Skip to main content


[Question] Manjaro, out of curiosity question, does the image on boot has any security implication regarding logoFAIL?


Hi everyone :).

Just getting started with Manjaro as daily drive to get some easier arched based distro. Except for the LVM bug with calamares everything is pretty smooth :).

But at first boot, I saw they have added their personal Manjaro logo on boot and I directly though of the bug exploit logoFAIL I heard a few month ago and It made me curious if this is something that could be exploitable by Manjaro.

Probably not, this would harm their image and hard worked system, but I'm still curious... If someone smarter/more knowledgeable than me could chime in and give some valuable information on this topic regarding Manjaro, I would really appreciate it !

Thank you !

This entry was edited (9 months ago)
in reply to N0x0n

No. This gets painted on the framebuffer when the OS boots up, it's after firmware is done with it. It's barely any different than when full graphics mode load up.

LogoFAIL is based on replacing the BIOS logo with one that will trigger the exploit in firmware code, before the OS even starts.

in reply to N0x0n

Manjaro damaging it's image wouldn't be a new thing. That's mostly dust at this point. No though, as others have explained this isn't an issue, currently
This entry was edited (9 months ago)
in reply to sorrybookbroke

Manjaro damaging it’s image wouldn’t be a new thing.


Could you elaborate? :)

in reply to N0x0n

They've let their site certificates expire a few times and told their users to set their clocks back to get around the issueand they've accidentally ddosed the aur a couple of times with their package management tools.
in reply to MyNameIsRichard

"Just set your clock back"

My brother in Christ, you just need to renew the cert. If anything tell users to hit ignore.

(This is the though that went though my head when it happened)

in reply to N0x0n

This entry was edited (9 months ago)
in reply to sorrybookbroke

The ddos thing could happen from an actual attack. Arch should really look into building up better defenses against attack. It is dumb that it came from an actual distro but technically it could come from anywhere.
in reply to Possibly linux

No argument from me there, the aur is not very well made. On arch I do have some issues with how the aur is operated along with the behavior of arch maintainers. Not to the point I'd state using the distro is a bad choice though, as quite a few are minor, disagreements on tech philosophy, or currently being addressed.

My issue with manjaro is their continual incompetence while most of the time doing nothing to stop the issue from recurring. Most of the problems I have seen manjaro go through are repeated. They don't learn. Their issues aren't just structural but a culture the company holds onto.

This entry was edited (9 months ago)
in reply to sorrybookbroke

Thank you very much for your throughout and explanatory response !!!! ❤ I also read all the comments and I know what I will be doing !

While I did like the well build defaults, I didn't liked how they added their logo on boot up, even if it has nothing to do with logoFAIL exploit, It felt wrong (or does every distro does that?). Also the fact they added their own bookmarks in my freshly installed Firefox left me a bit skeptical... :/

There's probably nothing to be alarmed off but That doesn't feel right... If they do that, what else could they add hidden in the distro normal people can't see ?

If I may ask, do you have any good distro you would recommend? Something as bare bone as possible, as good as debian but a bit more up to date. I do not fear some tinkering with a new distro but Arch is a bit to much of a hassle right now... That's why I chose Manjaro.

My second pick was EndeavourOS as daily drive, but the community is small compared to manjaro and it's relatively new in the game. Any thoughts?

Thank you !!

in reply to N0x0n

This entry was edited (9 months ago)
in reply to N0x0n

There's a small but vocal minority that absolutely hates the idea of "Arch made easy". They think you should work hard to be worthy of using Arch. Manjaro is their anti-Christ. They show up in every conversation about Manjaro. I call them the "Manjaro sucks btw" people. 😆

They usually mention some irrelevant shit that happened years ago. Sometimes they can't be bothered to type it out and only link to a page that one of them put up. Or literally just say "Manjaro sucks". Sadly, the irony of being lazy when smearing a distro they consider lazy is lost on them.

in reply to lemmyvore

This entry was edited (9 months ago)
in reply to sorrybookbroke

And here's some of mine: lemmy.world/comment/10439242

I grow weary of Manjaro detractors because the malice is always there. You can't make up your mind whether you hate the developers or what they do. You hate episodes like the "AUR DDoS" without knowing all the facts, or considering how shitty AUR infrastructure is that if a pigeon landed on the roof it would go down, so in the same breath you condemn Manjaro for "AUR incompatibility" and for promoting AUR and for "DDoS"-ing it. I mean pick a lane.

But mostly it's just the hate that always seeps through that bothers me, not the content (which is the same inane stuff on manjarno over and over). What kind of person defines themselves by hate for something they don't even use? There's a million distros out there, there's something for everybody. You're not Inigo Montoya, get over it, Jesus. There was a root exploit unfixed in Debian for a while, do you hate them too? Can you imagine the reactions if there were a root exploit in Manjaro? Is any of this irony getting through?

in reply to lemmyvore

This entry was edited (9 months ago)
in reply to lemmyvore

They don't accept there own mistakes even. They do things like ship a broken kernel and then blame the upstream development.

Why even use it? There are much better options.

in reply to lemmyvore

M1 Mac kernel from upstream. They didn't bother to tell anyone and just pulled from master.
in reply to Possibly linux

Yeah you can do that, it's in the license. You don't have to "tell someone", you just have to publish the source.
in reply to sorrybookbroke

Thank you :) EndeavourOS was my second pick !

I picked manjaro because their user base is bigger and Manjaro is older. I will probably switch to EndeavourOS for all the reasons mentionted here and there in the comments. There seems to be a common strange atmosphere arround manjaro.

Also, because that logo thing on boot made me this post, this means I already felt something is odd with Manjaro. Always follow your guts !

Ps: Didn't though it's that much of a heated subject. It's a bit sad, I really liked manjaro's default and looks amazing.

in reply to lemmyvore

If it was some minor thing I wouldn't care much. I am not a Arch user and I probably will never be.

The problem with Manjaro is the leadership is questionable. It isn't just a few blunders. It is repeated mistakes that have caused real harm. They write themselves off as user friendly but they can't seem to figure out how to manage it properly. I am not against user friendly Arch. However, the nature of Arch means it is very very hard.

Linux Mint and Fedora are much better and don't have the same history of dumb mistakes.

in reply to Possibly linux

You must've not been around when Mint and Fedora were new.

They've been around for about twice as long as Manjaro. They made plenty of blunders.

caused real harm


Lol.

in reply to lemmyvore

This isn't a lol moment. They have repeatedly screwed over people.
in reply to N0x0n

Manjaro is run by people who don't know what they are doing. They make huge mistakes frequently and don't really understand Linux, the internet or project management.