While Ventoy is technically open source so the code can be verified, the source also contains a number of binary blobs. As these blobs are already compiled, there is no way to verify what they actually do. Ostensibly, these blobs are just drivers and whatnot that are taken from the official upstream sources and are used by Ventoy for good reason to install things. But because they are already compiled blobs, no one is able to actually verify that. It is possible that they can also do something else nefarious, like secretly install some hidden spyware in your new OS that you are installing using Ventoy.
ELI5: Imagine you like a particular restaurant because they post the ingredients list on their menu. That way, you can tell if a dish fits your dietary requirements. But you notice that while one of their salads lists ingredients that make sense like “ICEBERG LETTUCE” and “CHERRY TOMATO”, one of that salad’s other ingredients is just “CANNED FOOD PRODUCT”. Well, that is incredibly vague and not all that helpful. You can’t really tell what that ingredient is or if it is something you are allergic to. For most people, in most situations, it is entirely fine. They can probably eat the salad with no problem. But some people would rather not risk the potential problems that come from not knowing for sure.
It was also strange that after this issue was brought up about Ventoy, it took quite a long time for the developer to actually respond. I believe they eventually came up with a good idea for a solution (using GitHub build actions or whatever to build the blobs from source), but mentioned that will be a big effort to actually switch to. So, they have not actually done that yet. I believe the unverified blobs are still in place in the source right now.
I’ve tried using GH Actions before to build binaries fully from source and it’s difficult AF. It seems like using something like Nix could make this more doable.
It’s ventoy with a ton of extremely useful programs included, and an excellent update tool for all of them. The web site seems pretty normal to me! I’ve been using it for a long time and it’s been crazy helpful.
I’ve had hit and miss with Ventoy. I love it and it’s my goto, but I have a handful of ISOs that it’s effectively just storage for - then I use Balena Etcher, Rufus, Raspberry Pi Imager, or sometimes classic dd to burn it to a smaller USB - but if I had to pick one tool, I’d recommend Raspberry Pi, Rufus, or Balena Etcher to a new user just trying to get the job done.
Ventoy > Rufus
Is there an alternative yet that doesn’t have weird binary blobs that nobody can verify?
This is new to me, I can’t find a reference. Can you share?
While Ventoy is technically open source so the code can be verified, the source also contains a number of binary blobs. As these blobs are already compiled, there is no way to verify what they actually do. Ostensibly, these blobs are just drivers and whatnot that are taken from the official upstream sources and are used by Ventoy for good reason to install things. But because they are already compiled blobs, no one is able to actually verify that. It is possible that they can also do something else nefarious, like secretly install some hidden spyware in your new OS that you are installing using Ventoy.
https://github.com/ventoy/Ventoy/issues/2795
https://github.com/ventoy/Ventoy/issues/3224
ELI5: Imagine you like a particular restaurant because they post the ingredients list on their menu. That way, you can tell if a dish fits your dietary requirements. But you notice that while one of their salads lists ingredients that make sense like “ICEBERG LETTUCE” and “CHERRY TOMATO”, one of that salad’s other ingredients is just “CANNED FOOD PRODUCT”. Well, that is incredibly vague and not all that helpful. You can’t really tell what that ingredient is or if it is something you are allergic to. For most people, in most situations, it is entirely fine. They can probably eat the salad with no problem. But some people would rather not risk the potential problems that come from not knowing for sure.
It was also strange that after this issue was brought up about Ventoy, it took quite a long time for the developer to actually respond. I believe they eventually came up with a good idea for a solution (using GitHub build actions or whatever to build the blobs from source), but mentioned that will be a big effort to actually switch to. So, they have not actually done that yet. I believe the unverified blobs are still in place in the source right now.
I’ve tried using GH Actions before to build binaries fully from source and it’s difficult AF. It seems like using something like Nix could make this more doable.
This is the alert in Nixpkgs:
https://github.com/NixOS/nixpkgs/blob/d233902339c02a9c334e7e593de68855ad26c4cb/pkgs/by-name/ve/ventoy/package.nix#L213
Interesting. Worrying, even.
to create bootable sticks: fedora media writer. works on windows with every linux image
I thought Ventoy was stupid and pointless until I actually tried it. Holy shit. Past me is an idiot. What a great tool.
Medicat > just Ventoy also, Medicat fuuuuucks
From a quick glance, Medicat is more of a specialized toolkit using Ventoy, no?
And their homepage is… weird.
It’s ventoy with a ton of extremely useful programs included, and an excellent update tool for all of them. The web site seems pretty normal to me! I’ve been using it for a long time and it’s been crazy helpful.
Seeing LTT’s nipples is normal for you?
I’m not sure what nipples you’re seeing, but I just see a lot of cats.
Quite literally LTTs nips
~~https://i.imgur.com/ug5aqGQ.jpeg~~
Edit: The file was removed. I assume because… nips.
Edit 2: I just looked at the HTML
This is the page background
https://medicatusb.com/_astro/sexy-papa-linus.654b76fb.png
But it’s LTT, lying on his back
This Imgur link comes up with “The requested image can’t be found” D:
Oh god and now it just auto plays some TikTok bullshit. I remember when some guy made Imgur “as a no-bullshit clean easy image hosting web site”
Oh how far it has fallen D:
I updated with the image
How does this compare to E2B? Sounds interesting
Being Physically Healthy > Being Mentally Healthy
This doesn’t make sense at all. Generally they go hand in hand.
They don’t go hand in hand if you have only one hand
I’ve had hit and miss with Ventoy. I love it and it’s my goto, but I have a handful of ISOs that it’s effectively just storage for - then I use Balena Etcher, Rufus, Raspberry Pi Imager, or sometimes classic dd to burn it to a smaller USB - but if I had to pick one tool, I’d recommend Raspberry Pi, Rufus, or Balena Etcher to a new user just trying to get the job done.
EtchDroid, available from F-Droid, allows you to make bootable usbs from your phone.