Your father gave me his USB stick in Vietnam, son.
where did you keep it?
I carried this uncomfortable hunk of data up my ass for two years. And now little man, I give it to you.
Shoutout to Medicat toolkit. Takes ventoy to next level.
My 77 year old mother-in-law runs Pop cause of me and loves it.
Best I can do is 60 year old dad on Mint XFCE on a massive Phenom II x4 955. Salvaged from my first PC build.
Hey of it works for your pop and you keep stuff out of a landfill I say that’s a solid win.
Good for her
Just make sure you respect the wishes of the people around you. It is not ok to force someone to use Linux because you think its a good idea. You don’t get to take advantage of people to push your own agenda. Windows is going to be ideal for most people simply because it is widely supported.
How is me “forcing” somehow worse than Microsoft actually forcing people to use their ad-pushing, data mining spyware of an operating system? My “agenda” is simplifying an elderly person’s computing experience, protecting her from phishing/scams and allowing her the freedom of not having to worry about one other thing.
Weird take, bud.
Most sane people wouldn’t bring their some brand car to another brand car mechanic and expect service though, unfortunately most people are not that sane when it comes to it.
No linux? No free support from your frienfly neighborhood technician.
Oh Windows? Yeah that’ll cost…
For me personally I’m not supporting anyone if I can avoid it especially users running Linux. I don’t want to have to manage a custom system when I could instead get them either a plain Windows install or better yet an IPad.
My parents love Bazzite.
Is Pop as good and generally user friendly for those less familiar with Linux? Never heard of Pop before!
PopOS is great, the installation process is like 5minutes, with 4 minutes being the download and boot from USB. From there on you click “next” 5 times and are rebooting into a working system.
To be absolutely honest, I had to do some googling and command line stuff to get my fingerprint reader in the laptop working but that was the only thing that needed any attention. But I never did a Windows install where I didnt have to configure at least 2-3 drivers, so I consider it a draw.
From there one it is the typical stuff: You need one proprietary software? You have to figure it out for hours how to get it to work. You are fine with open source options? Go enjoy a blazing fast ad-free non intrusive non annoying OS. For me the trade of is worth it. Been using Linux since I was 14, if I could do it from my kids room with parents switching of WLAN after 22:00 you can do it too.
Why Bazzite for a non-gaming setup? Or are your parents gamers?
My brother set it up for my parents even though they don’t game. I just think he installed it because it as intuitive as Windows for lay people.
Instead of Bazzite, Aurora or Bluefin great options. They’re from the same people, but more general purpose. I use Aurora dx (developer) and my non technical wife uses Aurora.
There’s a game dev version they’re working on that I’m kinda hyped for.
Was the Ventoy binary blob issue resolved and it’s cool again?
Just have 500 thinkpads and you can avoid security issues all together! A thinkpad for every distro EZEZ
No. But the argument itself is so stupid to me.
Ventoy has never been a secure tool. People are making the argument that it should be, which is just nutty.
If you’re one of those people that grab random fuckin’ ISO’s from all over the internet to test em out, then no. You really shouldn’t use Ventoy. If you run official ISO from recognized sources, then realistically the risk is ever present, but minimal.
Like getting in a wreck on the way to the store to pick up milk. It’s always a possibility, but not many people would stand around and make the argument that you should stay home forever because you might get into an accident, which is basically the argument against Ventoy. It’s “we’ll, it’s a crazy useful tool, but you shouldn’t use it because something might happen.”
It’s just such a bad argument. Fact of the matter is, is that if there were a non-hacky as shit way to do what Ventoy does, it would be available right now. But it’s not… Because it’s really not.
The only way to avoid the issues that Ventoy employs is to not use ISOs and use something like netboot.xyz, which presents its own set of issues. How do you know you’re not being MITM from the iPXE environment? Like, sure. You can technically verify it, but how do you know for sure on the fly?
Like, if you sit down you can pick apart any software for being an insufferable gaping asshole of security vulnerabilities.
The problem with Ventoy isn’t the ISOs.
