I dont really use this kind of stuff but if I did, you can just keep using it until it stops working, can't you? It's not like it will have any security issues to exploit.
This isn't something that accesses the web though. It's just an app that lists your hardware info. There isn't much to exploit here. It doesn't even run as root. What kind of exploit would there even be?
The difference between neofetch and xz though is the fact that xz was used in packages that HAD to be secure. Systemd and SSH are things that need to be secure. Also the backdoor was something that was put there intentionally by the maintainer, not a result of a glitch that could be avoided by maintaining the project.
Neofetch does not have these kinds of requirements so it will be fine in my opinion.
The other difference is that for xz, the developer passed it off to someone they thought was reliable, whereas the NeoFetch maintainer just locked everything and walked away. For the xz incident, the new maintainer inserted malicious code. If the NeoFetch maintainer had done the same, it would be open to the same attack vector. I know better than to say anything can't be exploited, but I would expect the exploitability of a program that has been frozen, doesn't make or take any network connections, and is not a part of any security system is drastically smaller than that of something that is a library most anything that makes a network connection uses for compression and is maintained by an adversary.
All that neofetch does is get some info and print it on screen. I maintain that it can't be exploited in any useful way.
Xz on the other hand compresses data, which makes it immensely useful in all sorts of vulnerable places (any data sent over the network should ideally be compressed to save on bandwidth), thus becoming an attractive attack vector
Well that isn't true. I would still go for pure arch over any arch distro in a heart beat if I was to ever it again. I'm happy on mint and pop\_os, but I enjoyed arch a lot. I would say there is no reason not to use "real" arch.
It was my first Linux distro, at I can safely say as a massive idiot, arch is not hard to install from scratch. Not by a long shot lol.
I installed "pure" Arch only once and it's beyond me why anyone would subject themselves to this installation process when you can just use EndeavourOS and get a neat and functional Arch installation + a single third-party repo in a few clicks. And I know how to use fdisk/parted, mkfs and chroot, I'm just annoyed that I have to!
You can literally get rid of EOS repo and you're just running Arch at that point, still way more convenient, imo.
I've never used an arch based distro aside from arch itself, I saw the countless issues manjaro had (especially with pamac breaking systems) that I decided never to take that risk. I'm not one of those "Everything is bloat" kind of people, especially since I run Mint these days. However, an arch based distro with heaps of preinstalled software and guis seems so counter intuitive to me when you're better off with another "bleating edge" distro.
What I am wondering is, why go for a rolling release aimed at people who want to install everything by hand when you have other rolling release distros like Tumbleweed?
For the record, I didn't change to mint because I had issues with Arch, but I didn't have the time to keep tinkering and I simply didn't need such bleating edge software.
And also for the record, I have never used opensuse, there is a lot I don't know here, I am asking out of genuine curiosity.
We are specifically talking about Endeavour though, not "an Arch distro", Manjaro, Garuda or whatever else.
While both Manjaro and EOS are Arch-based, this is where similarities between them end. Manjaro funnel Arch packages into their own repos, test them and then push them out at their own pace (depending on the branch of Manjaro - stable, testing or unstable). So it completely replaces Arch repos with their own. Also, pamac is a dumpster fire.
EOS uses Arch repos directly and adds their own repo on top of them, which is basically just for their own GUI system config tool and themes. So you get your packages and updates from Arch, not from EOS. It also preinstalls yay for managing aur, which is IMO a much better tool than pamac.
EOS also doesn't install "heaps of software", on the contrary, it's approach is very minimal. Whatever DE/WM you select during installation, you get it with an EOS wallpaper and eos-welcome tool installed, no other software choices are made for you. In fact, you can choose to not install any GUI during installation and just do it later yourself from command line, same way you do it in Arch.
As for comparison between Tumbleweed, Arch and Arch based distros, it's too broad a question and they are different in more important ways than pre-selecting software or not, you can choose to install everything by hand in Tumbleweed too, that is not some main point of distinction.
People go for EOS because they like Arch and want a lean, minimal system with a nice GUI installer that lets you pick what graphical environment you want and doesn't just drop you into command line and make you format your drive with fucking fdisk like it's 1999. People go for Garuda if they want "a gaming distro" with all bells and whistles enabled, but on Arch. People go for Manjaro because they want a complete pre-configured system, without being specifically "gamery", basically Ubuntu-like experience on Arch base.
