I’m curious what the difference is between Balenca etcher and Ventoy for writing isos to a live USB for distro hopping purposes. I see both recommended in fourms. Is there any advantage to using one over the other? Are they both equally safe/secure?

I’m also curious about trying out new distros. I’ve been using LMDE for about a year now and it’s been fine, but I want to expand my knowledge and see whether LMDE is my favorite distro or not. I’m not the most well versed in Linux and don’t have any prior programming experience so a beginner/mid level distro is what I’m looking for. I want something I can test out without connecting to WiFi (so not arch).

  • Telorand@reddthat.com
    link
    fedilink
    arrow-up
    79
    arrow-down
    4
    ·
    edit-2
    3 months ago

    Balena Etcher is a writer that does one ISO at a time. Other similar options are Fedora Writer, Rufus, etc.

    Ventoy is one that can do multiple ISOs and is generally easy to manage.

    However, be aware that Ventoy has a lot of unknown code involved. There’s binary blobs that the maintainer refuses to open source, so there’s a big question over whether it’s hiding some malware or is using unpatched packages. Nobody knows except the maintainer, and it’s just his word saying it’s safe. You could use it to test out ISOs, but I wouldn’t personally use it to actually install a system.

    Also, the Ventoy fanbois are pretty insufferable, and they tend to brigade anyone that speaks ill of Ventoy or its dev.

    If you want something similar that’s open source, Glim works and could be a good option; YUMI has been around for a while, but I dunno if it’s still a good project or not.

    Edit: typo

    • AbidanYre@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      1
      ·
      3 months ago

      Can you point to some discussion of the ventoy blobs? I had never heard and can’t find anything that says it’s not GPL3.

      • Nibodhika@lemmy.world
        link
        fedilink
        arrow-up
        17
        arrow-down
        1
        ·
        3 months ago

        This thread made me look at this issue. Realistically it’s not a big issue, the VAST majority of the binary blobs are accounted for and have a script or a readme file that shows where they’re downloaded from.

        That being said I will take a serious look at alternatives.

        • ouch@lemmy.world
          link
          fedilink
          arrow-up
          6
          arrow-down
          2
          ·
          3 months ago

          Ugh, those GitHub comments are horrible. If I was the author, I would just walk away from the project. People have no shame in making demands for free work.

          • IcyToes@sh.itjust.works
            link
            fedilink
            arrow-up
            7
            ·
            3 months ago

            You ain’t wrong. The level of arrogance stinks. Especially when the author put effort into documenting the sources etc.

            There do appear to be a lot of these know-it-all-but-contribute-little types around.

            Maybe a few are missing, but simply asking, and I’m sure they’ll provide. If someone wants a better build system, they could volunteer to do it themselves.

        • AlligatorBlizzard@sh.itjust.works
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          3 months ago

          Should I be worried? I was distro hopping for a bit and put together a Ventoy drive to make that easier, and I used it to boot the install iso for the distro I ultimately decided on for my gaming laptop. It seemed highly recommended and I didn’t know about the Ventoy bros at that point.

          • Telorand@reddthat.com
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            3 months ago

            Probably not. I’ve used it as well (before I knew about Glim) to preview distros, but I am not using it to do installs, since I can’t be certain what’s in it.

    • thingsiplay@beehaw.org
      link
      fedilink
      arrow-up
      9
      ·
      3 months ago

      I want to use Glim too, because the binary Blobs in Ventoy are bugging me a lot. But Glim is a bit limited still: README

      My experience has been that the safest filesystem to use is FAT32 (surprisingly!), though it will mean that ISO images greater than 4GB won’t be supported. Other filesystems supported by GRUB2 also work, such as ext3/ext4, NTFS and exFAT, but the boot of the distributions must also support it, which isn’t the case for many with NTFS (Ubuntu does, Fedora doesn’t) and exFAT (Ubuntu doesn’t, Fedora does). So FAT32 stays the safe bet.

      • Telorand@reddthat.com
        link
        fedilink
        arrow-up
        10
        ·
        3 months ago

        Yep. It’s probably fine for most people, but it’s still a trade-off between transparency and utility. Ventoy is superior functionality, but those blobs bug me, too, and the fact that the dev is so openly hostile towards transparency is concerning.

    • maniii@lemmy.world
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      3 months ago

      Cool! I might give that a try instead of the Ventoy i use regularly. Thanks for the info !

      • Telorand@reddthat.com
        link
        fedilink
        arrow-up
        16
        ·
        3 months ago

        I have quite literally never seen that. The majority of the time, somebody brings up Ventoy, somebody mentions the opaque blobs or some other legitimate criticism, and a bunch of fanbois pile onto that person for having their own opinions or concerns.

        Ventoy works well, but the lack of transparency concerns me and people like me.

        • sorter_plainview@lemmy.today
          link
          fedilink
          arrow-up
          9
          arrow-down
          1
          ·
          3 months ago

          I have a different experience. There was one thread which linked to a github issue. The issue said some blobs don’t have source code. Ironically when I went on to check, the blobs mentioned in the issue had source code, but there were other blobs which seemed to miss the source or build instructions.

          I would love to have an independent audit to put this issue at rest. All that happens is more and more noise and no resolution. I am not a programmer so can’t really help here.

          • Telorand@reddthat.com
            link
            fedilink
            arrow-up
            5
            ·
            3 months ago

            I would also love that! The truth of this matter would be much preferred over a bunch of cast aspersions.