Arch Enemies
Aug 24, 2025
Arch is under fire, two weeks and counting. We'll break down the mess, and share a quick fix. Plus, the killer new apps we've just added to our homelabs.
Sponsored By:
- Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.
- 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.
- Unraid: A powerful, easy operating system for servers and storage. Maximize your hardware with unmatched flexibility.
Links:
- 💥 Gets Sats Quick and Easy with Strike
- 📻 LINUX Unplugged on Fountain.FM
- nebula-manager — Unified CLI tool to manage and maintain multiple Nebula VPN servers with ease.
- Frigate NVR
- Coral USB Accelerator: ML Accelerator, USB 3.0 Type-C
- Arch Linux - News: Recent service outages
- Arch Linux takes a pounding as DDoS attack enters week two — For now, the Arch team is working to mitigate the attack's impact, which highlights a bootstrapping issue. Tools designed to shift traffic to mirrors in the event the main infrastructure is unavailable rely on a mirror list obtained from that same main infrastructure.
- DHH on X — "Omarchy 2.0 release might have to wait a little longer. The AUR DDoS attack has picked back up, but the upside is that we're building in all sorts of resilience for the installer to deal with the assault! And meanwhile, we'll build a complete Omarchy package mirror for all.
- DHH on X — "We're pulling AUR out of the Omarchy install hotpath. It's an incredible resource, but we actually only need a handful of packages for the initial setup, and we can just host those ourselves. AUR really needs a new mirror strategy to avoid this predicament."
- Arch Linux continues to feel the force of a DDoS attack after two brutal weeks — attackers yet to be identified as project struggles to restore full service
- Arch Linux Status Page
- Arch AUR Under Fire Once More as Malware Resurfaces
- aurpublish — PKGBUILD management framework for the Arch User Repository
- salvador — salvador is a bash script that will help you maintain your AUR packages.
- archlinux/aurweb — Hosting platform for the Arch User Repository (AUR), a collection of packaging scripts created by the Arch Linux community
- TaskTrove — Self-hostable task managment that respect your privacy.
- shuthost — A neat little helper that manages the standby state of unix hosts with Wake-On-Lan configured, with Web-GUI.
- Closing the Digital Divide: Q&A with Local Computer Upcycler Mike Kelly
- mkellyxp/nixbook — Convert your old computer (even chromebook) to a user friendly, lightweight, durable, and auto updating operating system build on top of NixOS.
- CachyOS — Blazingly Fast OS based on Arch Linux
- MOES Wireless Smart Scene Switch Button
- Minoston 800 Series Z-Wave Scene Controller, 4 ZWave Button
- Brent hates ricing PCs • Clip by @genebean
- add master branch nixpkgs overlay · nikolarobottesla/infra-nix-config
- Pick: WakeMyPotato — Restart a Linux server made of a potato laptop after power outages
- Pick: spectacle-ocr-screenshot — A simple utility to automatically extract text from spectacle on plasma desktops
- Pick: spectacle-ocr — Add OCR functionality to Spectacle
Transcript
WEBVTT
00:00:11.483 --> 00:00:16.123
Hello, friends, and welcome back to your weekly Linux talk show. My name is Chris.
00:00:16.283 --> 00:00:16.963
My name is Wes.
00:00:17.183 --> 00:00:17.963
And my name is Brent.
00:00:18.623 --> 00:00:23.423
Hello, gentlemen. Coming up on the show today, we're going to start with the
00:00:23.423 --> 00:00:26.483
attack that's been going on for Arch Linux for over two weeks,
00:00:26.563 --> 00:00:28.323
tell you what we know, and some quick workarounds.
00:00:28.743 --> 00:00:32.803
Plus, we found some really useful apps that we're adding to our home lab this
00:00:32.803 --> 00:00:35.683
week, so we'll share those with you, and then we'll round out the show with
00:00:35.683 --> 00:00:38.723
some great feedback boosts and too many picks.
00:00:38.723 --> 00:00:43.363
So before I go any further, let me say hello to our virtual lug.