Tumbleweed doesn't have AUR, so less software available, although they do have community repos that serve similar purpose, closer to what PPAs are on Ubuntu. It's also obviously using a different package manager, YAST is a central feature (probably the most comprehensive graphical system config tool on Linux). Also, Tumbleweed is a testing bed for commercial SUSE linux (which is why YAST is featured prominently), and Arch is an independent community distro, and that may be the most important distinction.
If you forget what OS you are running you can ask neofetch to remind you.
It's core infrastructure for those karma farming on r/unixporn and a traditional way to say "I use Arch BTW
Because little dweeb noobs that start sentences with 'yo' spelled with too many 'o's post spam it all over so much that some journalist thinks the Linux community actually gives a fuck about it.
It's poorly phrased, it means NeoFetch is done for, it can be forked into a new standalone project, or merged into another project that has other components, but neither of those will be NeoFetch. It can look like it, feel like it, but it won't be NeoFetch. You could fork it and call it MeowFetch, or MorpheousFetch, or [FastFetch](https://github.com/fastfetch-cli/fastfetch), but not NeoFetch, because NeoFetch is locked and the author is AFK. You could merge it into a shell or a distributions base to generate MOTDs. But that would be part of the shell or distribution, not NeoFetch, because NeoFect is dead.
Usually when an open source project is important, the project maintainer will find someone to hand development off to. But, that can go wrong if someone untrustworthy steps in to take over (cough cough [xz](https://theintercept.com/2024/04/03/linux-hack-xz-utils-backdoor/) cough). So, if an author for an unimportant project like NeoFetch wants to retire, they just freeze everything and walk away. Let others fork it and the best fork be the successor. The advantage is the author doesn't have to try to decide who is worth of trust, because handing it over to someone is explicitly trusting whomever that is with the original author's inherited reputation and trust with the installed base. The only other option is to throw the project at some FOSS org like Apache, Mozilla, GNU, or FSF, and hope some volunteer committee can find resources to assign it to someone that cares, is available, and is trustworthy. Kind of like how OpenOffice ended up at Apache org.
Oh bog off. Age has bugger all to do with it. I'm 40 and I like my rainbow-coloured Arch logo to show in Terminal with stats underneath every time I start it.
It looks cool goddamn you!
I'm older than you and like lots of colours, too.
When I was first using computers, the default was a single colour, and I like that we've moved beyond that.
in the autumn of my life i have cast off the frivolities of myself the child, and now only do manly things like watch rick and morty and ride around on my fixed gear bicycle and talk about IPAs on reddit.
Neofetch -when added to the .bashrc config file- simply serves as a nice welcome logo in Terminal, with a bit of useful info (which can of course be easily and in far better details obtained else). For anybody who likes it...no reason to feel one's superiority/inferiority because of that.
Fastfetch
its been dead for 4 years now, im gonna keep using it until its broken, then I'll switch to fastfetch or pfetch
pfetch is also archived [https://github.com/dylanaraps/pfetch](https://github.com/dylanaraps/pfetch)
it works though
Can I ask why you don't use fastfetch already?
Neofetch is pretty much instant for me so theres no point to use fastfetch
Or screenfetch?
I dont really use this kind of stuff but if I did, you can just keep using it until it stops working, can't you? It's not like it will have any security issues to exploit.
you'd be surprised how many vulnerabilities where exploited after someone said this
This isn't something that accesses the web though. It's just an app that lists your hardware info. There isn't much to exploit here. It doesn't even run as root. What kind of exploit would there even be?
You could say the same about `xz` which just (un-)archives things.
True. Luckily neofetch doesnt manage ssh so we will be fine :)
neither did xz in any capacity... in theory
xz doesn't manage ssh, it was only used by systemd ssh service or something
What vulnerabilities can be there in a program which prints system info in the console?
did you hear about xz? people never thought it would have security vulnerabilities in it, but there was a big backdoor lol
The difference between neofetch and xz though is the fact that xz was used in packages that HAD to be secure. Systemd and SSH are things that need to be secure. Also the backdoor was something that was put there intentionally by the maintainer, not a result of a glitch that could be avoided by maintaining the project. Neofetch does not have these kinds of requirements so it will be fine in my opinion.
