this post was submitted on 14 Oct 2024
65 points (100.0% liked)

Linux

1259 readers
63 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Ventoy is a tool to make a USB with multiple ISOs bootable, letting you select which ISO to use on boot. Another newly-created account claims to be the dev's friend and translator and has received no contact from the maintainer.

top 46 comments
sorted by: hot top controversial new old
[–] thingsiplay 12 points 1 month ago* (last edited 1 month ago) (1 children)

There are some random accounts that do not look like the original creator. I highly discourage from such titles like this post, because we don't know. "Ventoy" (creator) did not respond as far as I can see.

Edit: Even if it looks legitimate, it can be impersonating to gain trust. Don't blindly trust random people from new accounts.

[–] Aatube@kbin.melroy.org 4 points 1 month ago (1 children)

In the best case, the software is unmaintained.

[–] Virkkunen@fedia.io 3 points 1 month ago (1 children)

It is very much actively maintained other than this supposed vacation from the developer. Everything else is purely speculation and what seems to be impersonation of the dev on the fediverse.

[–] Aatube@kbin.melroy.org 5 points 1 month ago

This big issue has been open since April, and the dev has not responded, and his last commit was in early June. Yes, most of this is pure speculation, but 4 months is unmaintained.

[–] drwho 10 points 1 month ago

Let's see... Ventoy is a tool intended for sysadmins to use.

Something sketchy is going on in a tool sysadmins use when working on the crown jewels.

What could possibly go wrong? /s

[–] Blaze@lemmy.zip 9 points 1 month ago* (last edited 1 month ago)

Interesting context to bring up Lemmy

Edit: from the thread, it's pretty clear those people were not the creator?

[–] allywilson@lemmy.ml 8 points 1 month ago (2 children)

Didn't something similar just happen with RustDesk? ChatGPT response from author in an hours old account.

https://lemmy.ml/post/21342545

[–] Aatube@kbin.melroy.org 5 points 1 month ago (1 children)

On second sight, that specific response seems like a troll

[–] dessalines@lemmy.ml 8 points 1 month ago

I banned that one now too.

Some common threads I'm seeing with these troll accounts:

  • lemmings.world
  • new account
  • claim to be or know the creators
  • make claims about the insecurity of an open source app
  • blame china in some way
[–] Aatube@kbin.melroy.org 3 points 1 month ago

Oh hell naw, I was rooting for rustdesk...

[–] BCsven@lemmy.ca 6 points 1 month ago (13 children)

I heard people raving about ventoy, i checked it out online, but blobs and chinese maintainer made it seem fishy. Even if a maintainer was legit it only takes CCP thteatening their family to get a backdoor inserted

[–] electric_nan@lemmy.ml 24 points 1 month ago (1 children)

This is ridiculous. You don't trust "Chinese maintainers" ("even if legit" lol), because the "CCP" might threaten "their family to get a backdoor inserted".

Absolutely unhinged level of fantasy in the context of this project. A nation of 1.4 billion people and you don't trust anyone there to write software? You know they made your phone and pretty much everything else right? Also, the idea that "the CCP" is somehow uniquely (among governments) willing and able to coerce or commission backdoors in software is a feverishly deluded attitude.

Propaganda has put a backdoor in your brain.

[–] BCsven@lemmy.ca 9 points 1 month ago* (last edited 1 month ago) (1 children)

We have chinese police here in Vancouver (edit Non Canadian force), if residents speak badly about CCP these "Police" show up at the door and try to coherce them back to mainland. I'm not regurgitating the articles, my friend living in vancouver had them show up. I'm not trusting blobs.

[–] drwho 8 points 1 month ago (1 children)

New York, DC, and LA as well. If one doesn't want a polite knock, one doesn't speak ill of the CCP.

[–] BCsven@lemmy.ca 7 points 1 month ago* (last edited 1 month ago) (1 children)

Canada had investigated and started to shut some down here. they had actual office front building setup as Chinese police station. Smaller places it was decentralized Chinese pokice. Downvoters should read the news links https://www.cbc.ca/news/canada/ottawa/rcmp-chinese-police-stations-1.6862336

[–] electric_nan@lemmy.ml 5 points 1 month ago (1 children)

Down voting for 2 reasons:

  1. This article is short on factual information that says what you're implying.
  2. This is wholly irrelevant to Ventoy.
[–] BCsven@lemmy.ca 5 points 1 month ago (1 children)

if you search Chinese Police Canada (or USA) there are tons of articles that are way more in depth, and describe encounters, etc.

I added that link so people don't think I'm making it up when my friends house is getting door knocked by two CCP police.

It does not directly relate to Ventoy, it relates to why I would not trust a chinese product as we have first hand witness here in Canada of CCP harassing residents or forcing them back to china. There is that much control, even when they don't live in China, that if CCP wanted to have widespread spying they would just pick a dev with family in the mainland.

[–] electric_nan@lemmy.ml 3 points 1 month ago (2 children)

Your phone, computer, TV, and various other electronics in your house were not made in China? You believe that your own country or mine cannot secretly compel backdoors?