00:00:43.683 --> 00:00:45.503
Time-appropriate greetings, Mumble Room.
00:00:45.783 --> 00:00:48.063
Hello. Hey, Chris. Hey, Wes. And hello, Brent.
00:00:48.423 --> 00:00:52.083
Hi, everybody. Shout out to all of you up there in quiet listening and everybody
00:00:52.083 --> 00:00:54.723
joining us live in the Matrix Room.
00:00:55.263 --> 00:00:57.723
And shout out to our friends at Defined Networking.
00:00:58.523 --> 00:01:03.503
Defined.net slash unplugged. Go check out their decentralized VPN built on the
00:01:03.503 --> 00:01:07.503
incredible open source Nebula platform that you can completely self-host yourself
00:01:07.503 --> 00:01:11.383
the entire infrastructure or take advantage of their managed service and get
00:01:11.383 --> 00:01:16.043
100 devices for free when you go to define.net slash unplugged.
00:01:16.243 --> 00:01:22.083
It's really, truly a unique product because unlike others, you have the entire
00:01:22.083 --> 00:01:25.023
infrastructure if you want it with Nebula. You can run your own lighthouses.
00:01:25.423 --> 00:01:28.763
You can do all those things, and it means there could be a few things you have
00:01:28.763 --> 00:01:31.983
to set up. And you found Nebula Manager this week.
00:01:32.103 --> 00:01:36.083
Yeah, it builds itself as a unified CLI tool to manage and maintain multiple
00:01:36.083 --> 00:01:38.123
Nebula VPN servers with ease.
00:01:38.663 --> 00:01:41.643
I don't know if it's fair to call it a TUI, but it sure kind of is a TUI.
00:01:41.823 --> 00:01:44.363
It's very TUI adjacent if it's not a TUI.
00:01:44.743 --> 00:01:47.803
But yeah, it lets you just manage all of the Nebula things you need,
00:01:47.923 --> 00:01:52.543
including some niceties, like managing your local system's inbound and outbound
00:01:52.543 --> 00:01:54.023
firewall rules, if you have them on.
00:01:54.243 --> 00:01:57.303
So when you get Nebula going, your firewall just works.
00:01:57.583 --> 00:02:01.203
And of course, they also support multi-node reachability. They have that latency
00:02:01.203 --> 00:02:03.183
table where you can see how your latency is to the different systems,
00:02:03.243 --> 00:02:04.443
which is really cool to look at.
00:02:04.603 --> 00:02:08.423
Auto-update scheduler in there via cron that's really cool,
00:02:09.231 --> 00:02:11.451
Very nice interface, too. It looks very straightforward.
00:02:11.891 --> 00:02:18.111
Yeah, and I'm excited to see more tools being built on top because the open
00:02:18.111 --> 00:02:21.731
source Nebula stuff really gives you a really good framework to build on,
00:02:21.731 --> 00:02:25.411
and it's just kind of been waiting for folks to take advantage of making some
00:02:25.411 --> 00:02:29.231
smooth workflows on top to suit whatever the particular use cases are.
00:02:29.331 --> 00:02:30.411
And we're seeing more and more of those.
00:02:30.511 --> 00:02:30.651
Yeah.
00:02:30.911 --> 00:02:33.631
I thought every now and then I'd highlight a couple of them because this one's
00:02:33.631 --> 00:02:37.491
really great. We'll put a link in the show notes. Nebula powers thousands of
00:02:37.491 --> 00:02:38.791
data centers, thousands of systems.
00:02:39.231 --> 00:02:43.071
I've heard some really amazing use cases. You may be even surprised to learn
00:02:43.071 --> 00:02:48.071
that there are vehicles on the road that are powered by Nebula. So check out Nebula.
00:02:48.331 --> 00:02:53.131
It's built from the ground up to work across a very diverse data center, multi-network setup.
00:02:53.291 --> 00:02:56.811
So if you've got things behind carrier-grade NAT, if you've got systems that
00:02:56.811 --> 00:03:01.011
are in one VPS on another VPS and on your LAN, or if you've got a data center
00:03:01.011 --> 00:03:04.711
with tens of thousands of systems in it, they all will work with Nebula.
