Support the channel by becoming a patron at https://tuxdigital.com/membership or get some swag at https://store.tuxdigital.com/
The Arch User Repository recently had a major security incident where more than 1,500 AUR packages were reportedly compromised with malware. In this video, I break down what happened, what users should do about this, how users can check for infection, and why Arch-based distro users should be careful with community packages.
### Scripts to check your system:
– https://www.reddit.com/r/linux/comments/1u3alhe/comment/or3vhax/
– https://discuss.cachyos.org/t/aur-compromised-400-packages-affected-20260611/31040/84
### Other Links:
– https://archlinux.org/news/active-aur-malicious-packages-incident/
– https://archlinux.org/about/
– https://www.reddit.com/r/linux/comments/1u3alhe/roughly_400_aur_packages_compromised/
———————————————————————————–
### Chapters:
00:00 Intro
00:15 What is the AUR?
00:39 Official Arch Repos NOT Affected
00:51 Here’s what happened…
01:24 There’s many questions for this
01:37 How do I found out if I’m affected?
01:51 How did this happen?
02:40 What should I do as an average user when installing from AUR?
03:05 What is a PKGBUILD?
03:34 Second answer for average users and the AUR
03:56 Arch Linux devs warning about the AUR
04:21 What is an AUR Helper?
04:43 Arch-based distros arguably make the access too easy
04:59 To clarify, in my opinion
05:25 Tips on how to review PKGBUILDs
06:22 Alternatives to the AUR
06:41 the only guarantee of life
06:57 My request to the "Arch btw" memers
07:30 "Just Works" Users
08:10 Do you like in-depth videos like this?
08:22 Two other questions
Anthropic released its newest AI model, Fable 5! A version of its strong internal model, Mythos, but built with serious safety guardrails to prevent misuse. #AI #Fable5 #Mythos #Anthropic #TechNews #AISafety #Cybersecurity #ArtificialIntelligence
Community & Events Social Coworking: SORTEE, Vale/Linting, Debugging in R – Join upcoming free coworking sessions to explore the SORTEE community, learn text linting with Vale, or sharpen your R debugging skills. Rencontres R 2026 – Nantes – The French R conference heads to Nantes in 2026; mark your calendar for this key open-source statistics … Read more
AI Accessibility: From Enterprise to Edge This week’s highlights reveal a dual trend: while enterprises like LSEG scale AI with OpenAI’s proprietary models, the open-source community champions small language models (SLMs) for low-resource environments. Aqsa Aqeel’s FOSSASIA talk underscores that not everyone has a GPU, making SLMs critical for digital inclusion. Meanwhile, OpenAI’s Fabian Ponce … Read more
What happens when one of the world’s leading financial markets infrastructure and data providers combines trusted market intelligence with AI?
In this customer story, LSEG shares how it’s using ChatGPT Enterprise and OpenAI APIs to accelerate insight generation, speed up product innovation, and help employees and customers make better decisions with confidence.
Hear from Emily Prince, Group Head of Enterprise AI, and Max Grigoryev, Group Director AI Products, as they discuss scaling AI responsibly, transforming workflows, and bringing trusted financial data into AI-powered experiences.
Transactional Cluster Metadata, TCM, provides a more explicit and more ordered metadata, replacing the older model of eventual consistency and the Gossip Protocol.
Subscribe now for more Cassandra 6 feature deep dives!
The future of AI isn’t just bigger models—it’s making AI accessible everywhere. In many parts of the world, unreliable internet and limited computing resources make cloud-based AI impractical. This talk explores how Small Language Models (SLMs) can bring powerful AI capabilities to low-connectivity and offline environments.
Learn how compact AI models can run locally on affordable hardware, deliver real-world value without constant internet access, and expand access to AI for underserved communities. We’ll discuss the lessons from projects like TinyStories, practical deployment strategies, and why offline-first AI may be critical for the next billion users.
Perfect for developers, AI practitioners, and open source enthusiasts interested in edge AI, local LLMs, digital inclusion, and building AI systems that work beyond the cloud.
FOSSASIA Summit 2026 held in Bangkok, is Asia’s leading Open Source tech conference featuring sessions on #AI, #Cloud, #DevOps, #Open Hardware, #Security, #Web #Mobile Technologies, #Web3, and #Databases. Learn more: http://summit.fossasia.org
Video by CNCF [Cloud Native Computing Foundation] via YouTube
How do you know when you’ve found your community?
