Iirc it was to force the extra step necessary for the user to acknowledge that the AUR can bootstrap malware if used blindly.
This seems to be a relatively consistent discussion surrounding AUR helper development; for example, adding UX to incentivise users to read PKGBUILDs, lest the AUR becomes an attractive vector for skids.
No one wants the AUR to become NPM, and the thing that will incentivise that is uneducated users. Having the small barrier of not having helpers in the main repos is an effective way of accomplishing that.
Regarding why Arch doesn't "invest" in a graphical installer, it's worth mentioning that Arch's installation image has a different design philosophy than most installation media.
The image is a fully functional arch environment that copies the entirety of its contents to RAM on boot, giving you special installation opportunities such as the ability to install Arch to the same flash drive that booted the installer. Having no graphical dependencies lets this image remain small enough to pull this off, as well as allowing for fully remote installations over SSH out of the box, since archinstall is a TUI.
I don't believe there are any serious technical obstacles to providing a graphical installer in something like an initramfs environment. Many distros do provide graphical installation mechanisms using PXE, which loads the kernel and installer-initramfs over the network (and is similar in the sense that it won't touch local storage unless you tell it to)
I don't have a way to quickly around to check, but I thought the arch install media used squashfs? In which case I wouldn't have thought it was safe to blow away the backing store.
Bitwig was developed by ex-Ableton devs, and the layout is incredibly similar. It's a very easy transition compared to coming from a DAW like FL or Logic.
It's also a really attractive offering once you hear about it. It's intuitive, cross-platform, half the price of Ableton for a 3-device lifetime license without geofencing, and the software contains a modular software synth atop which most of the preset instruments are built that is so versatile that its value alone exceeds the price tag of the entire daw.
Big fan. Share your thoughts if you give it a whirl.
I came in here looking for this thread specifically (I can't imagine moving off of Ableton). Thanks for taking a sec to write this up! I might give it a try, just for the synth alone.
My problem (having moved Win to Lin, Ableton to Bitwig too) is with sound. Latency is one and bad. Getting any sound at all on Bluetooth is also hard, where the latency is even worse. Wish there was a simple "apt install make-audio-work-well-for-daw" I could run on my KDE Ubuntu 24.04...
Hmm. I'm on a stock Arch install and had no latency or quality issues to speak of. Bluetooth works out of the box using `bluez` and `blueman`, though Bluetooth is still Bluetooth, with inherent latency. Some headphones have low-latency modes that can be activated in their respective apps at the expense of ANC/battery life, maybe that'll help?
The apt command you're looking for may be the audio backend, though. `apt install pipewire wireplumber -y`. Won't break your existing pulseaudio setup, but will allow low-latency operations. (I think--I avoid the dumpster fire that is Ubuntu like the plague, so ymmv)
People don't flag comments because of tone, they flag (and downvote) comments that violate the HN guidelines (https://news.ycombinator.com/newsguidelines.html). I skimmed your comment history and a ton of your recent comments violate a number of these guidelines.
Follow them and you should be able to comment without further issue. Hope this helps.
Signal is centralized, hosted on AWS, and through a mixture of legal procedures codified by US law and their bundled gag orders (PR/TT order, SCA warrant, FISA 702, and usage of NSLs) that can be extended for significant lengths of time and, occasionally, in de facto perpetuity, all metadata (who is talking to who, when, from where) can be monitored in real-time without Signal ever being informed. Combined with existing legal procedures for telecoms and VOIP providers for real-time + retrospective location tracking by phone number/associated IMEI/IP address by way of tower connectivity (this framework is required by law [specifically, CALEA] to be implemented by default for all users, not after the fact nor on-request), that's enough data to escalate to standard law enforcement procedures if an incriminating link is found, whereby the phone's internal message history can be dumped either through private (ex.: Cellebrite) or functionally coercive legal means (refusing to decrypt data can get you jail time if you are the subject of an investigation, and deletion of data such as via duress pins etc can get you a destruction of evidence charge), at which point all of your messages can be dumped.
And this all ignores the fact that firmware for basebands and cryptoprocessors (and most other hardware components in all devices) is closed-source, proprietary code, and that Signal piggybacks off of device encryption for at-rest message data instead of reimplementing it in userland. (This feature used to exist and was removed, but can be re-added through the Molly fork.)
I've also known protesters who have also had Signal geoblocked at the site of a protest the moment it was slated to start, forcing members of said protest to fall back to unencrypted methods at crucial times. Being centralized and using US-based cloud infra does a lot to compromise anonymity and security, even if message content isn't immediately readable.
Luckily, Signal is not vulnerable to push notification interception, but if you want a great real-world example of how gag-ordered dragnet metadata surveillance visible to both domestic and foreign governments (by way of international intelligence agreements) can look for massive corporations rendered helpless by this legal framework, that's a great case study to look into. https://www.reuters.com/technology/cybersecurity/governments...
Throwing out the accusation of apps being "backdoored" just obscures the real, de facto "backdoors" that are US law.
:)
reply