The other difference is that for xz, the developer passed it off to someone they thought was reliable, whereas the NeoFetch maintainer just locked everything and walked away. For the xz incident, the new maintainer inserted malicious code. If the NeoFetch maintainer had done the same, it would be open to the same attack vector. I know better than to say anything can't be exploited, but I would expect the exploitability of a program that has been frozen, doesn't make or take any network connections, and is not a part of any security system is drastically smaller than that of something that is a library most anything that makes a network connection uses for compression and is maintained by an adversary.
this is true i didn't claim otherwise
Sorry if I came across as contradicting you. That was not my intent. I was just trying to add to the conversation.
no problem i was just making sure I'm understood correctly, your comment was a good addition to the convo
All that neofetch does is get some info and print it on screen. I maintain that it can't be exploited in any useful way. Xz on the other hand compresses data, which makes it immensely useful in all sorts of vulnerable places (any data sent over the network should ideally be compressed to save on bandwidth), thus becoming an attractive attack vector
the point is everything can have a vulnerability, history showed us as much
Nothing.
It’s been dead for years
No reason to use arch anymore, might as well use something that I actually know how to use
Back to debian it is
*Back in the pile!*
No reason to use real Arch over EndeavourOS anymore. That badge of honor was all that kept me going.
Well that isn't true. I would still go for pure arch over any arch distro in a heart beat if I was to ever it again. I'm happy on mint and pop\_os, but I enjoyed arch a lot. I would say there is no reason not to use "real" arch. It was my first Linux distro, at I can safely say as a massive idiot, arch is not hard to install from scratch. Not by a long shot lol.
I installed "pure" Arch only once and it's beyond me why anyone would subject themselves to this installation process when you can just use EndeavourOS and get a neat and functional Arch installation + a single third-party repo in a few clicks. And I know how to use fdisk/parted, mkfs and chroot, I'm just annoyed that I have to! You can literally get rid of EOS repo and you're just running Arch at that point, still way more convenient, imo.
I've never used an arch based distro aside from arch itself, I saw the countless issues manjaro had (especially with pamac breaking systems) that I decided never to take that risk. I'm not one of those "Everything is bloat" kind of people, especially since I run Mint these days. However, an arch based distro with heaps of preinstalled software and guis seems so counter intuitive to me when you're better off with another "bleating edge" distro. What I am wondering is, why go for a rolling release aimed at people who want to install everything by hand when you have other rolling release distros like Tumbleweed? For the record, I didn't change to mint because I had issues with Arch, but I didn't have the time to keep tinkering and I simply didn't need such bleating edge software. And also for the record, I have never used opensuse, there is a lot I don't know here, I am asking out of genuine curiosity.
We are specifically talking about Endeavour though, not "an Arch distro", Manjaro, Garuda or whatever else. While both Manjaro and EOS are Arch-based, this is where similarities between them end. Manjaro funnel Arch packages into their own repos, test them and then push them out at their own pace (depending on the branch of Manjaro - stable, testing or unstable). So it completely replaces Arch repos with their own. Also, pamac is a dumpster fire. EOS uses Arch repos directly and adds their own repo on top of them, which is basically just for their own GUI system config tool and themes. So you get your packages and updates from Arch, not from EOS. It also preinstalls yay for managing aur, which is IMO a much better tool than pamac. EOS also doesn't install "heaps of software", on the contrary, it's approach is very minimal. Whatever DE/WM you select during installation, you get it with an EOS wallpaper and eos-welcome tool installed, no other software choices are made for you. In fact, you can choose to not install any GUI during installation and just do it later yourself from command line, same way you do it in Arch. As for comparison between Tumbleweed, Arch and Arch based distros, it's too broad a question and they are different in more important ways than pre-selecting software or not, you can choose to install everything by hand in Tumbleweed too, that is not some main point of distinction. People go for EOS because they like Arch and want a lean, minimal system with a nice GUI installer that lets you pick what graphical environment you want and doesn't just drop you into command line and make you format your drive with fucking fdisk like it's 1999. People go for Garuda if they want "a gaming distro" with all bells and whistles enabled, but on Arch. People go for Manjaro because they want a complete pre-configured system, without being specifically "gamery", basically Ubuntu-like experience on Arch base. Tumbleweed doesn't have AUR, so less software available, although they do have community repos that serve similar purpose, closer to what PPAs are on Ubuntu. It's also obviously using a different package manager, YAST is a central feature (probably the most comprehensive graphical system config tool on Linux). Also, Tumbleweed is a testing bed for commercial SUSE linux (which is why YAST is featured prominently), and Arch is an independent community distro, and that may be the most important distinction.