CNCF Ambassador Cortney Nickerson shares what being selected as an ambassador meant to her: the pride, the validation, and the sense of responsibility to keep showing up and help others get involved in the things that matter to them.
Maxime Coquerel (Principal Cloud Security Architect at RBC) and Eddie Knight (Founder of Revanite) introduce the Common Cloud Controls (CCC) framework. They break down how global financial institutions are building an openly governed, cloud-agnostic taxonomy of capabilities, threats, and shared controls to eliminate multi-cloud security fragmentation.
🇬🇧 Join us in London! Catch the latest on Cloud Security and Compliance at OSFF London on June 25, 2026: https://hubs.ly/Q041YV9Z0 (Use Code: 26YTOSFFLN20C)
🕒 Timestamps:
0:00 Welcome and Disclaimers
0:30 Speaker Introductions: RBC & Revanite
1:13 Scope of Cloud Security Teams: Threats vs. Controls
1:55 The Jamara Project: Philosophy of Standardized Compliance
2:33 Layer 2 Activity: Accelerating Policy with Shared Controls
3:18 RBC’s Cloud Security Framework: Step-by-Step Architecture Vetting
4:06 Multi-Cloud Drift: The Challenge of AWS Config vs. Azure Policy
6:18 The Role of CCC: A Level, Agnostic Control Catalog
7:06 Connecting CCC with Architecture Language Models (CALM)
7:46 The Authoring Process: Capabilities, Threats, and Vector Mapping
8:54 Visualizing the Catalog Taxonomy
9:46 Website Tooling and Live Evaluation Ecosystem
10:38 Component Breakdown: Generative AI, Object Storage, and Secret Management
11:23 Differentiating Agnostic Controls from Policy Implementations
12:10 Pre-written Compliance-to-Perform Terraform Modules
12:46 Third-Party Vendor Tooling Integration (Polar)
13:19 How to Start Your Journey with Common Cloud Controls
15:03 Contributing Organizations and Call for Feedback
15:35 Key Takeaway: Cross-Cloud Shared Language
16:50 Navigation of the Dev Website and Git Workflows
17:57 The CCC Open Governance Schema Architecture
18:16 Q&A: Reference Module Strategy and Regulatory Change Tracking
📊 The Problem: The Fragmented Multi-Cloud Policy Trap Operating in a multi-cloud financial environment forces security teams to write individual, specialized configurations for each provider (e.g., AWS Config vs. Azure Policy). This causes severe operational drift—where an identical security requirement (like forcing TLS encryption in transit) requires completely distinct implementation paths. Without a uniform baseline, structural security gaps emerge between clouds, and regulatory compliance validation becomes immensely tedious.
🏗️ The Solution: Standardized Agnostic Control Frameworks
The FINOS Common Cloud Controls (CCC) project provides a uniform translation layer across all environments:
* The Layer 2 Compliance Taxonomy: Standardizing cloud services into high-level, vendor-agnostic functional components (e.g., evaluating "Object Storage" as a generic standard rather than uniquely tracking AWS S3 or Azure Blob).
* Threat Matrix Mapping: Correlating native system capabilities directly to known cybersecurity attack vectors (such as MITRE) to proactively highlight cloud-agnostic vulnerabilities.
* Compliance-to-Perform Modules: Standardized, community-maintained Infrastructure-as-Code (Terraform) building blocks that are pre-certified as compliant out-of-the-box.
⚙️ Why This Matters for Financial Engineering
* Frictionless Mergers & Acquisitions: Utilizing a shared language ensures that if a financial institution acquires or merges with a company on a different cloud provider, risk postures can be validated instantly without refactoring the entire governance engine.
* Automated Enforcement Pipelines: Integrating CCC schemas with git-based engines (like Flux) guarantees that unvetted, non-compliant configurations are automatically blocked prior to deployment into production environments.
🌐 More about FINOS: https://www.finos.org/
📧 Join our newsletter: https://www.finos.org/sign-up
🎙️ Listen to our Open Source in Finance Podcast: https://www.youtube.com/@FINOS/podcasts
LinkedIn: https://www.linkedin.com/company/finosfoundation
Support us on Patreon and get an ad-free RSS feed with some early episodes. https://www.patreon.com/LateNightLinux
Having recently moved house, Gary wonders how to reconfigure his homelab and network setup. Plus Shane is fed up with GitHub’s outages and formulates a plan to move away… somewhere…
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
