<span style="color:#323232;">== Affected Systems ==
</span><span style="color:#323232;">Running as part of a debian or RPM package build:
</span><span style="color:#323232;">if test -f "$srcdir/debian/rules" || test "x$RPM_ARCH" = "xx86_64";then
</span><span style="color:#323232;">...
</span><span style="color:#323232;">openssh does not directly use liblzma. However debian and several other
</span><span style="color:#323232;">distributions patch openssh to support systemd notification, and libsystemd
</span><span style="color:#323232;">does depend on lzma.
</span><span style="color:#323232;">
</span><span style="color:#323232;">
</span><span style="color:#323232;">Initially starting sshd outside of systemd did not show the slowdown, despite
</span><span style="color:#323232;">the backdoor briefly getting invoked. This appears to be part of some
</span><span style="color:#323232;">countermeasures to make analysis harder.
</span><span style="color:#323232;">
</span><span style="color:#323232;">Observed requirements for the exploit:
</span><span style="color:#323232;">a) TERM environment variable is not set
</span><span style="color:#323232;">b) argv[0] needs to be /usr/sbin/sshd
</span><span style="color:#323232;">c) LD_DEBUG, LD_PROFILE are not set
</span><span style="color:#323232;">d) LANG needs to be set
</span><span style="color:#323232;">e) Some debugging environments, like rr, appear to be detected. Plain gdb
</span><span style="color:#323232;"> appears to be detected in some situations, but not others
</span>
So if you were using Arch, you were unaffected by this vulnerability because
the script wouldn’t trigger because it uses neither DEB nor RPM packages
even if it had triggered, the backdoor only gets activated when the calling binary is /usr/sbin/sshdwhich doesn’t happen in Arch because they don’t patch OpenSSH to support systemd (which in turn pulls in xz).
This doesn’t mean that Arch saved you because it’s super secure or anything, but this was a supply chain attack that hit Arch (and Debian Sid, where the backdoor was actually caught because ssh logins took so long…), but it didn’t trigger because it wasn’t targeted.
Meaning there’s no immediate need to be concerned, but you should update ASAP even though the Arch package probably doesn’t contain backdoored artifacts.
To be fair, the backdoor only gets enabled when built as an RPM or Deb package, which doesn’t apply to Arch Linux, and also requires openSSH to be linked to liblzma, which is also not the case on Arch. So from what we know so far, the Arch packages should not have had the vulnerability. The risk now is whether there are other vulnerabilities or backdoors that haven’t been discovered which is why Arch made the update building directly from the git source instead of the known modified source tarball.
meld really is my favorite, but there’s also mcdiff from mc, in combination with your editor of choice (use_internal_edit=false). If you can like the internal editor, though, that’s got to be a better experience.
I find a bunch of the themes are unreadable, so am rotating and eliminating with this Zsh function:
One piece of gaming software I have not seen mentions yet that I really like is Lutris. It is a unified launcher (steam, gog, epic…) that really helps to keep game installations organized and also helps to manage wine prefixes. I recommend checking it out.
Welcome! Coming from Windows myself, I made the jump to Manjaro (It has certain issues and I do not recommend it), then to Arch less than a year after. I have been on Arch full time for around 2 years now. After the initial setup, I have found Arch to be pretty low-maintenance and no harder to maintain than any other distro, hardly requiring more than the occasional yay -Syu --noconfirm in the command line to update things. As someone with less computer knowledge than an IT professional, I think Arch’s reputation for being difficult is overblown IMO, and I suspect mostly due to intimidation from the more involved setup process prior to the availability of the install script.
I don’t know if you have any familiarity with Linux already from your work, but regardless of what distro you go with, I would go into it with a mindset that you are learning a new skill. Some things are simply done differently in Linux than Windows and will require getting used to, such as how drives work using mounting points rather than drive letters.
Realistically, setting things up for the first time often requires additional steps and may not “just work,” but when using my laptop and gaming desktop from day to day, it works just like any other OS. Gaming has been great for me generally, and the work Valve has done to improve game compatibility on Linux has been spectacular. Most Steam games do, in fact, “just work” for me.
In the 2-3 years I have been using Linux, I have rarely had things spontaneously break as many folks seem to worry about, or if I do it is because of companies not supporting their Linux communities, like Discord not pushing out updates on time, or major-event changes like the move to the Wayland graphical stack on KDE 6 which undid some of my desktop customization settings.
Once I have learned Arch, installing and maintaining it is super easy and fast. Troubleshooting a problem if it occurs is also easier because you know more how the system works internally.