[–] BCsven@lemmy.ca 2 points 1 month ago* (last edited 1 month ago) (1 children)

I realize that this era makes it difficult, but that is why I would be cautious in projects, like Rustdesk dev was obfuscating the chinese location, and blobs, so I have removed that. My phone runs GrapheneOS so things are sandboxed, my home electronics are either totally blocked from web access, or certain IPs restricted. And of course Canada US would try to compel, but we have more transparency here than CCP shinanigens. I'm just saying, everyone blindy installing Ventoy that has more blobs than source code, and possible mainland connection should not be

[–] Aatube@kbin.melroy.org 5 points 1 month ago

Ventoy does not have more blobs than source code. The 3 blob folders—which constitute ~1MB out of ~16MB—are properly labeled with reproducible build instructions... for now. The 4 months' silence and impersonation without opposition are suspicious. That said, I think it's still safe to use your existing installations.

[–] ArcaneSlime@lemmy.dbzer0.com 1 points 1 month ago* (last edited 1 month ago) (1 children)

My car was Hecho en Mexico so long ago they didn't know cars could even connect to anything other than OBD2, phone was wiped for graphene, and my light switches don't have proprietary blobs that can phone home, they have screws and wires and absolutely no (internet) connectivity. Hell even my computer is Taiwanese, and runs Fedora anyway, though I am already bitching about Intel ME and AMD PSP.

Honestly, the concern around privacy is nothing new for lemmy, the only problem is that instead of worrying about corporate or US GOV spying in this case the worry is the CCP, and that's bad because criticising anyone but "western propagandists блять" is a no-no here.

[–] electric_nan@lemmy.ml 1 points 1 month ago (1 children)

You're quite the outlier, so congrats on that. I'm pretty privacy conscious myself, so I understand that part of the attitude. What drives me crazy is the irrationality of people making hysterical claims about China that at least as accurately describe their own country.

[–] ArcaneSlime@lemmy.dbzer0.com 1 points 1 month ago (1 children)

The claims are neither irrational nor hysterical, they're totally grounded and based in reality, and we should be just as suspicious of them as we are of The West™®©. What's more, being critical of china in a context where it's relevant while not mentioning The West™®© doesn't mean you never criticise anyone other than China and Russia, it means the current conversation is regarding China. If this were a story of an American dev being sketchy and including proprietary blobs, me and you, probably would be in here wondering if the NSA or CIA is involved rather than saying "but the CCP." I remain critical of proprietary software regardless of it's origin.

[–] electric_nan@lemmy.ml 1 points 1 month ago* (last edited 1 month ago) (1 children)

The user above was essentially saying "never trust a Chinese developer". That is irrational and hysterical. I would say the exact same thing if I heard someone saying "never trust a Russian/American/Indian/English/etc developer".

[–] ArcaneSlime@lemmy.dbzer0.com 1 points 1 month ago (1 children)

No he wasn't, he was saying never trust Chinese proprietary code (blobs), because they can compel citizens. If you can audit the code you can audit the code, the country becomes irrelevant.

Furthermore in this instance even if he was saying "don't trust chinese devs," not because they're bad people, but "because they live under an oppressive regime that can force them to do the bad thing," that's still not racist, it's still a criticism of the regime itself that very well could be rectified (well good luck.)

[–] electric_nan@lemmy.ml 2 points 1 month ago (1 children)

Chinese blobs are no more or less trustworthy than any other blobs. The Chinese government is not more or less willing or capable to force a Dev to do the bad thing.

[–] ArcaneSlime@lemmy.dbzer0.com 1 points 1 month ago (2 children)

Exactly, but being that this thread involves the country known as China, the reason to distrust those proprietary blobs is the CCP. If this thread were about an american dev, the threat would be NSA/CIA, if Russian FSB, on and on, as such.

[–] electric_nan@lemmy.ml 1 points 1 month ago (1 children)

It doesn't "involve the country known as China". The country has nothing to do with it, which is why it stood out to me for someone to be fearmongering about China. If it was an American or Australian dev, I doubt very much that concerns would have centered around their nationality.

[–] ArcaneSlime@lemmy.dbzer0.com 1 points 1 month ago (1 children)

What country did the guy travel to? I thought they said it was China, if not then my mistake, but if so, "yes it does."

If there was an american national dev in a country where america couldn't touch them, and they suddenly traveled to the US and dropped contact, it would certainly be suspicious that the NSA or CIA could be involved.

[–] electric_nan@lemmy.ml 1 points 1 month ago (1 children)

Chinese guy goes to China and doesn't push any commits for awhile. Simplest explanation is that "the CCP" has abducted him.

[–] ArcaneSlime@lemmy.dbzer0.com 1 points 1 month ago

It's definitely not impossible. Whatever it is I hope dude is ok. And I still encourage the use of FOSS whenever possible.

[–] Aatube@kbin.melroy.org 0 points 1 month ago (1 children)

Russia is currently involved in a big-ahh war and actively threatens the west. I don’t see why the CCP would be a greater concern.

[–] ArcaneSlime@lemmy.dbzer0.com 1 points 1 month ago (1 children)

Did he travel to Russia? I thought you said he traveled to China. If so aaah "because he's there?" If he was in Russia I'd be inclined to agree regardless of his nationality that Russia would be the be the bigger threat, in my opinion "the country he's in" would be a step above "a separate country that is at war with another separate country."

[–] Aatube@kbin.melroy.org 1 points 1 month ago (1 children)
[–] ArcaneSlime@lemmy.dbzer0.com 1 points 1 month ago

No worries!

load more comments (12 replies)
[–] deadbeef79000@lemmy.nz 6 points 1 month ago

I'm not saying it was aliens, but it was aliens.