Are there any other multi-booting alternatives or is Ventoy pretty much the only practical option for larger USB drives?

>>108679394
Chat is dis real? I actually really like ventoy :(

Can (You) offer a solution? Deblobbifying the project? A non-blobbed alternative? And no, unpacking a single ISO on a 64GB stick doesn't count.

>>108679394
How would the infection work?

I don't recommend using closed source software but the only reason people are assuming this shit is backdoored is because it was made by a heckin unwholesome yellow man from a country that doesn't tolerate faggotry. These same retards don't care that their own governments were indirectly responsible for WannaCry.

>>108679456
looks like it is

Is this why Fedora Workstation nukes Ventoy after it installs?

>>108679456
I added links you can read yourself

>>108679456
It's real.
https://github.com/ventoy/Ventoy/issues/2795

>>108679510
im not sure, maybe?

>>108679486
Could inject stuff into your os install i assume
Idk if it could also infect the MBR. This would make it persist and reinject itself even if you clean reinstall your os

>>108679447
curious as well I tried other options
>Yumi
Linus distros seems to be working fine but it windows installs are crapping out sometimes
>Balena Etcher
tried it 5 years ago, piece of shit, apperantly also turned out to be possible malware

>>108679447
There's several alternatives listed in op's link

>>108679447
https://wiki.archlinux.org/title/Multiboot_USB_drive#Automated_tools

>>108679394
I bet it's not because of backdoors but because of improperly licensed GPL code or even stolen proprietary code

>>108679756
>stolen proprietary code
holy based, if this were proven true i would use it out of respect

>>108679394
fuck my bussy, man. this timeline is gay as fuck and now i need to reinstall and nuke my ssds.

>>108679486
Depending on sophistication it could be anything from a runtime injected keylogger script sending your shit off somewhere to preboot kernel patching (after the iso was read but before it's executed) or even a persistent uefi rootkit.
A keylogger would be easy to prove with just wireshark, something more sophisticated on the level of preboot kernel patching or an uefi rootkit not so much. Ventoy does in-flight and preboot injections anyways (because it needs to) so they could also hide something malicious. Personally I don't use ventoy because I don't trust it but that said >>108679756 this is as good an explanation as malware is.

>>108679793
ventoy MIGHT contain backdoors or other malicious code

MIGHT

>>108679793
everything is already backdoored down to the hardware level, anon. even if it's real and doing shit you have bigger problems to worry about in your own computer

>>108679886
"you are already getting raped in your ass so you should just get raped more"
i shant

>>108679886
you cant be fr

>>108679979
oh nvm I his message wrong sorry anon

>>108679886
I bet you're the kind of guy that would fuck a person in the ass and not even have the god damn common courtesy to give him a reach around.

File: image.png (553.6 KB)

553.6 KB PNG

>>108679447
Hardware DVD emulator with SSD inside.
It does not have a software bootloader and streams ISO content as is, secureboot signed etc.

How exactly is this a problem?

>>108679486
Since zero people on the face of the planet (apparently) has looked into and read any of the code for ventoy, it theoretically could do a lot. Mostly injections during the installation.

But enough about Intel ME and AMD PSP.

>>108680152
>buy third party network adapter
>now the glowies cant log into your ME/PSP
simple as

>>108679394
have been following this issue for years now.

it's suspicious but nothing proven so far. the developer responded recently (i mean like almost a year ago by this time) he seems interested in making a proper build system that pulls and compiles the blob from their source at build time.

however it doesn't seem to have gone far beyond just listing the blobs and showing interest in helping.

i think a huge part of the suspicion has to do with the author being Chinese. which is unfortunate. as the the american accusations towards the chinese government of backdooring software and hardware are grossly overexaggerated, and as we know from the recent iran war, it seems like american products are the ones containing backdoors.

i checked the blobs. a lot of them seem to be legit binaries downloaded from different project repos and websites. and the checksums can be verified.
but some are just a mystery box.

idk.

>>108680211
>are grossly overexaggerated
Uhm. They are not, but something like 90% of chinese developers are barely connected with the government or military.

>>108680238(me)
Same stat applies to us developers as well

>>108680211
anyway here is the dev's response

https://github.com/ventoy/Ventoy/issues/3224

learn to read retards:

https://github.com/ventoy/Ventoy/issues/3224#issuecomment-4314059333

>>108680118
HUH how is this not a problem??

>>108680303
DNR buddy boyo

>>108679394
>>108679462
Problem solved
https://aur.archlinux.org/packages/ventoy

>>108680390
in the wiki for ventoy they say it about this exact package https://wiki.archlinux.org/title/Ventoy#Known_issues read above

>>108680144
You can read most of the code. You can't read the binary blobs (or reproduce them) that are responsible for the preboot hooks necessary for ventoy to work. With those same hooks you could do the shit I described up above. Since no one but the dev has access to what these blobs actually are it's impossible to prove it is or isn't malware either way.

>>108680486
indeed

>not checking your ISO

>>108680189
the cell towers wirelessly communicate with every transistorized electronic device you own, using your home's copper wiring as an antenna and signal amplifier.

File: 1776742174406640.jpg (93.5 KB)

93.5 KB JPG

>>108680872
and my ass farts on you

Insecure chink malware

but is there an alternative? i really dont want to rewrite my USB stick everytime i want to install an OS

>>108680985
https://wiki.archlinux.org/title/Multiboot_USB_drive#Automated_tools

>>108680409
Of the list from the original issue, I only see two instances using pre-compiled binaries. The original issue has build instructions for both so it should be fixable.

>>108680985
I have one of those external drive enclosures which can read & mount ISO onto virtual optical drives. I pick the ISO from the menu and the PC sees a USB optical drive with the corresponding disc in there.