miniblog.

← Back to all posts
Sep 15, 2017 at 20:04
PyPI packages with malicious install scripts! https://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/ (so few PLs have opt-in install scripts or run them in sandboxes)

Related Posts

Mar 12, 2025 at 04:32
82
The most common selling point I hear for Nix is having a list of all the packages you need. On a traditional Linux distro, I just install things and forget about them. A curated, commented list would certainly be handy when I have a new system.
Jul 19, 2024 at 06:09
I've been really enjoying paru as a pacman substitute on Arch Linux: https://github.com/Morganamilo/paru It allows you to update both normal and AUR packages in one go, which is super convenient. It also shows you PKGBUILD files, so there's still a human audit step for AUR.
GitHub - Morganamilo/paru: Feature packed AUR helper
GitHub - Morganamilo/paru: Feature packed AUR helper
Feature packed AUR helper. Contribute to Morganamilo/paru development by creating an account on GitHub.
Feb 20, 2024 at 16:39
I don't have much data on difftastic usage, and I suspect most users get it from the packages provided by their distro. There's been a clear uptick in stars since I built a homepage in the last month or two though! (The first big bump is when it hit Hacker News.)
Photo