The problem is they use binary versions of core tools like
cryptsetupin their source tree, vs compiling them at build time.This leaves the door open to supply-chain attacks. I.E. a PR with a bad
cryptsetupbinary, or an attack on crypt that makes its way downstream with no way to audit. This is how huge software distributions make their way to Wikipedia in a bad way: https://en.m.wikipedia.org/wiki/XZ_Utils_backdoorThe solution is the build those binaries at build time, which a fork is working on.
Couldn’t you just compile those dependencies yourself and use your own blobs then?
Yes, but…
The build environment was not clean to start, which is why a contributor is working to correct that.
You could also have the build scripts that run on GitHub pull the binary releases directly from their original release locations at build time, vs a file that an individual can modify in the source tree. This isn’t as good as building from source, but it’s better than nothing.
Interesting! & longpanda*
Explains y’all paranoid and keeps using those binaries? Says “sorry I do this free and that would take forever”?
*
To clarify, asking if there has ever been an official developer response/debate on this.
The advantage of Ventoy is its ability to work in any environment and handle 99% of ISOs. Compiling the binaries at build time requires a mature development environment to be able to build these utilities… Your exponentially increasing the size and complexity of the project to solve a relatively minor security issue.
Ventoy is not the only way to create a bootable drive… If you don’t trust the blobs then don’t run the software.
Forking ventoy to add the complexity of building these utilities is only going to be available for *nix base environments so Windows users are pretty much shit out of luck. Your exponentially increasing the size of the project, it’s complexity, and simultaneously significantly narrowing its usability…
I said it before and I’ll say it again it’s such a bad fucking argument. It’s not mature software. It’s a literal confluence of hacks… And if you’re not comfortable with using it then don’t use it. It really is a huge security risk. But advocating that nobody use it is such stupid fucking thing.
Advocate that people understand the risks of using it but to just run around and scream about how nobody should be using it for any reason whatsoever until the maintainer closes the security hole that makes it run is pretty stupid.
You:
solve a relatively minor security issue.
Wikipedia:
In February 2024, a malicious backdoor was introduced to the Linux build of the xz utility within the liblzma library in versions 5.6.0 and 5.6.1 by an account using the name “Jia Tan”.[b][4] The backdoor gives an attacker who possesses a specific Ed448 private key remote code execution through OpenSSH on the affected Linux system. The issue has been given the Common Vulnerabilities and Exposures number CVE-2024-3094 and has been assigned a CVSS score of 10.0, the highest possible score.[5]
Binary supply-chain attacks are not “minor security issues”. There is a reason many companies will not allow admins to use Ventoy.
I like Ventoy, it’s a fantastic project. I like that the author is transparent about where they won’t be spending their time. You can like a project, and recognize it’s flaws at the same time.
A contributor building a PR to solve the build concerns is not a bad thing, it’s to be celebrated. Even a short-term solution of having the build script pull the binaries from a release and checksum them would alleviate a lot of that concern. And the Windows vs Nix item would be alleviated by the GitHub build ENV. Binary releases isn’t the problem, it’s binary in the source. This is about audits and traceability more than the build itself.
Not having a security first posture on these kinds of attacks is how the
xzevent happened, and I would hate to see that happen to Ventoy. I look forward to contributors helping the author out.Binary supply-chain attacks are not “minor security issues”.
Yes they are. The binaries for Ventoy aren’t even updated from release to release. It’s not even evident how old they are. So crying about an attack that only matters if these binaries are bleeding edge is absolutely a minor issue. I don’t even understand how someone of sound mind and body could possibly believe otherwise.
Not having a security first posture on these kinds of attacks is how the xz event happened
No one is making the argument that security doesn’t matter. No one is pushing the idea that Ventoy is secure. I’m saying singularly and only that a supply chain attack is just about the dumbest goddamn angle possible to bitch about Ventoy because I could argue that Ventoy would be more vulnerable than it is now to a supply chain attack if the binary blobs are built and updated every time you build a bootable drive. It’s just a truly fucking insane argument that shows a lack of understanding of what a supply chain attack is. The built binaries may be vulnerable and it’s difficult to prove if they are or not, but if you update the binaries all the time they’re more (attack surface is larger) than if they’re only updated when absolutely necessary…
It’s just plain a poor argument and I’m tired of every armchair expert pretending that its not. People in high security environments aren’t using Ventoy. It’s just such a ridiculous argument.
