Namib Linux is new and uses manjaro tools


#17

Thank you for bringing this to my attention. I’m the author of the article and I’ve contacted my editor at Linux.com to find out what she wants to do with this piece.

This issue brings up something that hits very close to home for me. As I review a LOT of Linux distributions, I have to wonder if something like this is going to become more prevalent. If that’s the case, what do we do? Are there specific tools people like me (tech writers…not developers) can use to ensure a distribution is safe from such malicious behaviors?

Thank you again for bringing this to my attention. And than you for any input you might have.

Have a wonderful day.

Jack


#18

it’s also on the waiting list for distrowatch


#19

I’m going to be doing a piece about this in the next couple of days. Does anyone have any hard proof that Namib Linux is using the distro for crypto mining? If you do have proof, can you show it in this thread please?

Thank yo so much.

Jack


#20

The evidence is on their forum. There is as-of-yet no proof of them using it in the installed system.

Instead of using ads, I am having you mine for crypto currency to support this site


#21

Someone who does that can’t be trusted not to fiddle in other ways with the code. Highly dodgy.


#22

We are NOT part of this. This was done with some stupid sed-magic. That’s why I marked it as “quality code:wink:

At least the forum uses crypto mining. However they use the same wording as we used for our preview homepage on security, which you had reflected in your review. Do you see any difference? original - copy


#23

the Colors and Icons are differents. :wink:
and the about page is also the same.


#24

I’d like to think it’s naïve rather than dodgy. For example, all of their domain and email addresses are pointing to namib.org which is (as of writing) a SEDO parking page. It’s more like someone has decided to try running their own distro but haven’t quite understood everything that’s involved with it.


#25

Quality journalists try to contact the people or organisations they mention in their articles. This is sometimes too difficult for review writers. Often a notice is enough to get some serious and relevant comments.


#26

Crypto-mining in the web page isn’t the same as crypto-mining from the distro. Someone should install and test this thing. That’s the only way you’re gonna find out. There are plenty of tools to watch both CPU usage, processes and the network stack.


#27

Well, I can see this as using their forum for crypto mining. Arch based distros are rising in popularity, specifically Manjaro. By mimicking the most popular distro, and building a community around it, using it to crypto mine from the forum, you actually have an indirect crypto-mining project. They don’t need to do it from the distro itself. So, irrespectively from the legal issues surrounding the way they built the distro (which I don’t know anything about), this crypto thing on the their forum should be made very clear on any article about this distro.


#28

I also recommend to give the developer a chance to correct the source code, correct the credits and give a statement on his own, on why he approached it as given.


#29

Has anybody reached out to them yet (maybe referencing this thread) and asked for comments?


#30

Wait. Is there proof they are mining from within the distro itself? That’s important to know. From my perspective, that changes the narrative.


#31

Good question, I don’t think so. To be fair, they clearly state that they use mining on their forum website, so it’s not completely hidden from the potential user.

To find out whether the distro itself contains mining services, one of us would just have to install their distro (maybe in a virtual machine) and check what it does.


#32

No, there’s no proof. My reasoning comes from your question above:

and then @cscs replied:

I misread this reply and took it as if @cscs was pointing their forum as a proof for the distro crypto-mining (sorry for the misunderstanding).

Then I thought about it again and, after all, they don’t need to crypto mine from the distro because they can do it through the community, from the forum. In the end this doesn’t make it less of a crypto-mining project, though it would be much worse to mine from the distro itself.


#33

I’m going with the naive option too. I would urge @jlwallen to follow @philm’s advice to try to contact the people behind the Namib project and ask for their take.


#34

I think this is actually what we all hope. More a bit uncouth than nefarious.
Though, it still feels a bit icky that they even nabbed the working model for the new website etc. And nowhere mention that they have somewhat haphazardly copied poor implementations of manjaro tools (or the other things).


#35

:slightly_smiling_face: Nicely stated, @cscs!


#36

'LLo,

Yep, manjaro-tools are too powerfull, you could forker a manjaro (if verified) & if you’re not really respectful of upstream work, just called it Namib !
But, what repositories does it use ?