> MakuluLinux is not just an OS with a backdoor. It's a delivery vehicle for a centralized AI-as-a-service platform.
But to the actual article point; it looks like this OS is designed to have these "integration features" that depend on a 3rd party connection. They could obviously be better - But the intent of them is very similar to how Android, Windows, or MacOS operate.
The only person in the world you know can have shame is yourself. As for anyone else, you can only assume they do not have it, or are trying to trick you to feel shame to take advantage of you.
If you want said articles to feel ashamed, then they'll have to stop getting upvoted on HN. Otherwise they are here to stay.
Was there any analysis on what the binaries do, because it could theoretically be a really badly implemented 'check for updates'.
Though I'm tempted to believe it is all part of a big scam :)
Browsing to their github is also interesting, no source anywhere, a few empty repos with a LICENSE.txt or README.md, but nothing of value.
Lots of cool stuff that I happily use, but the bar to installing something that gets to see my password (OS, terminal, input handler, etc) is very high.
Not a popular take, but I'd rather run something from Valve or Google for the same reason. I trust there to be more vetting if a corporation is putting its reputation on the product than a toy I found on GitHub.
It's a bit of a myth that open source leads to more eyes on the software. Most people just install it and trust that somebody else did the audit.
Something with a vibrant community of maintainers? Maybe.
Something that's too big to personally audit but too small for that community? I'll pass.
> D = G × S. If G ≠ 1, D = 0. No action is routed without verified authority. No exceptions.
W... what?
Beyond that, Gentoo, SuSE and a few others.
But generally, yes, be careful with what you install :)
But as a Gentoo / SuSE user, I'm also a little offended!
Why? Because the path to the desired result from a big-name distro is frequently non-intuitive, often to the point that the user may not even realize it's possible. When something doesn't work as expected, the response isn't "I need to figure out which packages to install and what config files to change," it's "oh I guess this distro isn't what I'm looking for".
I think it would do an immense amount of good if the big distros did more to address this. If they made it such that a fresh install could be made to fit any remotely common use case and hardware combination with no more than 1-3 clicks that would make tiny distros much less appealing.
A handful of distros have the right idea by offering an install ISO with preconfigured proprietary Nvidia drivers for example, but even that could be improved upon by just rolling some heuristics into the stock install ISO to figure out if the user needs Nvidia drivers or not.
People generally want something that works, without tinkering - particularly on an entertainement device. I'll happily let Valve etc. pick the kernel and driver versions, set up the compositors, make the controllers work, etc.
My NixOS install is immutable, so I can trivially roll back any changes to my system/software/configs.
It has a lockfile so the versions of all of my software do not change _at all_ unless I tell it to. That lockfile doesn't just extend to the software I have installed but all the software that is used to build the software on my machine, so I can perfectly reproduce the same system with the same version of software compiled by the same exact versions of the compilers.
On NixOS you can trivially have many versions of any software or library installed on your system and use them all (for example, foo can depend on python 3.7.2, bar can depend on python 2.7.1, and baz can depend on python 3.14. They can all happily live on my machine. You can even have multiple copies of the same version of python but compiled with different flags if you want. On arch linux your only option for python right now is 3.14.2.)
On NixOS I can trivially run 1 command and generate a bootable ISO that has exactly the same software and configs that I have installed on my computer. This has been rather nice for repair/debugging USBs and for running virtual machines off the ISOs.
You're also missing:
- Gentoo (not based on any of the distros you listed)
- Chimera Linux which brings in the FreeBSD userland, musl libc, and Dinit
- Suse Linux (a pop music video cover band that also made some Linux distros. They were pretty big in the live kernel patching ("Don't reboot it just patch!"). Not based on any of the distros you listed)Apart from NixOS, Guix, Alpine , Void, SuSE, Gentoo, Slackware, PCLinuxOS, GoboLinux.....
> essentially just a package set + some wallpapers.
Not Ubuntu with a different support cycle, Mint and PopOS with their own DEs, Arch derivatives that are easier to install, Elemantary with a DE and apps, Devuan with multiple init systems, ......
Fedora is the bleeding edge not recommended for anything other than testing and is of corporate RedHat Enterprise Linux and RedHat are now owned by IBM and Arch is Gentoo's jealous cousin.
It's why I use FreeBSD and keeping close tabs on Haiku.
mrbluecoat•1h ago
AI pentesters and fuzzers will soon be the norm. And that's a good thing.
pixl97•1h ago
AI is seemingly really good here on that. Be interested to watch how it performs on the more weird and uncommon security cases.