I was bored at work one day. I decided to put a nyan cat easter egg in my company’s app. If at the loading progress bar screen you typed NYAN it would turn the progress bar into a rainbow being created by a little nyan cat while playing the nyan cat song. The mp3 (inconspicuously renamed without the extension) doubled our build size. No one batted an eye cause no one paid attention to the build size much.

Fast forward 5 years later, at a different job, I get a phone call from the old boss. Do you happen to know anything about this nyan cat file we found?

I had no idea what he was talking about.

What does BLOB stand for?

Anyone who wants to fix this can help fix it, but people are just making demands of an unpaid maintainer. The devs can run this project the way they want to. If you don’t like it, don’t use Ventoy.

The people comparing this to the xz exploit are out of line. xz was a library that was deeply embedded in a lot of software. Ventoy is an IT tool used to boot live OSes. Not even remotely the same attack surface.

Blobs in the source tree are not ideal, but people need to pick their battles.

As a wise one once said: “Talk is cheap, send patches”

Glad it’s getting a little more light. Been trying to tell people this for a few years now lol. It’s the reason I’ve stayed away from it since first learning of the tool and looking at the “source code”.