I always check with my contract lawyer before installing or updating from the AUR. It’s worth it for me.

I miss the browser, but luckily I haven’t played RS since the new CEO cancelled new Pride Events right after the Trump Admin was reelected.

Yeah, it seems like these sort of problems aren’t necesarily due to an insecure system like the AUR but moreso because of the target’s publicity and popularity which is definitely the case with the rise of CachyOS.

A long time ago I lived in Denver but right now I live between Nowhere and Limbo and the closest UNI doesn’t offer a comp sci degree or such.

I’m not real clear on if this is the case but you could try:

1. Have you installed or updated from the AUR before, such as with Yay? Specifically after June 5th? If so, check this list or the post above for a list of compromised packages. https://gr.ht/aur_pkg_list.txt

2. Maybe pacman -Q | grep atomic-lockfile because that appears to be what the threat actor is installing but I’m not really sure if that’s how it works…?

EDIT: If you really want to play it safe then you could try yay -R $(pacman -Qmq) to remove every aur package and wait out the storm, just be careful to backup important files.

I tend to be a little antsy around anti-capitalists. Too many bad run-ins with Tankies.

LINK 1 Analysis of Github Repos

LINK 2 Veracode’s report on generative AI code from a hundred different models.

LINK 3 Ox Security report on 2025’s record high number of CVE, and critical issues per organization increased by about about 4x.

LINK 4 “We have a package for you!” study shows 1 in 5 AI code generations include a package dependency which does not exist which is in itself a huge security risk.

When I made my post I requested flat rate estimates, so I’m not sure. The largest difference in price points doesn’t seem to be qualifications, almost random actually. Users with higher estimates seem to have questions about the hardware, though.

I have never seen any statistic that Sloppers write as good code as normal human beings. Quite the opposite, in fact, studies have shown AI Slop has singlehandedly created more vulnerabilities total than any other changes in tech or software. We’re talking multitudes uptick in errors.

It not only doesn’t make sense at large scale, but it also doesn’t even make sense anecdotally. You’re telling me a guy or gal who autogenerates code using a flawed statistical model which is famous for its absurd hallucinations, inability to count, violent amorality, and complete lack of puzzle solving capability can somehow be as good as a professional human being? I don’t buy it. I don’t support people who do buy it. I hate them, in fact, if only for the massive costs on consumers and the environment resulting from the training and operating of these bullshit generators.

Nah, I’ll sit idle and fucking die before I use it. Never shall I ever hire a soul who has drunk from the well that is AI for anything requiring thinking. I’ve declined 9 proposals for simply saying “AI is a tool with specific uses” lmfao nope.

You have to understand, here, I’m placing myself and my team’s jobs and aspirations in the hands of a developer, if they failed to deliver competent well made product then it uses our limited resources up and leaves us with nothing. I have to set bare minimum standards.

Are you one of the malicious actors? Thats some shit I’d expect to hear from the people doing this, trying to justify the attack by blaming the users for “capitalism”.

EDIT: No, sorry, alvr was just one package, there is no specific source for the infection just one or many malicious users: https://gr.ht/aur_pkg_list.txt

Users can check if they’re already compromised with pacman -Q | grep alvr I think maybe? EDIT: No, sorry, alvr was just one of countless affected packages. Also, several is an understatement since a huge number of packages are affected.

Post with more information here: https://lists.archlinux.org/archives/list/aur-general@lists.archlinux.org/thread/FGXPCB3ZVCJIV7FX323SBAX2JHYB7ZS4/

Sure you can, you just gotta wait for it to be orphaned and then you can do unimaginably horrible things with it. Of course, that doesn’t constitute legal ownership, but still.

Do you have any relevant experience or notable past projects? Are any past employers willing to vouch for you? Do you have a personal website and/or code repository such as github or Codeberg?

Versions and categories. Does a category mean a comic, and a version mean a language? Are files uploaded in bulk?

So, the comic is an anthology and there could be categories for each: writer / lead artist, available language, and storyline. For example, Chapter 1 on the site (or rather, Issue 1) is the first chapter in part of “The Tabula Sophonic” storyline, the lead artist is FiniteBanjo, and the available languages are English and German. Issue 2 is a standalone chapter for “Head of the Company”, lead artist is someone else, available languages are also English and German. This information should be visible to users browsing the archive and there should be a database table or perhaps a simple file storing this information about every chapter. Uploaded files are images named number 1 through X, generally uploaded in bulk and ideally should be stored in separate files.

Blog and news.

Blog doesn’t require images and includes long form posts from the team about whatever they feel like talking about. News entries require thumbnails and are short but important updates such as upcoming deadlines, schedule changes, collaborations, team members joining or leaving, licensing changes, etc.

Achievements.

Well, nothing really required, but I guess chapters owned, chapters read, time spent reading, comments made, upvotes on comments, Patron status, user found the hidden page, user tried to break the rules by accessing something they shouldn’t, etc.

Access control.

You understood it well. I could probably help out a little bit with the Parteon API if you have any trouble with the implementation, but I’ve confirmed the necessary capability is there: check patrons, check patron emails, send patron messages individually. This should hopefully be the only API we have to worry about on this project.

Appearance. Do you have mock-ups, particularly for the landing page and the about-us page?