00:03:05.091 --> 00:03:08.951
Nothing else offers Nebula's level of resilience, speed, and scalability.
00:03:09.231 --> 00:03:12.991
So you can build it all yourself or get started with their managed system and
00:03:12.991 --> 00:03:18.411
100 hosts absolutely free, no credit card required. Go to defined.net slash unplugged.
00:03:21.268 --> 00:03:23.848
Okay, I got a little ask out there for the audience, for those of you,
00:03:23.928 --> 00:03:26.848
and I know PJ is one of them, that have Frigate systems.
00:03:27.108 --> 00:03:29.928
Something I've been thinking about for a long time is the Frigate NVR,
00:03:30.048 --> 00:03:31.008
the network video recorder.
00:03:32.108 --> 00:03:35.828
Really nice, and if you pair it with something like a Coral USB accelerator,
00:03:36.228 --> 00:03:40.808
you can do a lot of fancy image recognition near on the fly.
00:03:40.808 --> 00:03:45.828
And one of the things they've added in their 0.16 release, that kind of makes
00:03:45.828 --> 00:03:50.088
me want to really go all in now, is they have license plate detection.
00:03:50.088 --> 00:03:52.588
Oh, build your own flock, finally.
00:03:52.968 --> 00:03:57.808
Right. I want my own way of knowing when somebody new has pulled up at the RV
00:03:57.808 --> 00:03:59.828
when I'm not there or when it's somebody we know.
00:03:59.988 --> 00:04:04.408
And so I'm on a farm and there are farmhands that have trucks and they drive
00:04:04.408 --> 00:04:07.348
around all the time. And that's totally normal expected behavior.
00:04:08.188 --> 00:04:12.468
Occasionally, randos show up or people that need help or service or whatever
00:04:12.468 --> 00:04:16.448
show up. And I'd like to know when it's the difference between a vehicle I've
00:04:16.448 --> 00:04:22.148
seen and and sort of proved and a vehicle that I've never seen before and then get an alert for those.
00:04:22.248 --> 00:04:25.148
And there's a lot of cool tooling you can do around the learning in general.
00:04:25.988 --> 00:04:29.048
Plus, as you know, everything I kind of look at these days, there's an angle
00:04:29.048 --> 00:04:30.228
with Home Assistant here.
00:04:30.348 --> 00:04:32.868
I mean, there has to be. Otherwise, you won't even let it on the show. I mean, what?
00:04:33.088 --> 00:04:35.808
Yeah, you can actually like. So for this license plate, yeah, right.
00:04:36.068 --> 00:04:39.568
It has to be for this license plate automation detection, for example,
00:04:39.668 --> 00:04:43.788
you can build alerts and Home Assistant. So you can have home assistant aware of this license plate.
00:04:44.008 --> 00:04:46.048
Yeah. Okay. This sounds pretty darn cool. I like where you're going.
00:04:46.188 --> 00:04:52.228
I know. Very cool. But of course I have to do it the way that is the least recommended,
00:04:52.748 --> 00:04:54.608
the least reliable because of my
00:04:54.608 --> 00:05:00.568
situation. And that is I need audience recommendations for wifi cameras.
00:05:00.908 --> 00:05:05.128
I know Chris use ethernet, use POE Chris use ethernet. They're going to be more
00:05:05.128 --> 00:05:07.528
reliable. Chris, you got to use ethernet. I can't.
00:05:07.928 --> 00:05:12.248
My God. If you want to come out and make Ethernet go through places that I didn't
00:05:12.248 --> 00:05:14.988
know Ethernet could go through, I would love to have you. I'll host you.
00:05:15.068 --> 00:05:16.288
You can stay for as long as you need.
00:05:17.273 --> 00:05:22.993
But I need Wi-Fi recommendations. Ideally, even things that are battery-powered is a major bonus.