Just gonna drop this one in here.
https://github.com/ventoy/PXE/issues/106
Ventoy PXE used by iVentoy installing malware and fraudulent CA certs from… you guessed it, binary blobs. The primary dev is now in damage control in another issue and moving forward on updating the primary repo. Good on them.
So, yea, not a minor thing, even for Ventoy.
I read what sounded like an intelligent follow-up on this subject. But I’m not smart enough to verify for myself, so I still refrain from using ventoy - even though I’d love to start using it again.
It was basically “wacky code from all over the place, poor coding practices, can’t find anything bad, but methods used are sus af”
Says one dude I read on the internet :/
That’s it.
Sounds like a Chinese geek tried to make something useful, did a lot of dirty hacks to get it going.
And couldn’t properly explain because his social skills and English weren’t great.
The blobs weren’t super suspicious, just some gpld tools, basically busybox kind of stuff.
The real problem is what he made was so fucking insanely useful and needed by everyone that the standards for software skyrocketed.
Like you make a cure for cancer and everyone starts screaming at you because one of the side effects is temporary impotence.
Such a great post.
Just say youre installing wimdows 13
Meanwhile me with a CD book that has 17 bootable DVDs and CDs plus a separate DVD+RW for more random, less permanent crap and a portable USB DVD drive (the drive is sourced from e-waste and fails to write both DVD+/-RW and CD-RW at 4x, only 2.4x and 10x respectively work).
I like spinny media.
I mean, I also have a Ventoy disk, but I haven’t used it for a looooong time because it’s no fun, but discs are.
I just need a bigger backpack. The WRT54GL is taking up quite some space too.
Much cooler than ventoy, no?
Not to mention iso booting from a disc…just works. Too many times I’ve tried booting various USB images only to have it fail for unknown reasons, the host machine has this weird quirk of not able to boot from a 3.0 port or…idk
Oh boy, you haven’t met some Dell Optiplexes.
That shit, for whatever reason, can’t boot from internal DVD drive. I tried with 2 of them. Both had functional drives, I tried disabling secure boot, enabling legacy boot and some other settings which seemed related, but nothing worked. Then for shits and giggles I tried a USB DVD drive and that worked just fine.
Ya…some devices are seemingly straight hostile for doing this. Combined with Dells insistence on shipping PCs with a wonky “raid” mode for it’s single drive. Just mess. UEFI/secure boot etc…
I have several dvd drives. Pretty sure none of them works. They have been sitting unused too long. At least one has a permanently deformed rubber band, that drives the spinny thing. They dry out with time and sitting still.
I prefer solid state stuff.
As someone who loves collecting/hoarding things, major jealous.
Disks are fun, lol are you a masochist?
I bet you never heard its cool sound.
brrrrRRRRR PS PS bRRR PS PS, PS PS, zzzzZZZZZMMMMMMMMM
best thing ever
You have all that up your ass!? ( ; ゚Д゚)
I mean, they have a hole in the middle, so if I stack them they let stuff pass.
I- I didn’t think of that…
Just be sure you’ve got those backed up. CDR bitrot is real and it can hurt you.
Ventoy is completely insane in terms of how it works fwiw: https://discourse.nixos.org/t/custom-nixos-installer-plug-install-play-how-to-achieve-this/61710/13
Thanks for the extra info and thanks for this useful nixos discourse post!
NixOS ftw (I use NixOS btw)
Me with 40$ 1tb external ssd with ventoy be like
I tried that too, it wouldn’t reliably boot on things it should have. I remade it on a mechanical drive, same settings, and that one will boot on anything I’ve thrown it on so far.
I can’t fit an SSD up my ass. :(
Not with that attitude
Its one of the many trials set by SPACE KING
Don’t threaten me with a good time
I’m just going to start pretending I know nothing about computers
That’s a good idea as that’s how you avoid being tech support for family
A computer? Ahh yes, a person performing mathematical calculations! Likewise. (-)/
I just pretend I can’t speak English.
