What happened? Due to the recent XZ-Utils drama I checked the code and I'm appalled. There are more BLOBS than source code. https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f8946...
Ventoy is a tool to make a USB with multiple ISOs bootable, letting you select which ISO to use on boot. Another newly-created account claims to be the dev's friend and translator and has received no contact from the maintainer.
if you search Chinese Police Canada (or USA) there are tons of articles that are way more in depth, and describe encounters, etc.
I added that link so people don't think I'm making it up when my friends house is getting door knocked by two CCP police.
It does not directly relate to Ventoy, it relates to why I would not trust a chinese product as we have first hand witness here in Canada of CCP harassing residents or forcing them back to china. There is that much control, even when they don't live in China, that if CCP wanted to have widespread spying they would just pick a dev with family in the mainland.
Your phone, computer, TV, and various other electronics in your house were not made in China? You believe that your own country or mine cannot secretly compel backdoors?
I realize that this era makes it difficult, but that is why I would be cautious in projects, like Rustdesk dev was obfuscating the chinese location, and blobs, so I have removed that. My phone runs GrapheneOS so things are sandboxed, my home electronics are either totally blocked from web access, or certain IPs restricted.
And of course Canada US would try to compel, but we have more transparency here than CCP shinanigens.
I'm just saying, everyone blindy installing Ventoy that has more blobs than source code, and possible mainland connection should not be
Ventoy does not have more blobs than source code. The 3 blob folders—which constitute ~1MB out of ~16MB—are properly labeled with reproducible build instructions... for now. The 4 months' silence and impersonation without opposition are suspicious. That said, I think it's still safe to use your existing installations.
My car was Hecho en Mexico so long ago they didn't know cars could even connect to anything other than OBD2, phone was wiped for graphene, and my light switches don't have proprietary blobs that can phone home, they have screws and wires and absolutely no (internet) connectivity. Hell even my computer is Taiwanese, and runs Fedora anyway, though I am already bitching about Intel ME and AMD PSP.
Honestly, the concern around privacy is nothing new for lemmy, the only problem is that instead of worrying about corporate or US GOV spying in this case the worry is the CCP, and that's bad because criticising anyone but "western propagandists блять" is a no-no here.
You're quite the outlier, so congrats on that. I'm pretty privacy conscious myself, so I understand that part of the attitude. What drives me crazy is the irrationality of people making hysterical claims about China that at least as accurately describe their own country.
The user above was essentially saying "never trust a Chinese developer". That is irrational and hysterical. I would say the exact same thing if I heard someone saying "never trust a Russian/American/Indian/English/etc developer".
No he wasn't, he was saying never trust Chinese proprietary code (blobs), because they can compel citizens. If you can audit the code you can audit the code, the country becomes irrelevant.
Furthermore in this instance even if he was saying "don't trust chinese devs," not because they're bad people, but "because they live under an oppressive regime that can force them to do the bad thing," that's still not racist, it's still a criticism of the regime itself that very well could be rectified (well good luck.)
Chinese blobs are no more or less trustworthy than any other blobs. The Chinese government is not more or less willing or capable to force a Dev to do the bad thing.
Exactly, but being that this thread involves the country known as China, the reason to distrust those proprietary blobs is the CCP. If this thread were about an american dev, the threat would be NSA/CIA, if Russian FSB, on and on, as such.
Did he travel to Russia? I thought you said he traveled to China. If so aaah "because he's there?" If he was in Russia I'd be inclined to agree regardless of his nationality that Russia would be the be the bigger threat, in my opinion "the country he's in" would be a step above "a separate country that is at war with another separate country."
It doesn't "involve the country known as China". The country has nothing to do with it, which is why it stood out to me for someone to be fearmongering about China. If it was an American or Australian dev, I doubt very much that concerns would have centered around their nationality.
What country did the guy travel to? I thought they said it was China, if not then my mistake, but if so, "yes it does."
If there was an american national dev in a country where america couldn't touch them, and they suddenly traveled to the US and dropped contact, it would certainly be suspicious that the NSA or CIA could be involved.