00:05:23.153 --> 00:05:26.093
Like some of the commercial competitors, like the Ring and the Wyze cams,
00:05:26.173 --> 00:05:30.133
maybe not Wyze, but like Ring cams and some of the others, they have battery packs in them.
00:05:30.193 --> 00:05:32.733
So as long as they're on your Wi-Fi network, you can stick them out in the yard.
00:05:32.873 --> 00:05:34.753
You can stick them out on the fence, all over the place.
00:05:34.813 --> 00:05:36.193
Super easy deployment, yeah.
00:05:36.413 --> 00:05:38.553
Yeah. So battery-powered would
00:05:38.553 --> 00:05:41.833
be a major bonus or USB-powered if I can plug it into a battery pack.
00:05:42.373 --> 00:05:46.813
And so I'm looking for outdoor and indoor recommendations, both Wi-Fi.
00:05:46.813 --> 00:05:49.833
Yes, I know that work well with Frigate.
00:05:49.933 --> 00:05:53.833
And so that's probably RTSP and OVFH or whatever it's called.
00:05:54.233 --> 00:05:57.613
I'm going to be learning all about that. But right now, before I dive too deep
00:05:57.613 --> 00:05:59.833
and spend my precious sats,
00:05:59.913 --> 00:06:04.333
I'd like to get the recommendations from the audience out there because I've
00:06:04.333 --> 00:06:06.973
looked at a lot of different options and I've just kind of checked out over
00:06:06.973 --> 00:06:10.333
and over again because I could see myself spending a bunch of money on cameras
00:06:10.333 --> 00:06:11.813
and not really having the results I want.
00:06:12.053 --> 00:06:14.633
I know I have to lower my expectations when it comes to Wi-Fi,
00:06:14.673 --> 00:06:16.273
but if you have any suggestions,
00:06:16.273 --> 00:06:22.153
please boost them in or go to our contact page and let me know because i i have
00:06:22.153 --> 00:06:26.293
a feeling if i can find even just a handful of good cameras i think we'll have
00:06:26.293 --> 00:06:27.213
a segment on it pretty soon
00:06:27.633 --> 00:06:30.813
and i'll do like a little frigate coverage on the show and try to convince you
00:06:30.813 --> 00:06:33.273
guys to use it that's i always do.
00:06:36.893 --> 00:06:41.913
Well the arch linux project has been getting hammered for just over two weeks
00:06:41.913 --> 00:06:45.693
i was hoping by the time we went on the air today, I'd have an update saying it's over.
00:06:46.433 --> 00:06:53.133
It is not. The attack is primarily targeted the main website and the AUR and the forums via a DDoS.
00:06:54.313 --> 00:06:56.893
Arch's maintainers has confirmed that the incident is ongoing.
00:06:56.893 --> 00:07:01.133
It is indeed a DDoS attack, and they're trying to collaborate with service providers
00:07:01.133 --> 00:07:02.633
to mitigate it as much as they can.
00:07:03.033 --> 00:07:06.233
However, full restoration has been challenging. There's even issues as of the
00:07:06.233 --> 00:07:07.713
Sunday morning as we're live on the air.
00:07:08.393 --> 00:07:11.393
And this also unfortunately follows kind
00:07:11.393 --> 00:07:17.113
of a rough summer for the aur in general there were some browser packages in
00:07:17.113 --> 00:07:21.353
july that were replaced that had the chaos rat installed in them we've already
00:07:21.353 --> 00:07:25.073
talked the whole you know aur user repository stuff to death so i don't think
00:07:25.073 --> 00:07:28.013
we need to dig into that too much but it's worth saying that it's been a rough
00:07:28.013 --> 00:07:29.693
summer for the aur to begin with.
00:07:29.693 --> 00:07:32.213
I try to use arch by the way.
00:07:32.213 --> 00:07:36.913
Yeah oh is this really unfortunate i mean i don't think it even needs to be
00:07:36.913 --> 00:07:39.853
said, but this is probably about as low as it gets,
00:07:40.093 --> 00:07:45.173
attacking a free software project, non-profit like this, like Arch,
00:07:45.313 --> 00:07:49.133
that's not even associated with any particular commercial company and it's just
00:07:49.133 --> 00:07:50.273
people working hard trying to
00:07:50.273 --> 00:07:53.213
make a distribution that people love and they're trying to run services.
