Stallman

muhyb · 1 day ago

Stallman

merci3@lemmy.world · 1 hour ago

something something snap package

Possibly linux@lemmy.zip · 18 minutes ago

Not a proprietary blob unless you install proprietary software

Lovable Sidekick@lemmy.world · 1 hour ago

Or not.

🇰 🔵 🇱 🇦 🇳 🇦 🇰 ℹ️@lemmy.world · 20 hours ago

I’m something of a proprietary blob myself.

milicent_bystandr@lemm.ee · 10 hours ago

You should open sauce!

GamingChairModel@lemmy.world · 2 hours ago

You can get my source code but good luck compiling it.

Feathercrown@lemmy.world · 1 hour ago

9 month compile time?? We’ve gotta get these numbers down

QuazarOmega@lemy.lol · 3 hours ago

Ayy, not that fast, their blob is licensed under the BSL, get to know them a while first

Possibly linux@lemmy.zip · 20 hours ago

Linux moment

rickdg@lemmy.world · 1 day ago

nvidia?

_cryptagion [he/him]@lemmy.dbzer0.com · 1 day ago

And here I am, marking unfree software as installable as the first thing I do on any distro.

dinckel@lemmy.world · 4 hours ago

I love OSS but I won’t sacrifice my experience just to go fully libra. Sometimes it just doesn’t make sense. I’m glad it’s an option for people who do want that though

I'm Hiding 🇦🇺@aussie.zone · 12 hours ago

I’ll absolutely take FLOSS if I can get it, but failing that, FOSS is still a nice improvement over closed-source software.

joel_feila@lemmy.world · 2 hours ago

What does the L stand for

grrgyle@slrpnk.net · 2 hours ago

Libre, which is synonymous with free.

I think it’s more free in some way? I’m not sure, but I think it means free as in doesn’t cost anything. Whereas FOSS means free as in open and modifiable, but the maintainer(s) might still charge for it.

Something Burger 🍔@jlai.lu · 1 hour ago

Its French for “free”, as in freedom. Free is ambiguous and can also mean free of charge.

Feathercrown@lemmy.world · 1 hour ago

I think those are backwards

grrgyle@slrpnk.net · 29 minutes ago

I thought they might be… you’re probably right.

BlaBlaBla@sopuli.xyz · 20 hours ago

It’s good that it’s opt in

Feathercrown@lemmy.world · 1 hour ago

The NixOS default config has allowUnfree set to false, so it’s not always opt-in

_cryptagion [he/him]@lemmy.dbzer0.com · 20 hours ago

Oh, agreed. There are definitely people who can live without unfree software. Me, I can’t do without Steam and Lutris.

slazer2au@lemmy.world · 1 day ago

Ventoy?

mexicancartel@lemmy.dbzer0.com · 12 hours ago

Just open source blobs instead of proprietary blobs

rtxn@lemmy.world · 1 day ago

From the Ventoy developers: the blobs are getting unblobbed.

Turret3857@infosec.pub · 29 minutes ago

Took them over a year to say anything? I have since just gone back to burning single drives and honestly it’s fine. Ventoy was convenient but taking a year to respond to a genuine concern is crazy.

Possibly linux@lemmy.zip · 20 hours ago

There is also a new community fork to get rid of the blobs and bad cert loading. The ventroy dev has made a bunch of concerning choices so some people hard forked the code. I forgot where is was though.

pogmommy@lemmy.ml · 20 hours ago

Is this the one you’re talking about? https://github.com/fnr1r/ventoy-cpio

Possibly linux@lemmy.zip · 20 hours ago

That’s the one

troed@fedia.io · 1 day ago

oh wow that really put the trust back into Ventoy. Nice! Thanks for the link

fmstrat@lemmy.nowsci.com · 19 hours ago

Happened after a partner product in the Ventoy repo was found to have a pretty major vulnerability due to a… you guessed it, pre-compiled supply chain attack.

Lucien [he/him]@mander.xyz · 1 day ago

Off topic, but I’d never heard of Ventoy before and looking at it now, holy shit, I wish I’d known about it sooner.

Tundra@lemmy.ml · 1 day ago

just started using this for the first time, Is it still ok to use?

rtxn@lemmy.world · edit-2 1 day ago

Yes, but people have concerns. Ventoy is fully open-source, but the build process pulls binary blobs (compiled executables, think of them like blob chips) from other F/OSS projects, which is an issue for some people. They have legitimate concerns about trusting Ventoy because they have to implicitly trust the projects that Ventoy pulls from but can’t verify what is getting pulled. If such a project were to become compromised (the way XZ-Utils was), it would eventually spread to Ventoy.

That being said, the developers (or singular developer, not sure) are taking steps to reduce Ventoy’s dependency on external blobs. It’s a difficult task and they have limited resources, but they have acknowledged that it is an issue and are working on a solution.

unhrpetby@sh.itjust.works · edit-2 1 day ago

If such a project were to become compromised (the way XZ-Utils was), it would eventually spread to Ventoy.

What a lot of people don’t know is that the XZ attack entirely relied on binary blobs: Partially in the repo as binary test files, and partially in only the github release (binary).

If someone actually built it from source, they weren’t vulnerable. So contrary to some, it wasn’t a vulnerability that was in plain view that somehow passed volunteer review.

This is why allowing binary data in open-source repos should be heavily frowned upon.

Possibly linux@lemmy.zip · 20 hours ago

I don’t believe iVentroy (PXE tool) is fully foss but I could be wrong.

slazer2au@lemmy.world · 1 day ago

Yea it’s fine.

From memory the blob everyone was complaining about was related to eufi and came from Fedora.

Possibly linux@lemmy.zip · 20 hours ago

Except for the part where it completely nullifies secure boot…

Fine if you don’t care about that but it caused a lot of security issues in the enterprise

Cassa@lemmy.blahaj.zone · 1 day ago

Ah yes, telegram

Baggins [he/him]@lemmy.ca · edit-2 1 day ago

Unzips my ghidra 😏

mariusafa@lemmy.sdf.org · 1 day ago

Let’s dig deeper

neox_@sh.itjust.works · 1 day ago

I can only recommend Guix system 👍

muhyb · 1 day ago

Noice!

andybytes · 9 minutes ago

If the working conditions don’t change computers will become a ball and chain Then deemed useless.