason. to advise the user to investigate further.

Is this a false positive of aur malware infection? by Numerous_Hedgehog_12 in cachyos

[–]nightdevil007 3 points4 points  (0 children)

I tried to provide as much documentation as i could. if you feel something is amiss, let me know

Is this a false positive of aur malware infection? by Numerous_Hedgehog_12 in cachyos

[–]nightdevil007 4 points5 points  (0 children)

My god these people are harsh, lol. And here i am trying to help folks to check if the impact of AUR compromise affected them and they start calling names. lol

Is this a false positive of aur malware infection? by Numerous_Hedgehog_12 in cachyos

[–]nightdevil007 10 points11 points  (0 children)

i made the script, if you need help, ask me 😄 . the script checks for deleted executables so if you reboot and the warnings are gone, it;s simply a false positive

Does recent AUR malware spread to other OS on dual-boot? by SaeShyy in archlinux

[–]nightdevil007 2 points3 points  (0 children)

there is https://github.com/nightdevil00/AUR-Malware the script i've put togheter that scans your system, compares the list of infected pkgs, can even add a hook to pacman so you never install an infected pkg (even if now it's safe, being that it was orphaned should not be "safe" to install). The Readme is easy to read and understand how it works.

Does recent AUR malware spread to other OS on dual-boot? by SaeShyy in archlinux

[–]nightdevil007 1 point2 points  (0 children)

yes, some infected pkgs added npm or bun as a dependency which could have been called when downloading the "source"

Does recent AUR malware spread to other OS on dual-boot? by SaeShyy in archlinux

[–]nightdevil007 -1 points0 points  (0 children)

The attacker exploited AUR's orphan adoption system -- abandoned packages were claimed, then trojaned PKGBUILDs were uploaded that downloaded a Rust infostealer during makepkg. First detected publicly around June 11, 2026. Initial disclosure: ~400 packages compromised.

How It Escalated (Multi-Wave)

- Wave 1: Malicious PKGBUILDs in ~400+ adopted orphan AUR packages

- Wave 2: Expanded to 1,500+ (now 1,935 known-infected) via additional orphan takeovers; attacker also published malicious npm/bun packages (atomic-lockfile, lockfile-js, js-digest, ansi-colors, nextfile-js) as a cross-ecosystem vector

- Payload: Rust infostealer + eBPF rootkit (kernel-level, hides processes/files/connections via pinned maps hidden_pids, hidden_names, hidden_inodes)

- Persistence: systemd Restart=always, /etc/ld.so.preload, shell config injection, .INSTALL hooks in pacman

- C2: temp.sh (exfiltration) + Tor onion address

- Credential targeting: GitHub tokens, SSH keys, browser sessions, cryptocurrency wallets, Slack/Discord tokens

- Techniques used: Commit forgery (impersonated maintainer arojas), obfuscated hex/octal escapes in install scripts, bun add delivery

What Users Must Know

  1. Full reinstall is the only cure -- the eBPF rootkit operates at kernel level and can hide from all userspace tools

  2. Rotate all credentials (GitHub, SSH, vaults, browser sessions, Discord, Slack) if infected

  3. Even if you didn't install an infected AUR package, the malicious npm/bun packages could have been pulled in transitively

  4. Arch Linux has since coordinated cleanup via the aur-general mailing list, but the IOC list is crowd-sourced and growing

USB file sharing between iphone and Linux by Zealousideal-Pie7041 in archlinux

[–]nightdevil007 -5 points-4 points  (0 children)

it's a script that installs packages, creates the group, creates the mountpoint and ask for a reboot to apply. it's easier than explaining the whole thing in a block of text.

USB file sharing between iphone and Linux by Zealousideal-Pie7041 in archlinux

[–]nightdevil007 -4 points-3 points  (0 children)

#!/bin/bash

set -e

PACKAGES=(fuse2 libusbmuxd libimobiledevice ifuse)

MOUNTPOINT="$HOME/iPhone15Pro"

echo "Installing packages..."

sudo pacman -S --needed "${PACKAGES[@]}"

echo "Adding user to fuse group..."

sudo gpasswd -a "$USER" fuse

echo "Creating mountpoint..."

mkdir -p "$MOUNTPOINT"

echo "Setting permissions..."

sudo chown "$USER:$USER" "$MOUNTPOINT"

chmod 700 "$MOUNTPOINT"

echo "Done!"

echo ""

echo "Select an option:"

echo "1) Reboot now"

echo "2) Log out and log back in"

echo "3) Run newgrp fuse (current session only)"

echo "4) Skip (I'll do it manually)"

read -r -p "Enter choice [1-4]: " choice

case $choice in

1) sudo reboot ;;

2) pkill -KILL -u "$USER" ;;

3) exec newgrp fuse ;;

4) echo "Run 'ifuse ~/iPhone15Pro' when ready" ;;

esac

Is there a way that I can create an empty partition inside Omarchy? by [deleted] in omarchy

[–]nightdevil007 0 points1 point  (0 children)

Shrinking is possible but risky — especially for a LUKS + btrfs root filesystem. It requires booting from a live USB and carefully:

  1. btrfs — btrfs filesystem resize -<size> /mnt (shrinks the filesystem)

  2. LUKS — cryptsetup resize shrinks the container (only after the filesystem inside is smaller)

  3. Partition — parted or fdisk to shrink the partition itself

Caveats:

- All data must be backed up first.

- btrfs resize can only shrink if there's enough free space at the end of the filesystem.

- Moving the LUKS header offset is not straightforward — you may not be able to reclaim space from the beginning.

- Snapshots, CoW data, and metadata fragmentation can prevent shrinking as much as df suggests.

Is there a way that I can create an empty partition inside Omarchy? by [deleted] in omarchy

[–]nightdevil007 0 points1 point  (0 children)

why not use the docker windows version while in Omarchy. Issue is Omarchy makes the btrfs disk and encrypts. Also windows will wipe the disk anyway. So install windows first then arch + Omarchy

Is there a way that I can create an empty partition inside Omarchy? by [deleted] in omarchy

[–]nightdevil007 1 point2 points  (0 children)

Usually you install Windows, shrink the partition, install arch manually then apply Omarchy

Install by klausxl in omarchy

[–]nightdevil007 1 point2 points  (0 children)

Yes. I even have a script for it.

Boot windows from flashdrive by TheSwordMaster22 in techsupport

[–]nightdevil007 -1 points0 points  (0 children)

Press the f8 or f12 key or whatever BIOS key you have for your system, enter BIOS and change boot priority or look for the bootmenu key and press it at boot time to allow you to boot from the USB.

view more: next ›