I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.
Is BLOB an acronym?
Nope, but it has become a backronym https://wikipedia.org/wiki/Object_storage#Origins
Cool thanks :)
I just wish it had a real alternative. GRUB on USB doesnt support as much distros or windows.
deleted by creator
If you don’t like it,
don’t usefork Ventoy.From what others have said: The blobs violate GPL because they are taken from other FOSS project but the changes Ventoy makes are not viewable.
I was bored at work one day. I decided to put a nyan cat easteregg my companies app. If at the loading progress bar screen you typed NYAN it would turn the progress bar into a rainbow being created by a little nyan cat while playing the nyan cat song. The mp3 doubled our build size. No one batted an eye cause no one paid attention much.
Fast forward 5 years later at a differentjob, I get a phone call from the old boss. Do you happen to know anything about this nyan cat file we found?
I had no idea what he was talking about.
Years and years ago I worked on a project where the logo was the outline of a head and an inward swirl for the brain.
For the website, if you held your mouse over it for 9 seconds, it would spin and flush. No one ever found that one that I know of.
Should’ve included that in your FE analytics.
Aaaand thats why all commits should be signed with your pgp key
It sounds like they weren’t using any form of version control, so that’s definitely on them at this point
What makes you say that? To me, it sounds like that’s what they do have cause they tracked the change back to him. The commit message obviously said nothing about the file.
Ah I could see that. I took it as them not knowing where the file came from at all, so they’re just asking all the devs who would have had access at that point, which is why it was “hey do you know anything about this file?” and not “is there a specific reason you committed this file to the build?”
You think they’d call up devs who left them just to ask if they happen to know about a random file?
You think they’d call up devs who left them just to ask if they happen to know about a random file?
I mean, that’s what op said happened. Literally with the verbiage of “file we found” and not “file you committed”
I did mean random devs, not the dev they tracked down that made the change.
10/10
That story was a journey.
Need to compare hashes between a stock ISO and one flashed by Ventoy (dd the latter to a file and check)
Wat? Ventoy doesn’t flash isos, it boots from them
Makes me wonder how far the closest alternative, glim, could be upgraded to match Ventoy given the confines of GRUB.
Someone had mentioned that Fedora fails to verify when booting from Ventoy. Now I’m thinking if I could dd the media loaded via Ventoy and compare with an original copy to see what changed.
Hm, so now people suddenly notice and care about this? lol
First I’m hearing of it and I’m starting to question my security given I installed my OS using it.
hello, longpanda here, development will resume soon
I never trusted it because I thought it was completely proprietary. Well now I know it basically is.
deleted by creator
Thank you for sharing this. I remember using Ventoy quite often back when I was still on Windows. I’ll be sticking with the good old
dd
command.I love double d
Good ol’ disk destroyer
Any alternatives to this tool? I’ve used it a lot lately because I was testing out live OSes before installing one to the hard drive, but otherwise I don’t need it on a daily basis.
I guess, you could buy a handful of USB sticks…
but otherwise I don’t need it on a daily basis.
I’ll be real, this is part of why I didn’t understand Ventoy. I keep a bunch of large, fast thumbdrives around blank and available. When I need/want to put an OS on there, I do it when I need it, and then I’m always installing the most current version of the install. It takes under 5 minutes, at best.
I used to try to keep various installs on thumbdrives… but it would be two years down the line by the time I needed to use it again and by that time it’s literally pointless to be using two year old installation media.
When I was working in IT, this would have been a very useful tool for doing some on-site troubleshooting with various tools or for one-off reimaging machines that were missed during a big update or something. Instead, I had a bag of USB sticks with labels on them, which was annoying to use and to maintain.
Ventoy wasn’t a foolproof solution but it really did beat the hell out of using 6 different USB drives. Most USB “pen drives” don’t make labeling easy and without labeling I’m just plugging them in one by one till I find the one I want.
I remember various different concepts of USB flash drives with integrated LCDs that would display a label and the remaining capacity. Then they vanished and the only thing left were the Lexar Echo drives. Until a few years ago, when they have been pulled from the markets. Probably, because they didn’t work with the now default GPT and its many different partition types.
IODD makes some. I had the older HDD version that stopped working after it got dropped, so now I use this one:
https://www.iodd.shop/IODD-SSD-drive-with-mini-USB-30-with-secure-256-bit-encryption
As someone with few USBs available, Ventoy takes me 2 minutes to flash, several minutes to copy a set of ISOs, and then any time I need it, it takes 0 minutes to have a working USB with some arbitrary ISO. Sure, it’s not up to date, but I don’t need it to be if I need to recover an install or use some random tool.
Part of the point behind Ventoy is that you don’t need to prepare the USB to be bootable. You can just copy/paste the whole iso into Ventoy and it will be bootable. New release comes out? Just copy it onto your USB drive. Don’t even need to remove the old version of you don’t want to.
Makes things much easier in the tech world for having a single USB with 50+ bootable tools and installers on there like with MediCat (which uses Ventoy as a base).
Only thing I’ve had issues with booting from Ventoy is the ProxMox install iso. Everything else has worked first try.
All my laziness about not checking it out has come to fruition. Now I simply don’t have to, because this is sketch as fuck until it is handled.
God I hate people who use github comments for their own benefit. “Just fork it bro” is never helpful.
Seriously this. Any comment about a complicated system that starts with “just” can be ignored 99% of the time.
Also, there are 4k forks of Ventoy already. Obviously forking it isn’t helping. Actual work needs to be done.
I agree that comments like that are unhelpful/unnecessary, but how is that “for their own benefit”? Other than the actual devs themselves using that as a way to just ignore issues, I do not follow
For me the problem is more in GPL violation: they distribute blobs under GPL3, user made a request of the source code by creating an issue, but they ignored that request. It is not only about “you have to fix it” versus “just fork it” imo.
Licence doesn’t apply to the creator.
He already owns the copyright, he doesn’t need a licence, he doesn’t need to adhere to the gpl
The binaries in question are various GNU and FOSS tools from elsewhere, not part of the Ventoy project itself. So no, the Ventoy author does not own the copyright of the tools in question.
Even then, he’s still allowed to provide binary blobs. He doesn’t have to provide it as source code. If that was the case, we’d all have to build from source and package managers like apt, dnf and flatpak wouldn’t exist.
All he has to do is make the source code available, i.e. just link back to the original Github Repo.
Is there an alternative to Ventoy for booting Windows vhd images from an ntfs partition?
What does BLOB stand for?
Binary Large OBject
deleted by creator
Only kind of. That’s a backronym.