But there is another problem I see when using it daily for many different things. I install Arch and week later when sending emoji find out there is no emoji font and I need to install one. Then month later needing to quickly use Bluetooth I realize I forgot to install bluez and some of it’s frontend. Then about to print something and now I need to learn how to install CUPS print server. All those things takes few minutes and have the best documentation in the Linux world, but after fresh install I get annoyed for first month or two for stuff that come preinstalled on other distros.
But… That’s also why I use Arch. I could run some post-install script from someone or use Endevour, but setting stuff how I want is the beauty of Arch.
i think many people interpret “arch is unstable” as “arch breaks a lot” while it imho just means its bleeding edge and software is not only updated on upgrades but all the time. my arch installations did sometimes “break” but were much easier to recover than e.g. all the failed ubuntu upgrades which i had ni idea how tonfix without reinstalling. for me arch was the perfect learning distro and is now even easier to install since there is the archinstall script.
As crazy as that might sound, as a “professional” distrohopper, I also find Arch to be much easier to set up and far less problematic, especially now with Archinstall which practically takes away a ton of the configuration and complexity of initial setup away.
I had one btrfs partition that just got corrupted for some reason. One day after changing nothing except updating the system, I rebooted and the partition wouldn’t boot. Lost a lot of good stuff on it. This was Arch, but I don’t think it has anything to do with it being Arch…
As far as i see from the comments, I understood what i have to. I see that Arch has no problem in itself, the problem is user. I decided to install Arch on my pc finally. Thanks for your reply. Have a nice day.
The only times Arch broke for me were when I broke it. There were 2 exceptions, however.
I once went a long time (a few weeks) without updating and I had issues relating to keys and the pacman keyring. Luckily, Erik Dubois had a video about exactly that and the system was fixed within <30 minutes (including finding the video and watching it)
The other time my computer turned off during an update which involved updating the kernel so my system broke (I can’t remember if I turned it off or if it ran out of battery). I recovered it using live media, chrooting and doing an update again from inside the chroot, which fixed it. Once again, took about 30 mins.
Every other case of breakage was caused by me actively tinkering with the system.
I should note that this doesn’t include minor issues like some configuration no longer working because of an update or something like that, as 1. this isn’t a system-level breakage and 2. it isn’t Arch’s fault.
I love to deal with problems but I don’t want to waste my time.
Then Arch is not for you. The distro requires you to always be informed of the latest news regarding Arch before upgrading so you’ll probably have to admin your system.
If you’re not ready to do that then you should probably stay with Fedora.
My suggestion: run arch in a virtual machine and get familiar with it before installing it.
Manual interventions in Arch are very very ralely needed. And most of the times they are needed… You don’t need to do shit because it’s about some weird legacy package you don’t have.
I disagree. I’ve blindly updated every day for 5 years and not once had a failure. In the one or two times something went sideways, a quick check of the wiki got me up and running with very little fuss.
It’s always a good idea to be aware of .pacnew/.pacsave files. If you ignore them everything might still work but you might end up using old configs. This might not break anything but could have security or performance implications. A system can slowly “rot” this way while still appearing to be fine.
sample size of 1, admittedly, but there’s so few times I’ve managed to break arch - which I can’t 100% attribute to myself.
Once the updates broke, somehow wiping bash -binary and kernel. Not entirely sure how or why, all I did was a normal pacman -Suy. I might have issued the pacman -command from a long path which didn’t exist anymore, not sure if relevant or not. Hasn’t happened since, so… dunno. It did spook me a bit, but nobody else at the time reported similar issues.
I’ve ran arch for years at work (webdevelopment, desktop and laptop), home server (irc shell, mumble, etc hosting) and now home desktop too (gaming, media, dualbooting with win10).
The home server has required a powerbutton -forced boot once or twice, many months of uptime & regular kernel updates can apparently mess something with networking and usb, so can’t ssh in and keyboard doesn’t get regognized when plugged in. So, you know, reboot after kernel updates? :D
It’s always a good idea to check the website for breaking changes which require manually doing something, there has been a few along the years.
i have used arch with kde plasma for about a year on my ThinkPad. so far it is working (and updating) without a hitch. I think the Potential, that your OS breaks somehow is higher on rolling release distros but i think Arch isn’t bad as daily driver if you take the time to install and customize the system to your needs. it is not so far away from a current fedora.
archlinux
Hot
This magazine is from a federated server and may be incomplete. Browse more on the original instance.