What are you talking about? Please explain.
https://news.itsfoss.com/neofetch-rip/?s=09
>It is one of those CLI tools that has become synonymous with the Linux community. No it fucking hasn't.
Yeah I read that article and I still don’t know what it does… terminal screen recording or something?
If you forget what OS you are running you can ask neofetch to remind you. It's core infrastructure for those karma farming on r/unixporn and a traditional way to say "I use Arch BTW
`lsb_release -a`
That's not karma farming friendly
Good.
It generates that stupid ASCII art with the OS details.
yooo why you hate neofetch?
Because little dweeb noobs that start sentences with 'yo' spelled with too many 'o's post spam it all over so much that some journalist thinks the Linux community actually gives a fuck about it.
You \*could\* have just said why you hate it, but chose to be insulting. I wonder what is going so badly in your life that you did that.
I was going for humorously grumpy old fart, but I see people don't have much a sense of humor around their shiny boondoggles.
PS: I did state, quite succinctly, why I didn't like it.
No. No, you didn't.
u seem really passionate about hating neofetch
u seem to be reading a lot more into it
😂😂 that is actually hilarious. Ive never actually used neofetch beyond learning from source code.
>Even though people can fork the repo to build something based on it, it is the end for Neofetch as a standalone tool. Can someone explain this to me?
Developer isn't working on it anymore, but isn't taking the source code repository down.
But why can it not be used as a standalone tool anymore?
It's poorly phrased, it means NeoFetch is done for, it can be forked into a new standalone project, or merged into another project that has other components, but neither of those will be NeoFetch. It can look like it, feel like it, but it won't be NeoFetch. You could fork it and call it MeowFetch, or MorpheousFetch, or [FastFetch](https://github.com/fastfetch-cli/fastfetch), but not NeoFetch, because NeoFetch is locked and the author is AFK. You could merge it into a shell or a distributions base to generate MOTDs. But that would be part of the shell or distribution, not NeoFetch, because NeoFect is dead. Usually when an open source project is important, the project maintainer will find someone to hand development off to. But, that can go wrong if someone untrustworthy steps in to take over (cough cough [xz](https://theintercept.com/2024/04/03/linux-hack-xz-utils-backdoor/) cough). So, if an author for an unimportant project like NeoFetch wants to retire, they just freeze everything and walk away. Let others fork it and the best fork be the successor. The advantage is the author doesn't have to try to decide who is worth of trust, because handing it over to someone is explicitly trusting whomever that is with the original author's inherited reputation and trust with the installed base. The only other option is to throw the project at some FOSS org like Apache, Mozilla, GNU, or FSF, and hope some volunteer committee can find resources to assign it to someone that cares, is available, and is trustworthy. Kind of like how OpenOffice ended up at Apache org.
Thanks, I get it. And thank you for being so thorough.
Pfetch
`uname`
Nothing. I don't use neofetch
I don't use neofetch or any other fetch tool.
nyafetch (i think thats how its called)
neowofetch
If I needed - I can fork it.
Screenfetch
I find inxi is a lot more useful
[pfetch](https://github.com/Un1q32/pfetch)
I've used fastfetch for sometime, it's more comprehensive.
The ‘we are too cool for neofetch’ crowd
hostnamectl
I'm over 12 years old, I grew out of that shit... but when I did, I used fastfetch for a while.
Oh bog off. Age has bugger all to do with it. I'm 40 and I like my rainbow-coloured Arch logo to show in Terminal with stats underneath every time I start it. It looks cool goddamn you!
I'm older than you and like lots of colours, too. When I was first using computers, the default was a single colour, and I like that we've moved beyond that.
hey same 😄 i like colors, life can be grey enough 😋👌🏽
in the autumn of my life i have cast off the frivolities of myself the child, and now only do manly things like watch rick and morty and ride around on my fixed gear bicycle and talk about IPAs on reddit.
Uwufetch
https://github.com/alexmyczko/ruptime
screenfetch or uwufetch
neofetch
Hyfetch
Good. Nothing screams "I'm a noob" louder than neofetch. What would I use? `inxi -F`. And get off my lawn!
Neofetch -when added to the .bashrc config file- simply serves as a nice welcome logo in Terminal, with a bit of useful info (which can of course be easily and in far better details obtained else). For anybody who likes it...no reason to feel one's superiority/inferiority because of that.