The amount of advertising for this tool in recent times is starting to look a lot like astroturfing.
spinning around Earth in a horseshoe shape for about two months
what? what kind of orbit is that?
Not my post btw, just sharing the link :)
Sorry for the reddit link, I don't know of a mirror. This was posted just today, running on an EeePC:
The binaries in question are various GNU and FOSS tools from elsewhere, not part of the Ventoy project itself. So no, the Ventoy author does not own the copyright of the tools in question.
So your approach to security is that you cross your fingers and hope?
Ventoy has a lot of work to do if they want to earn our trust:
Remove BLOBs from the source tree #2795
This ticket has been open now for 5 months with no engagement from the maintainer.
Your install media and anything that modifies your EFI partition or UEFI firmware settings needs to be the most trusted part of your system. And here is Ventoy, a tool that looks open source and then includes a large number of binary blobs in its repository, with no indication of how they were compiled. This is horrible security practice and for me that's enough for me to never use it.
You can also see a discussion on the subject on HN here: https://news.ycombinator.com/item?id=40689629
A much better alternative, if you want a multi-boot USB, is GLIM: https://github.com/thias/glim
It's just a collection of Grub configs, so very simple and easy to audit.
From my understanding, a lot of code in the graphics drivers is special-case handling for specific games to optimize for the way that the game uses the APIs. Is this correct?
In which case it would make sense to have the game-specific code loaded dynamically when that game is launched, since 99.99% of the game specific code will be for games that the user never runs.
I used Ubuntu from version 8.04 to 18.04 and not once did I have a successful upgrade between major versions. There is always something that gets broken to the point that a reinstall is necessary.
That's a huge difference, the estimate became 10,000 times smaller.
cross-posted from: https://lemmy.ml/post/4912712
Most people know at this point that when searching for a popular software package to download, you should be very careful to avoid clicking on any of the search ads that appear, as this has become an extremely common vector for distributing malware to unsuspecting users.
If you thought that you could identify these malicious ads by checking the URL below the ad to see if it directs to the legitimate site, think again! Malware advertisers have found a way to use Google's Ad platform to fake the URL shown with the ad to make it appear like a legitimate ad for the product when in fact, clicking the ad will redirect to an attacker controlled site serving malware.
Don't click on search ads or, even better, use an ad-blocker so that you never see them in the first place!
Most people know at this point that when searching for a popular software package to download, you should be very careful to avoid clicking on any of the search ads that appear, as this has become an extremely common vector for distributing malware to unsuspecting users.
If you thought that you could identify these malicious ads by checking the URL below the ad to see if it directs to the legitimate site, think again! Malware advertisers have found a way to use Google's Ad platform to fake the URL shown with the ad to make it appear like a legitimate ad for the product when in fact, clicking the ad will redirect to an attacker controlled site serving malware.
Don't click on search ads or, even better, use an ad-blocker so that you never see them in the first place!
Discussed yesterday in !opensource@lemmy.ml:
Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months