- cross-posted to:
- opensource@lemmy.ml
- cross-posted to:
- opensource@lemmy.ml
Dear community,
I hope this message finds you well. I want to take a moment to address the concerns raised in Issue #2795 regarding the BLOB functionality in our app. First and foremost, I sincerely apologize for any confusion or frustration this may have caused. I was on vacation during this time, and I understand that my absence may have contributed to the lack of clarity surrounding this issue.
The BLOB feature is an important aspect of our app, and I recognize that the documentation surrounding it has not been as clear as it should be. I appreciate your patience as we work through these challenges, and I want to assure you that I am fully committed to resolving this matter.
As I return to work, I will prioritize updating the documentation to provide a comprehensive understanding of how the BLOB functionality works. I will also investigate the specific concerns raised in Issue #2795 to ensure that any underlying issues are addressed promptly.
Your trust in our software is paramount, and I am dedicated to regaining any confidence that may have been affected by this situation. I am confident that, with your continued support and feedback, we can enhance the app and provide a better experience for all users.
Thank you for your understanding and for being a part of our community. I look forward to sharing updates with you soon as we work towards improving our app and its documentation.
Warm regards, longpanda
You must log in or register to comment.
I mean ever since XZ binaries are a no go. Like the trust is gone, the bridge is burnt, unless there’s like an insanely good reason, anything this heavy in BLOBs ought to be treated as suspect. Benefit of doubt isn’t coming back.
Your computer can’t POST without BLOBs BTW.
Wait, this is just a post here on lemmy, not a reply in the issue thread? Or am I just not finding it? You should probably have this discussion in the github issue too.
Yeah, this could just be someone pretending to be the actual developer.
If it’s someone pretending to be the developer in order to exacerbate things, mission accomplished.
If this is impersonation (which it looks to be) shouldn’t it be removed?
Are you going to set the precedent that impersonation of figures in the open source community is allowed?
Personally I would be in favor of removing this post until OP can provide proof of identity (eg. by posting something on the main github account corroborating this post).
“ChatGPT, write a letter to the community that says I am looking after this issue with untrusted BLOBs and it is of high importance but do not be specific about anything.”
“I hope this message finds you well”, is a marker I have been using to detect GPT replies. Looks like this is from ChatGPT.
Also it says “BLOB feature” and “BLOB functionality”. What in the coconut does that mean? “BLOB feature is an important aspect for our app.” Come on…
It’s really pathetic that they didn’t even try to read it at least once.
@sorter_plainview
I am human and I start almost all of my emails to people in Africa and Asia with that sentece or with a similar one.It’s almost like this behavior comes from the training data.
@NuXCOM_90Percent
This is not funny
Your tricks won’t work, skynet! 😜 /s
@sorter_plainview
What kind of nonsense is this? Or ist this a joke?Giving you the benefit of doubt here.
“/s” technically means “this comment is sarcastic in nature”. But also commonly used with bad jokes and puns as well, indicating that this is indeed nonsense, and I’m aware of it, but I decided to say it anyway.
The previous comment was just a bad and cliche joke that is common in internet forums, referencing the “Skynet” from the “Terminator” movie series.
It’s a really nice message that gpt wrote there
Meh, why not using it if writing isn’t your strong suit?
I am longpanda’s friend and colleague. We used to work together and we go way back. I had lost contact with him several months ago. I still haven’t heard from him until now. This post confused me, because longpanda never writes in English. I helped him with the translations in the past. longpanda is a great comrade, who loves his country deeply and has always followed in the footsteps of the great leader, his loyalty and dedication are truly admirable. I hope he is alroght.
我是longpanda的朋友和同事,我们曾经一起工作,但几个月前我们就失去了联系。直到现在,我仍然没有他的任何消息。看到这篇帖子,我感到很奇怪,因为我知道longpanda不可能是写这篇帖子的,他从来不用英语写东西,过去我都是帮他翻译的。 longpanda是一位伟大的同志,他深爱着自己的祖国,始终坚定地跟随伟大领袖的脚步,他的忠诚和奉献精神令人钦佩。我希望他一切安好。
longpanda如果你看到这条消息,请尽快联系我。
Yes, but what does the BLOB do?
According to Jim Starkey, the person who coined the term, “Blob don’t stand for nothin’.” However, it is often referred to as a “Binary Large OBject”, meaning a large file with content not easily readable by people.
With an open source project, you have source code which is turned into executables/“blobs” by the compiler. As long as you trust the compiler, you can (functionally) know the content of the blobs by looking at the source code they were made from.
In the case of Ventoy, several “blobs” are included from an unknown or vague origin. This is a great way to bundle malware, as seen with the XZ backdoor from earlier this year. As such, the original creator of the linked issue is requesting they are built/obtained at compile time, so either the content or origin of these files can easily be found.
The BLOB in my app is a key element that manages and stores various types of data efficiently, ensuring smooth performance and user experience. We understand the interest in this feature, and we will issue an official statement soon to provide more detailed information about its functionality.
Ah, if I understand this explanation right, the blob’s purpose is to do things and stuff. Is that correct?
I’m gonna be honest, when I read this, I initially thought it was a joke answer by a community menber. The joke being about vague hand-wavy statements that people make when dodging questions.
Then I realized it’s OP, and OP is ostensibly the actual developer. I have nothing specific to say about this situation, especially from a technical perspective, but this reply… why even bother?
I can not tell you, how much I thought the same. It sounds like an answer filled with as many buzzwords you can think of, made up by some random as a joke, moking such answers. Then I saw the username highlighted in blue, indicating it was OP.
I am still not sure of it’s just a mocking answer, tbh.
A BLOB in an open source project usually indicates something proprietary. Does Ventoy really need this to function or just to speed things up? If it’s the latter, we don’t need this and community can probably take care of it in time.
@longpanda @horse_battery_staple
“stores various types of data efficiently, ensuring smooth performance and user experience” sounds exactly like “storing these tracking cookies for your enhanced experience on our site”
You’ve been on vacation for 5+ months?
Also wouldn’t it be best to post this communication in the issue thread?
Given how long this has gone on now, it’d probably be best to inform your community that you’ll be removing BLOBs from the source and for them to be produced during build otherwise this shadow is going to remain.
This was the first time I’ve ever heard of your software and has kind of made me want to steer clear of it.
Given how long this has gone on now, it’d probably be best to inform your community that you’ll be removing BLOBs from the source and for them to be produced during build otherwise this shadow is going to remain.
Many of the BLOBs are essential to allow Ventoy to work with Secure Boot. They are compiled and signed by Fedora and OpenSUSE. They definitely need to be better documented, but they aren’t reproduceable for good reason.
For the purposes of this project, you could at least reproduce them by running
wgetand downloading them from the original projects.Exactly. Source it from upstream at build time or something so it’s transparent.
Sorry, I can’t get into the details, but I’ve actually been held from accessing my computer for a while, and there were some issues with my account that limited my ability to log in. I’m working on resolving it and hope to get back soon!
Homie is sitting in a cell somewhere in Washington or Beijing :sob:
dude please don’t curse, anything could happen to him 😥