00:07:54.033 --> 00:07:59.473
I think it's without any question that we totally, totally, totally are disappointed
00:07:59.473 --> 00:08:01.053
to hear this. Very frustrated,
00:08:02.642 --> 00:08:06.342
Maybe we could get into what we know about it, but before we get into all of
00:08:06.342 --> 00:08:09.962
that, why don't we just take a moment, step back, and talk about workarounds
00:08:09.962 --> 00:08:13.702
that users of the show could potentially implement right now while Arch is figuring this out.
00:08:13.822 --> 00:08:16.502
And then we'll get into speculation and other stuff.
00:08:16.922 --> 00:08:21.722
Yeah, well, unfortunately, things like the mirror list endpoint used by tools
00:08:21.722 --> 00:08:26.222
like Reflector, that kind of thing, well, that's hosted on archlinux.org.
00:08:26.502 --> 00:08:29.782
So if that's having issues, which it has been, one
00:08:29.782 --> 00:08:32.982
thing you can do is look at the mirrors listed in the pacman dash
00:08:32.982 --> 00:08:35.742
mirror list package so you should probably already
00:08:35.742 --> 00:08:39.122
have that on a normal arch system so go take a peek in there that'll
00:08:39.122 --> 00:08:44.022
at least help you get some options and then the iso is also available on a lot
00:08:44.022 --> 00:08:47.622
of the mirrors they link to some in their news announcement but if you're going
00:08:47.622 --> 00:08:51.762
to do that or download stuff manually do uh make sure you to confirm that it's
00:08:51.762 --> 00:08:55.482
actually signed by the arch trusted keys because you're kind of taking that
00:08:55.482 --> 00:08:57.822
could be taking that into at your own hands.
00:08:58.722 --> 00:09:03.862
I think maybe that's worth underscoring. This is a moment in time where it's
00:09:03.862 --> 00:09:10.282
behoovant on you to be a little extra careful because these are times that attackers can exploit.
00:09:10.562 --> 00:09:13.982
So be sure things are signed. They look legitimate. Take an extra step.
00:09:14.142 --> 00:09:21.442
For the case of the AUR in particular, they maintain a mirror of AUR packages on GitHub.
00:09:21.522 --> 00:09:24.642
It's kind of an interesting setup so if you go there it looks empty but they
00:09:24.642 --> 00:09:31.502
have a branch per package and their announcement has a little tip about a one-off
00:09:31.502 --> 00:09:35.422
git clone command you can do to just check out a particular package that you're interested in.
00:09:35.622 --> 00:09:39.522
But that can be a backup way to get your AUR if you need to,
00:09:39.602 --> 00:09:42.142
which is nice. That's kind of handy, even just regardless.
00:09:42.442 --> 00:09:46.862
I mean, just temporarily, that might be the way to do it. One of the things
00:09:46.862 --> 00:09:52.302
that the ARCH wiki, if you use the AUR properly via the whole guide,
00:09:52.862 --> 00:09:55.022
they start with having you build your own packages.
00:09:55.722 --> 00:09:58.182
It's almost kind of this is the moment where it's like oh that was actually
00:09:58.182 --> 00:10:00.482
worth paying attention to yeah.
00:10:00.482 --> 00:10:03.942
You know those make package skills they pay off sigh.
00:10:06.814 --> 00:10:10.074
I've been watching social media. I've been seeing people talk about this.
00:10:10.254 --> 00:10:12.834
There's been some good coverage, LWN and The Register, I think,
00:10:12.874 --> 00:10:15.414
in particular, and some others had some good coverage.
00:10:15.774 --> 00:10:17.614
Brent, do you have a sense of the impact on the users?
00:10:17.974 --> 00:10:22.814
Well, people are reporting, basically, AUR slowness and occasional,
00:10:22.814 --> 00:10:28.694
like, complete downtime, basically, which clearly will affect installations and updates.
