That's because you're not supposed to open reddit links anymore, you can just share your content directly with AI companies and ad brokers and cut out the middleman.

I'm a grovelling Linux fiend and usually support related posts. I tried to visit the url and saw it was blocked. Didn't want the post to die so archived it asap.

Note too, that NextDNS blocks archive.is et al by default unless you manually add redirects.

Whatta world

For the moment "yesterday for old reddit" on firefox android works quite well.

Try pressing on the original link and opening it in another tab, that usually bypasses opening the app for me.

My solution is just to uninstall the app

On iOS Safari, long-press the link and select Open (or Open in Background). That will open the link in the browser instead of in the app, and Safari will remember that preference for the app. Select Open in Reddit to revert.

Also, don’t install the app? Use Sink It instead: https://gosinkit.com/

Yes indeed. Qubes has a good article on verifying distribution images not only with checksums but also with cryptographic signatures that verify the checksum files [1].

[1] https://doc.qubes-os.org/en/latest/project-security/verifyin...

Check a history on archive.org and validate the checksum wasnt changed to be the potentially malicious iso?

Its not perfect... but its better than nothing.

Mistakes were made!

But state level actors could target you, so you should immediately abandon any hope of privacy, disable your ad blockers, stop using Signal, install Windows 11, cease any complaints about the government, and eat the bugs.

That is the insidious question - how many parallel efforts were/are in play when xz was going down? Surely that was not the only long term play to compromise an "unrelated" component of system security. The Jia Tan organization might have already inserted back doors into dozens of different projects by now.

Sticking-your-head-in-the-sand-ism isn't helpful either.

But nobody wants to talk about true security. For example, why does a Python module that renders progress bars (for example) need my full trust about what it does to the rest of my system? Etc.

Look at all the mainstream scanners that failed to detect it!

Good Point. The checksums posted on Xubuntu.org could also compromised.

I downloaded the checksums and the ISO image from the Xubuntu website: https://mirror.us.leaseweb.net/ubuntu-cdimage/xubuntu/releas...

This url is on the main Xubuntu website, under "Xubuntu 24.04": click "Release page," then select United States. From there, you download the following files: SHA256SUMS, SHA256SUMS.gpg, xubuntu-24.04.3-desktop-amd64.iso

The output of the other checksum commands is shown here:

[user@host]$ gpg --keyid-format long --verify SHA256SUMS.gpg SHA256SUMS

gpg: Signature made Thu 07 Aug 2025 06:05:22 AM CDT

gpg: using RSA key 843938DF228D22F7B3742BC0D94AA3F0EFE21092

gpg: Can't check signature: No public key

[user@host]$ sha256sum --check SHA256SUMS

xubuntu-24.04.3-desktop-amd64.iso: OK

(output omitted for results of Xubuntu minimal version, which was not downloaded)

The checksum is a cryptographic hash generated from the ISO file's contents. While the checksum for a specific, unchanged ISO file is fixed, the checksum that is published on a website could be deliberately altered by an attacker to hide a modified, malicious ISO.

According to the SHA256SUMS from Canonical's official download page at https://cdimage.ubuntu.com/xubuntu/releases/24.04.3/release/ that is the correct checksum.