this post was submitted on 14 Oct 2024
56 points (72.2% liked)
Linux
48323 readers
637 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I heard people raving about ventoy, i checked it out online, but blobs and chinese maintainer made it seem fishy. Even if a maintainer was legit it only takes CCP thteatening their family to get a backdoor inserted
This is ridiculous. You don't trust "Chinese maintainers" ("even if legit" lol), because the "CCP" might threaten "their family to get a backdoor inserted".
Absolutely unhinged level of fantasy in the context of this project. A nation of 1.4 billion people and you don't trust anyone there to write software? You know they made your phone and pretty much everything else right? Also, the idea that "the CCP" is somehow uniquely (among governments) willing and able to coerce or commission backdoors in software is a feverishly deluded attitude.
Propaganda has put a backdoor in your brain.
We have chinese police here in Vancouver (edit Non Canadian force), if residents speak badly about CCP these "Police" show up at the door and try to coherce them back to mainland. I'm not regurgitating the articles, my friend living in vancouver had them show up. I'm not trusting blobs.
New York, DC, and LA as well. If one doesn't want a polite knock, one doesn't speak ill of the CCP.
Canada had investigated and started to shut some down here. they had actual office front building setup as Chinese police station. Smaller places it was decentralized Chinese pokice. Downvoters should read the news links https://www.cbc.ca/news/canada/ottawa/rcmp-chinese-police-stations-1.6862336
Down voting for 2 reasons:
if you search Chinese Police Canada (or USA) there are tons of articles that are way more in depth, and describe encounters, etc.
I added that link so people don't think I'm making it up when my friends house is getting door knocked by two CCP police.
It does not directly relate to Ventoy, it relates to why I would not trust a chinese product as we have first hand witness here in Canada of CCP harassing residents or forcing them back to china. There is that much control, even when they don't live in China, that if CCP wanted to have widespread spying they would just pick a dev with family in the mainland.
Your phone, computer, TV, and various other electronics in your house were not made in China? You believe that your own country or mine cannot secretly compel backdoors?
I realize that this era makes it difficult, but that is why I would be cautious in projects, like Rustdesk dev was obfuscating the chinese location, and blobs, so I have removed that. My phone runs GrapheneOS so things are sandboxed, my home electronics are either totally blocked from web access, or certain IPs restricted. And of course Canada US would try to compel, but we have more transparency here than CCP shinanigens. I'm just saying, everyone blindy installing Ventoy that has more blobs than source code, and possible mainland connection should not be
Ventoy does not have more blobs than source code. The 3 blob folders—which constitute ~1MB out of ~16MB—are properly labeled with reproducible build instructions... for now. The 4 months' silence and impersonation without opposition are suspicious. That said, I think it's still safe to use your existing installations.
My car was Hecho en Mexico so long ago they didn't know cars could even connect to anything other than OBD2, phone was wiped for graphene, and my light switches don't have proprietary blobs that can phone home, they have screws and wires and absolutely no (internet) connectivity. Hell even my computer is Taiwanese, and runs Fedora anyway, though I am already bitching about Intel ME and AMD PSP.
Honestly, the concern around privacy is nothing new for lemmy, the only problem is that instead of worrying about corporate or US GOV spying in this case the worry is the CCP, and that's bad because criticising anyone but "western propagandists блять" is a no-no here.
You're quite the outlier, so congrats on that. I'm pretty privacy conscious myself, so I understand that part of the attitude. What drives me crazy is the irrationality of people making hysterical claims about China that at least as accurately describe their own country.
The claims are neither irrational nor hysterical, they're totally grounded and based in reality, and we should be just as suspicious of them as we are of The West™®©. What's more, being critical of china in a context where it's relevant while not mentioning The West™®© doesn't mean you never criticise anyone other than China and Russia, it means the current conversation is regarding China. If this were a story of an American dev being sketchy and including proprietary blobs, me and you, probably would be in here wondering if the NSA or CIA is involved rather than saying "but the CCP." I remain critical of proprietary software regardless of it's origin.
The user above was essentially saying "never trust a Chinese developer". That is irrational and hysterical. I would say the exact same thing if I heard someone saying "never trust a Russian/American/Indian/English/etc developer".