00:10:29.014 --> 00:10:31.754
So, Chris, you can't always update before the show. Sorry.
00:10:32.134 --> 00:10:35.894
You know, if this had happened to the CentOS archives, no one would notice.
00:10:35.894 --> 00:10:39.274
But Arch users, they're doing Pac-Man, SYU, you know, every two seconds.
00:10:39.654 --> 00:10:43.174
Yeah, it's just built into the fingers now. Now, there is, of course,
00:10:43.354 --> 00:10:47.734
some users noting that this has also disrupted OMarchie, you know,
00:10:47.834 --> 00:10:51.314
that DHH Arch initiative that came out recently.
00:10:51.894 --> 00:10:56.954
So the new setups for that have been quite painful. Let's just put it that way.
00:10:57.694 --> 00:11:02.014
And some people have also, of course, complained about problems during fresh
00:11:02.014 --> 00:11:06.314
installs. And DHH actually addressed this on X recently.
00:11:06.814 --> 00:11:10.494
His Omarchi 2.0 release might have to wait a little longer.
00:11:10.754 --> 00:11:14.474
The AUR denial of service attack has picked back up.
00:11:14.614 --> 00:11:18.754
But the upside is that we're building in all sorts of resilience for the installer
00:11:18.754 --> 00:11:21.574
to deal with this style of assault.
00:11:22.274 --> 00:11:26.314
And meanwhile, we'll build a complete Omarchi package mirror for all.
00:11:26.774 --> 00:11:28.514
Oh, that's a big thing there.
00:11:28.514 --> 00:11:32.634
I think this is notable that, first of all, they're releasing it as its own
00:11:32.634 --> 00:11:37.814
standalone ISO now, but also that this big moment had to be delayed by this
00:11:37.814 --> 00:11:40.474
DDoS attack. That really stings.
00:11:41.194 --> 00:11:46.674
It continues here. We're pulling the AUR out of the Omarchi install hotpath.
00:11:46.674 --> 00:11:50.634
It's an incredible resource, but we actually only need a handful of packages
00:11:50.634 --> 00:11:54.074
for the initial setup, and we can just host those ourselves.
00:11:54.074 --> 00:11:58.694
So the AOR really needs a new mirror strategy to avoid this type of predicament.
00:11:59.454 --> 00:12:03.434
Interesting. Kind of unfortunate that they have to do that, but probably a pretty
00:12:03.434 --> 00:12:06.554
good solution. There has been some spec- Well.
00:12:06.554 --> 00:12:10.334
It's at least resources, right, that I guess DHH can offer to a community project,
00:12:10.454 --> 00:12:12.034
or at least to offload from, anyway.
00:12:12.174 --> 00:12:18.354
Yeah, I mean, Shaw, I have never seen anything in the Linux desktop space see
00:12:18.354 --> 00:12:19.594
this kind of continued momentum.
00:12:19.594 --> 00:12:24.754
Him we could have a segment on every week of the show of people that you know
00:12:24.754 --> 00:12:28.154
dozens of people that are switching it's really impressive so i suppose moving
00:12:28.154 --> 00:12:31.614
that off of the aur will probably reduce some of the strain you.
00:12:31.614 --> 00:12:35.754
Know steam is based on arch these days and it gets me wondering if they're having
00:12:35.754 --> 00:12:39.754
issues if anyone's having issues with their steam decks maybe there's a different
00:12:39.754 --> 00:12:42.114
strategy there do you guys have any thoughts on that.
00:12:42.114 --> 00:12:46.034
They don't really take advantage of the aur unless the user drops down to desktop
00:12:46.034 --> 00:12:49.774
mode and kind of gets that going so i suppose it really only impact them up
00:12:49.774 --> 00:12:52.694
at Valve where they're building it, you know, if they're pulling things in from
00:12:52.694 --> 00:12:55.954
the AUR, which isn't good. I mean, that's not great either. It's...