“Sorry I got rid of windows 10 years ago. I can help you install win 7 but nothing newer than that”
Sorry I’m not tech savvy
“Don’t you work in IT?”
Umm… I’m bad at my job
Please at least (or, well, at most) make it 8.1…
the only ones i know how to install are vista and 8. sorry
Solution: install windows for them, but complain and evangelize at every opportunity. You’ll be so insufferable they’ll never ask you again.
Constable Odo treatment.
Thanks for reminding me that the DS9 box set is a high priority on my ripping list
Another solution - install Windows 2000, which was the first and the last good Windows distro.
lolll
Another solution: install a Linux distro in kiosk mode and make the browser home page https://www.windows93.net/
I do that every time I have to use windows. But I think my boss does not like that…
Or don’t
Use whatever you want to use. You can always say no to support requests.
I charge a consulting fee. If you have to ask, you can’t afford it.
I don’t need friends that are Windows users.
I don’t care what they use, be it linux, a BSD, OSX, Plan9… but windows?? that is pathetic!!
Windows? Not heard of that distro before, sorry.
They must’ve meant Lindows, very common mistake.
Lindows is deprecated. Must’ve meant Wubuntu.
I’m the family computer guy but dad’s probably better at Windows than me.
If you’re incapable of figuring out how to install Windows then you’re probably incapable of most things in life.
I think without instructions most people would need help due to not knowing what a partition is. So depending on your interpretation of incapable this seems like a huge exaggeration. The Linux installers with GUIs I’ve seen at least explained how to set them up.
Most people would rather go to the store and get a new computer, than go to a webpage and download an iso. They can figure it out. They are just lazy and have little motivation to try it. They also want what they already know, with as little change as possible.
Windows isn’t hard to install but it does require some computer knowledge
I am not incapable, I just don’t want to.
To be fair, Windows wasn’t meant to be installed by the end user that often. It comes preinstalled.
Just saying that it’s brain dead easy to install. You don’t need any technical skill at all.
There are no tricks. Just mouse through a couple of prompts and it’s done.
I’ve installed Linux just as many times as windows and these days Linux is more complicated to set up and install than windows.
Like I get it. Yall have a deep bias for Linux but Jesus Christ can you at least be accurate?
Jesus Christ can you at least be accurate?
Speaking of accuracy, your comment seems to identify the wrong issue. Navigating the install menus in a non-Arch linux distro is pretty much analogous to Windows. The biggest difference is that Linux distros don’t have 3-4 pages where they sneakily try to include privacy-breaching clauses during the installation.
The real issue is starting the installation in the first place. Windows is easy, because hardware manufacturer’s have en masse bent over to willingly present themselves to Microsoft, Linux doesn’t have this advantage and users must figure out how to get around the 7,000 different Secure Boot UEFI configurations before they can even start the installation process.
You are vastly overestimating the technical ability of the average computer user. I don’t even mean that in an elitist/disparaging way, they just don’t care about this stuff because they don’t need to.
I find you still have to fuss with partitions. There isn’t a simple wipe everything and install option. You have to manually select the partitions on the disk, delete them and create a new one which somehow triggers it to create several partitions.
There is an upgrade option.
And then they tell you they don’t want a Microsoft account and you have to look up what’s the current hack to get around that if possible.
That said, I think the Linux install experience is very clear about what it’s going to do.
You had it right until the “create a new one” bit.
You can choose empty space instead of a partition and the setup will create the partitions for you. I mean even if you were to choose a partition, I believe it’ll delete it and create new ones because it needs more than just one partition. So on a clean disk, you can pretty much just hit next at that bit.
Lolwat. Last time I installed windows it literally created 3 partitions exactly when I told it “this clean disk - here ya go”
That’s exactly what I said, it creates its own partitions if you make free space or already have a clean disk. No need to manually make a partition.
Aand why the hell does it do that? And why the hell count is more than one? And while we are at it, what is so deadly and frightening with Linux installer creating a partition?
It was just as easy to install linux, it came with a graphical installer
Tough love is the realest love
118 ISOs, and windows ain’t one