No he wasn't, he was saying never trust Chinese proprietary code (blobs), because they can compel citizens. If you can audit the code you can audit the code, the country becomes irrelevant.
Furthermore in this instance even if he was saying "don't trust chinese devs," not because they're bad people, but "because they live under an oppressive regime that can force them to do the bad thing," that's still not racist, it's still a criticism of the regime itself that very well could be rectified (well good luck.)
Chinese blobs are no more or less trustworthy than any other blobs. The Chinese government is not more or less willing or capable to force a Dev to do the bad thing.
Exactly, but being that this thread involves the country known as China, the reason to distrust those proprietary blobs is the CCP. If this thread were about an american dev, the threat would be NSA/CIA, if Russian FSB, on and on, as such.
Russia is currently involved in a big-ahh war and actively threatens the west. I don’t see why the CCP would be a greater concern.
Did he travel to Russia? I thought you said he traveled to China. If so aaah "because he's there?" If he was in Russia I'd be inclined to agree regardless of his nationality that Russia would be the be the bigger threat, in my opinion "the country he's in" would be a step above "a separate country that is at war with another separate country."
I misunderstood you.
No worries!
It doesn't "involve the country known as China". The country has nothing to do with it, which is why it stood out to me for someone to be fearmongering about China. If it was an American or Australian dev, I doubt very much that concerns would have centered around their nationality.
What country did the guy travel to? I thought they said it was China, if not then my mistake, but if so, "yes it does."
If there was an american national dev in a country where america couldn't touch them, and they suddenly traveled to the US and dropped contact, it would certainly be suspicious that the NSA or CIA could be involved.
Chinese guy goes to China and doesn't push any commits for awhile. Simplest explanation is that "the CCP" has abducted him.
It's definitely not impossible. Whatever it is I hope dude is ok. And I still encourage the use of FOSS whenever possible.
hey let's not attribute racism to canadians in an act of ethnicism
Hang on, it's racist to call out totalitarian dictatorships that put muslims in concentration camps and have secret police in other countries to enforce their draconian laws abroad on other sovereign state's soil?
Fuck that, the chinese government is sketchy as hell, and so are you for trying to downplay the distrust said government has earned quite well as "racism." Do you work directly for them or is it more of a 3rd party contractor situation?
Yeah, sure would be if anyone had done that, but that assumption was an invention of your own not contained within the statement you replied to. "The belief" is that the Chinese government can coerce any citizens within it's borders (and some outside it's borders no less), stop putting words in other's mouths yourself then.
Mmhmm "canned meme response" yes. Totally not employed to curtail criticisms of the government you're defending, I can tell by the originality.
The American government is sketchy as hell too, but you aren't here telling us not to trust American developers...
No, I do that on threads about american devs. You can't just hand wave any criticisms of a government away with "racism" or "but whatabout this other government you also complain about?!"
I notice you haven't told me that homophobia is bad too while you're calling me racist, I guess that means you like homophobia? No? That's just as ridiculous as "if you criticise one government you have to criticise them all in the same comment." This isn't "did you bring enough criticism for the whole class" time.
None of this should be news to anyone here, lemmy is highly privacy focused and that doesn't go away simply because the proprietary blobs in question could be doing sketchy things for the CCP instead of the NSA, either way it's bad to normal people who aren't blindly allegiant to the CCP or the NSA.
To play devil's advocate, people often justify their biases with seemingly more reasonable stuff. "only good people should be trusted to breed" is eugenics even if someone made a funny movie about it.
Very true, but we can't just not criticise a government because the people involved checks notes "aren't white." What would make them above criticism? In my view the only possible answer is because (and it's usually applied to children or the mentally disabled,) "they don't understand what they're doing." In my personal opinion "Nonwhite people" are just as capable as "white people" of knowing what they're doing, as they are not by default children or mentally disabled (though they do also have both categories, and those categories should get a little more leeway). They know spying is wrong whether they're "chinese" or "american."
Read my other reply in this thread you will see why/how CCP oversteps boundaries, and why you don't trust blob code you can't verify
Nope just maintainers that I can't verify their identity, not asians in general.
We live in a mixed bag of skin colours here, I have no issue with people...just CCP and their infiltration of their officials into Canada... that are harassing citizens and Permanent residents of chinese descent.