00:12:56.960 --> 00:13:02.080
It's hard to understand why anyone would do this. I saw some people speculating that it's Oma Archie,
00:13:02.800 --> 00:13:07.880
that Oma Archie has put so much traffic with the new users, but the Arch developers
00:13:07.880 --> 00:13:12.680
have kind of distilled or dispelled that myth. So, no, we don't think that's what it is.
00:13:12.840 --> 00:13:19.680
In the past, we have seen AUR helper tools that have been broken and unintentionally DDoS the AUR.
00:13:19.980 --> 00:13:24.120
I suppose that could always be possible. It may be particularly hard to track
00:13:24.120 --> 00:13:28.500
down. One of the issues is that multiple aspects of the Arch infrastructure
00:13:28.500 --> 00:13:33.900
have been attacked, and the tools that they use to manage the Arch infrastructure are hosted where?
00:13:34.280 --> 00:13:35.700
The Arch infrastructure.
00:13:35.740 --> 00:13:41.600
You got it, Wes. So they're unable to access some of their own tooling to solve and mitigate this.
00:13:41.820 --> 00:13:45.320
Yeah, so far they've only said, we are keeping technical details about the attack,
00:13:45.320 --> 00:13:49.760
its origin, and our mitigation tactics internal while the attack is still ongoing.
00:13:49.760 --> 00:13:52.820
So maybe when it finally ends, we'll get some more details.
00:13:52.820 --> 00:13:58.020
Yeah, as we're recording on August 24th, there has been no specific group that
00:13:58.020 --> 00:13:59.740
has come forward and claimed credit.
00:13:59.980 --> 00:14:05.520
And there's been nobody that's sort of been trying to tie it to any particular people or motive.
00:14:05.900 --> 00:14:10.020
But the fact remains that we're going on now two weeks of either some kind of
00:14:10.020 --> 00:14:11.960
intentional attack or misconfiguration.
00:14:14.080 --> 00:14:19.920
And I hope it's in a way just a misconfiguration because I'd be really disappointed
00:14:19.920 --> 00:14:22.580
to learn that people out there would be attacking Arch.
00:14:22.680 --> 00:14:26.680
And Arch has responded by putting up a status.archlinux.org page,
00:14:26.880 --> 00:14:29.800
which you can check and see how services are doing.
00:14:31.200 --> 00:14:34.840
Some systems are down right now. The website is down right now as we record.
00:14:35.160 --> 00:14:39.320
The AUR looks like it's at about an 83% reliability today.
00:14:40.200 --> 00:14:42.820
Not great. It was at 78% earlier.
00:14:43.300 --> 00:14:46.500
And wiki is doing pretty good though. So yeah.
00:14:46.600 --> 00:14:48.920
And the forum is doing better today. The forum was also, it's interesting that
00:14:48.920 --> 00:14:51.040
it's different aspects of the infrastructure at different times.
00:14:52.713 --> 00:14:56.513
Which kind of suggests targeted attacking to me. Again, these are just things
00:14:56.513 --> 00:14:57.113
that are being speculated.
00:14:57.213 --> 00:15:02.393
Some people have also speculated that it's somehow because of this malware that
00:15:02.393 --> 00:15:03.653
we've talked about on the AUR.
00:15:03.853 --> 00:15:08.413
And that people are trying to disable the AUR or something because of it.
00:15:09.273 --> 00:15:12.113
But I think actually, isn't there just even a more recent malware incident?
00:15:12.293 --> 00:15:13.993
Didn't somebody just slip something in again?
00:15:14.533 --> 00:15:20.373
Well, yeah, there was the one, it was like a malicious package named Google Chrome Stable.
00:15:20.553 --> 00:15:21.693
Oh yeah, it was Firefox and then Google, right.
00:15:21.693 --> 00:15:24.253
Yeah, so the browsers have been a big thing of attack here.
00:15:24.253 --> 00:15:29.873
And they're putting in remote access Trojans. And the Google one is the google-chrome-stable.
00:15:30.053 --> 00:15:34.093
Yeah, it looks like a legit name, but by a brand new account.
00:15:34.753 --> 00:15:40.613