IT HAPPENED AGAIN

MANJARO BTFO

wew lad

Enjoy the simplicity

Truly ebin

I can't believe they did it again.

Manjaro is a worthless distro with incompetent developers.

I don't really care about Manjaro either way, but the entire design of TLS/SSL and for-profit certificate authorities paid-for/expiring certificates are a total fucking scam

This times one billion.
Fuck your shit OP.

The distro is effected by being associated with incompetent devs in the first place

It takes literally 5 minutes to set up a cronjob to use and renew a Let's Encrypt cert. How can they be still "looking into" it?

This can't be real.
This can't be real.

wew lads
wew lads

I'd rather they don't give money to the certificate dealer racket than use SSL

Incompetent? For what? Choosing to not be extorted for certificate authorities is not incompetent. That's actually a smart thing.

Nobody cares about your even more special snowflake than arch distro.


Are you for real? Let's encrypt is already at 3M certificates, why none of those is for Manjaro's website if that's the case?

Lots of people seem to use it, despite apparently "nobody" caring about it. You can be assmad about people using it if you want, but it is by no means a "more special snowflake than arch" distro. You got some issues, user?

Yes, I'm "for real". Choosing to use a CA that doesn't extort you is smart. As for your question, don't ask me. You should ask the Manjaro devs. Otherwise, get fucked.

yup

...

what's an SSL?

...

Super Secret Level

It's arch, except not a pain in the ass. It's really easy to use. Surely a requirement for special snowflake status is it's useless.

It's Arch for people that are incompetent, like the Manjaro developers.

At least it's not as bad as Mint's security, but holy fuck.

If OpenBSD developed something that was a drop in replacement for openssl but without any of this 1960s X.509 bullshit, I'd switch everything I have running to it in a tls-heartbeat. Even if it meant not being able to talk to 99% of the outside world.

Is there a realistically infallible -probably proof-of-work based, I dunno- way to prove the identity of a server without relying on webs of trust (current SSL certificate model) or being vulnerable to Sybil/51% attacks (which Bitcoin-like blockchain models are)?

I am plenty capable of installing Arch. I use Manjaro because I don't really feel like going through a long process for just the initial installation. A lot of others are in the same boat as me. Though, since you speak of incompetence, I'd like to see you maintain your own distro.


You really should stop projecting. An SSL Certificate for a website isn't related to the distro at all. Then again, I really shouldn't be expecting much, since this is basically neo-/g/ now.

Nope. Unless you created the remote service's encryption key pair yourself and installed it while air-gapped there's going to be blind trust involved somewhere.

The best you can do is get the blind trust step done out of band before someone has an incentive to MITM.

Problem with that is that it works for your own stuff, but the moment you want to use other people's services, you are fucked.

I know you do have to trust the third party in the first place, but I would like to know how to make it resistant to MITM attacks by verifying the server I'm connecting to was the first to claim to be themselves, if that makes sense. Blockchains kind of act like an historic of some sorts in which you can verify the first time something was registered. I think NameCoin does this for domain names, but the problem with NameCoin is that, like all other *coins, they are vulnerable to 51% attacks and thus are forgeable.

For this, and yes it's real.

Mint's team learned from their mistakes, and took action to prevent the problem from happening again. Manjaro's team just says "ignore it lol", acts like it doesn't matter, and then lets it happen again.
inb4 you call me a mintfag, I use Manjaro. I know how awful it is from experience.

wew lad

Just because you are a Manjaro fanboy doesn't mean you have to justify incompetence and try to project it onto other people. Admit that the faggots that maintain your favourite distro are incompetent and get over it. It isn't healthy to be a cuck.

jeez all those meme distros that can't even maintain basic shit and you retards actually run them on your computers. just use debian (or archlinux if you're feeling edgy and muh wiki). there is absolutely no reason whatsoever to use any other (binary) distro.

Using DNSSEC+DANE with the right amount of client-side caching has about 100-200 fewer attackable weak points than an average CA chain. That's not mathematically perfect either, but if you can't trust your nameserver you'd already know you're fucked.

Both of them have systemd. If you are too autistic to run systemd, Void and Devuan are good alternatives for Arch and Debian.

Well there kind of is if you want choices other than
Mint fixes Debian and Manjaro supposedly fixes Arch.

I wonder how the fuck does Holla Forums manage to have so many users that don't know about Sid.

debian stable has security updates


You can't use Debian! It's an SJW distribution! Seriously though, Debian sid is pretty comfy and stable in my experience.