Me and the team are mulling over our options currently, but it’s vitally important to get quotes now and begin the fundraising process with which to fund the development and the fulltime artwork in a few months time. While we certainly COULD proceed without that, it would put us at a pretty big personal risk.

We probably want a sort of modernist approach where light mode is clean white with black boxes and text, sharp edges, and dark mode would be a grey with white lettering and perhaps teal boxes. We do NOT want to sacrifice utility / usability for visuals. Some of the site will utilize a proprietary font that I own, but for the most part Atkinson Hyper-legible will be used.

Mobile and Firefox. I daily-drive Fennec on Android, Firefox on Windows and Falcon on Debian

While it’s not exactly as accurate, there is a firefox tool in the hamburger menu under more tools > Responsive Design mode that allows you to emulate various device ratios such as iPhone, Laptop, Tablet, Pixel, etc. so as far as visuals we should be good on compatibility. Would you be able to add a banner and notification if a user accesses the site from Chromium to tell them they’re in an unsupported browser?

I know that developers of many libraries and tools do allow AI contributions, for example it’s in Valibot and Vite, to which I don’t know good alternatives.

I’m okay with library dependencies using it, although I’d be willing to search for a better solution but I don’t think it’s really economically feasible at the moment to be limiting our options. I am really interested in Fresh from UseFresh.dev but idk anything about it aside from being similar to a React.js project that I’ve worked on in the past but I gave up on trying to build it myself after a while. EDIT: Fresh uses Vite as well.

My ballpark estimate is 120 hours for the initial release with the features you mentioned. Programming further updates to the website can be negotiated as needed. From what I found $58/hour

EDIT: Other quotes I’ve gotten are $5,000 / $14,000 / $15,000 / $38,000 so the $7,000 estimate actually seems really low by comparison. Clearly the amount of features I’ve requested are quite challenging.

Almost $7,000 then. Might be doable, we’ll keep this number in mind when we launch fundraising. We’ll probably have to put forward our own money to make it happen, most successful crowdfunding campaigns are less than $9,000 total and we’re already way over that amount with just the artist team’s wages for the first couple of chapters.

In case the website ever shuts down, can you then release the code with a free software license?

100% I’ll be sure to put that in writing when we decide on a contractor.

For further contact

You can reach me at finitebanjo@yahoo.com for now I’d appreciate you and other users from this post reach out to me there for future inquiries. If you need an encrypted communication app as a hard requirement then I can look into DeltaChat but I’ve never heard of it before today so I’m not really sure about it just yet.

I suppose I’m okay with almost anything as long as the site still works on Firefox for users with Javascript disabled? I am based in the USA, currently.

I am looking for quotes for an upcoming website that will host comics for a team of independent creators. The budget is very flexible but the higher the number goes: the less likely the project will happen at all. Please be honest and realistic and post what you think this job should be priced at. Work will begin after a successful fundraising campaign in 2 or 3 months, work is expected to conclude less than 12 months from project start.

While I have dabbled, I am not a seasoned expert so please inform me of any complicating factors in this listing, please be aware that I am reasonable and that changes to scope can be negotiated.

Needs:

1. Secure filesystem for images, form for administrators to upload chapters with an assigned version or category

2. Minimal Javascript requirements for users’ browser. Working navbar and footer with links

3. Fast-loading pages hosting the chapters, only rerender components/elements which change. Low overhead, minimal imports

4. Must work on mobile and desktop, primarily Firefox

5. No-AI. Human only work. You will be asked to sign a contract making you liable for the full cost of the work, damage to our brand reputation, and legal fees if AI output is without any reasonable doubt found in your submitted work. I do not engage in frivolous lawsuits, just please be mindful

6. User credential management including account creation, login, and product code input to gain access to specific chapters stored securely. Users without access to specific chapters should be unable to view them even if they access the correct url. Administrators should be able to generate unique access codes on demand

7. Maintainable by owners and future developers. Well documented notes on managing the filesystem and database would be very helpful

8. Email server with automated response capability

Wants but not Needs:

1. The following pages: front/landing page, about us page, news page, blog page, contact page.

2. Controls on the chapter page to render pages of chapter side-by-side or single wide (except for pages specifically marked as two-page illustrations on second thought this task could just be handled by the artists preparing the pages), and controls for a specific version (different languages)

3. Comment sections and different controls for administrators and moderators to remove comments and take away commenter privileges

4. User Profiles and achievements

5. Ability to frequently and automatically check a list of patrons on Patreon via API call, and automatically generate a user account with relevant access and temporary password, and send an email to that patron with the account info

What will NOT be expected or required:

You will not be expected to implement any sort of store or transaction. All hosting will be handled by the owners and administrators of the site.

Nah, while I understand the importance of Proton, I’ve also seen that Andy Yen dude be openly pro-Republican and supportive of Elon Musk, so I’ve got absolutely zero benefit of doubt to give them when controversies pop up and I absolutely understand that they have enemies.

EDIT: A quote comes to mind, “It takes years to build trust. Moments to lose it.”

They might eventually try to pressure Firefox as well, as google is actually the largest funding contributor to Firefox. I wonder what the Open Source license dictates with the GECKO engine that firefox maintains? Could somebody make a fork and profit off of it or would we be forced to a different browser framework entirely?

lol

lmao even