this post was submitted on 05 Oct 2024
59 points (96.8% liked)

Linux

48216 readers
1320 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I'm curious what the difference is between Balenca etcher and Ventoy for writing isos to a live USB for distro hopping purposes. I see both recommended in fourms. Is there any advantage to using one over the other? Are they both equally safe/secure?

I'm also curious about trying out new distros. I've been using LMDE for about a year now and it's been fine, but I want to expand my knowledge and see whether LMDE is my favorite distro or not. I'm not the most well versed in Linux and don't have any prior programming experience so a beginner/mid level distro is what I'm looking for. I want something I can test out without connecting to WiFi (so not arch).

you are viewing a single comment's thread
view the rest of the comments
[–] Telorand@reddthat.com 76 points 1 month ago* (last edited 1 month ago) (4 children)

Balena Etcher is a writer that does one ISO at a time. Other similar options are Fedora Writer, Rufus, etc.

Ventoy is one that can do multiple ISOs and is generally easy to manage.

However, be aware that Ventoy has a lot of unknown code involved. There's binary blobs that the maintainer refuses to open source, so there's a big question over whether it's hiding some malware or is using unpatched packages. Nobody knows except the maintainer, and it's just his word saying it's safe. You could use it to test out ISOs, but I wouldn't personally use it to actually install a system.

Also, the Ventoy fanbois are pretty insufferable, and they tend to brigade anyone that speaks ill of Ventoy or its dev.

If you want something similar that's open source, Glim works and could be a good option; YUMI has been around for a while, but I dunno if it's still a good project or not.

Edit: typo

[–] AbidanYre@lemmy.world 13 points 1 month ago* (last edited 1 month ago) (2 children)

Can you point to some discussion of the ventoy blobs? I had never heard about that and can't find anything that says it's not GPL3.

[–] Nibodhika@lemmy.world 17 points 1 month ago (2 children)

This thread made me look at this issue. Realistically it's not a big issue, the VAST majority of the binary blobs are accounted for and have a script or a readme file that shows where they're downloaded from.

That being said I will take a serious look at alternatives.

[–] rotopenguin@infosec.pub 3 points 1 month ago* (last edited 1 month ago)

The vast majority of xz's blobs are accounted for, too.

[–] AbidanYre@lemmy.world 3 points 1 month ago (1 children)

Yeah, that's pretty much where I landed after reading through it.

[–] AlphaAutist@lemmy.world 1 points 1 month ago

Maybe they are thinking of iVentoy which is not open source but is by the same dev

https://github.com/ventoy/PXE

[–] Telorand@reddthat.com 9 points 1 month ago (2 children)

Maybe start here, but there's lots of discussion on the post.

https://lemmy.world/comment/12416453

[–] ouch@lemmy.world 4 points 1 month ago (1 children)

Ugh, those GitHub comments are horrible. If I was the author, I would just walk away from the project. People have no shame in making demands for free work.

[–] IcyToes@sh.itjust.works 7 points 1 month ago

You ain't wrong. The level of arrogance stinks. Especially when the author put effort into documenting the sources etc.

There do appear to be a lot of these know-it-all-but-contribute-little types around.

Maybe a few are missing, but simply asking, and I'm sure they'll provide. If someone wants a better build system, they could volunteer to do it themselves.

[–] AlligatorBlizzard@sh.itjust.works 2 points 1 month ago (1 children)

Should I be worried? I was distro hopping for a bit and put together a Ventoy drive to make that easier, and I used it to boot the install iso for the distro I ultimately decided on for my gaming laptop. It seemed highly recommended and I didn't know about the Ventoy bros at that point.

[–] Telorand@reddthat.com 2 points 1 month ago

Probably not. I've used it as well (before I knew about Glim) to preview distros, but I am not using it to do installs, since I can't be certain what's in it.

[–] thingsiplay@beehaw.org 9 points 1 month ago (1 children)

I want to use Glim too, because the binary Blobs in Ventoy are bugging me a lot. But Glim is a bit limited still: README

My experience has been that the safest filesystem to use is FAT32 (surprisingly!), though it will mean that ISO images greater than 4GB won't be supported. Other filesystems supported by GRUB2 also work, such as ext3/ext4, NTFS and exFAT, but the boot of the distributions must also support it, which isn't the case for many with NTFS (Ubuntu does, Fedora doesn't) and exFAT (Ubuntu doesn't, Fedora does). So FAT32 stays the safe bet.

[–] Telorand@reddthat.com 10 points 1 month ago

Yep. It's probably fine for most people, but it's still a trade-off between transparency and utility. Ventoy is superior functionality, but those blobs bug me, too, and the fact that the dev is so openly hostile towards transparency is concerning.

[–] maniii@lemmy.world 1 points 1 month ago

Cool! I might give that a try instead of the Ventoy i use regularly. Thanks for the info !

[–] JustMarkov@lemmy.ml -1 points 1 month ago* (last edited 1 month ago) (1 children)

Also, the Ventoy fanbois are pretty insufferable, and they tend to brigade anyone that speaks ill of Ventoy or its dev.

I more often see a different picture, where any mention of Ventoy leads to unreasonable agression and screams about how storing multiple ISOs on the same disk is useless.

[–] Telorand@reddthat.com 16 points 1 month ago (1 children)

I have quite literally never seen that. The majority of the time, somebody brings up Ventoy, somebody mentions the opaque blobs or some other legitimate criticism, and a bunch of fanbois pile onto that person for having their own opinions or concerns.

Ventoy works well, but the lack of transparency concerns me and people like me.

[–] sorter_plainview 8 points 1 month ago (1 children)

I have a different experience. There was one thread which linked to a github issue. The issue said some blobs don't have source code. Ironically when I went on to check, the blobs mentioned in the issue had source code, but there were other blobs which seemed to miss the source or build instructions.

I would love to have an independent audit to put this issue at rest. All that happens is more and more noise and no resolution. I am not a programmer so can't really help here.

[–] Telorand@reddthat.com 5 points 1 month ago

I would also love that! The truth of this matter would be much preferred over a bunch of cast aspersions.