ROFLMAO

whoops

I've had five long-running Debian installations on bare metal. Two of them broke, one because I fucked up with apt (fucking metapackages with retarded maintainers, seriously), and the other one broke on itself after an update. This last one was Debian Stable.

First situation is a common novice mistake, but it is actually "intended" behavior that is often blamed on apt instead of the maintainers. It can be avoided by... not installing metapackages. Really, use Debian Netinstall and install everything manually, and it will never break. Quick explanation as to why this happens, though:

The other three installations were all Debian Sid minimal installations. Two of them were not updated in a whole year, one of them twice, and the upgrade, while not error-free ("errors" fixable by running a command apt itself gives you on error), worked flawlessly after finishing.

Some call it muh anecdotal evidence, I just call them Debian illiterates.

Debian has a big community and is a well respected distro. It's an obvious target for Holla Forums edgelords.

That's how the guide tells you to do it. With a minimal jessie install. I burned a Debian jessie netinstall CD, removed everything from tasksel, updated sources.list, update, dist-upgrade and installed everything I needed.

Expiring certificates (and keys) make a lot of sense, but I agree with for-profit CAs.

You do know that LibreSSL exists right?

...

TLS for people who aren't pedantic enough.

You're allowed to criticize someone without being able to do a better job.

Fucking cancer. You try changing your DE and decide to remove the old one, or hell even just remove one default program, and suddenly your entire system shits itself and you're left with nothing.

I avoid installing meta-packages on any distro. They should be banned.

they need to hire josh so someone with experience can finally fix that place up. they just don't know how to run a distro. smh 4rl tbh fam.

what!?
the SSL certificate model is based on the certificate authority/PKI model, which is the opposite of a web of trust model. PGP is a true web of trust

It's a shit web of trust, but basically, browsers "verify" CA, and at the same time, CA verify webmasters.

Nice projecting m8, yet you are the one who is the autist here. You who refuses to adapt to new changes and wants to hold on how you learned to do things which you perceive to be as the correct one. This is typical autism behavior. This is not what linux stands for, let alone Arch linux [keep it simple, stupid] Systemd fixes security issues and is a better and simpler way of doing things. Any retard who disagrees can use their none systemd bullshit in their lonely edgylord club while circlejerking their bullshit at others for not being as autistic as them.

Debian or arch are the way to do things there is no other reason to use any other distro and the sooner these dumb fucks with their ego's realize this the faster we can work on improving it for mainstream use age.

Arch is a few day(s) - sometimes hours - behind debian unstable and generally for most configurations arch is stable.

Ubuntu has been completely taken over by a corporation and has sold out on its initial principles on which is was founded. Just yesterday i found out a friend of mine was running kubuntu and we sat down to install arch.

It really makes no sense to me why u would want to sit downstream in a distro with bloatware whom are sometimes a month or 2 behind on releases. Then again i don't want to sit on debian unstable either as that; in the past, was a bad idea. Manjaro is basically a ready to use solution for people who are to stupid to follow a basic guide. In other words, the vast majority of Microsoft Window Users. Only those who become interested further in how their system works will allready have a basic grasp of how the filesystem works and the arch way of doing things which is a plus.

Most ppl do not want to configure their desktop, they want an easy to use ready to go operating system that works with their kikebook, plebbit/youtube browsing, word processing, music and skype. That's it, that's all there is fucknuggets do. The second u introduce a terminal command to these kind of people they sperg out. They want things to work by just clicking on shit. Yes, you are dealing with monkeys.

I have recommended arch linux to power users, sysadmins, programmers and content creators. The majority of them don't get it or did not like it. It's that simple. That's where manjaro plays in. Just like linux mint did, and before that ubuntu did, appeasing the majority and allowing others to transition from manjaro to bleeding edge.

Making the step from windows into arch won't last long from my expierence with users. Instead of throwing shit at manjaro because it's not arch, perhaps u should promote it to your stupid windows 7 friends so they can learn basic linux and perhaps one day can join us in the sun.


Then again, let's just go autismo mode:

lol not arch
Lolololololo not using basic knowledge of htpk headers and having 2 SSL certificates by 2 different CA's to ensure uptime. Omg these noobs know nothing of proper security or best industry standard practices.

A look at their headers:
Their SSL header does not include the subdomain.
No CSP protocol on their forum - XSS attackable
No public key pinning - MITM the x.509 certificate
No frame options - inject frames into forums posts.


Manjaro is still 100 times better then windows.

they fucked up their keyring too
utter shitters

Top kek, that's the definition of linux.