Tails no longer recommending balenaEtcher
I am shocked by this - the quote in below is very concerning:
"However, in 2024, the situation changed: balenaEtcher started sharing the file name of the image and the model of the USB stick with the Balena company and possibly with third parties."
Can't see myself using this software anymore...
533
Comments151
♬ Hello
ddmy old friendI’ve come
sudowith you again ♬Hello cat or cp or pv... Or anything else that works with files
Huh this is news to me. Wonder why dd has been the defacto standard in guides everywhere for the past 15-20+ years
.. and the sign said the bytes of the distro are written to the SD card …. if they’re un-tar’d ..
That's interesting, apparently it was mentioned on github but nothing seems to have changed in the end
https://github.com/balena-io/etcher/issues/3784
Haven't used that software in a long time but maybe there's an opt-out somewhere during runtime? Although I don't see why a user needs to be required to opt out of nonsense like this when just writing firmware to a USB disk.
Only ever touched balenaEtcher when some project or distro recommended it. Overall prefer Rufus for this sort of thing when working on Windows.
I've used Sardu on Windows for making multi-iso bootable USB sticks a long time ago in the past, but I'd admittedly never looked at their ToS or Privacy Policy. My use case was slapping some live boot antivirus scanners, data recovery tools, and one or two lightweight liveboot-Linux ISOs on one USB as a portable toolkit.
When I'm making anything else from Windows, I've always stuck with Rufus. Had never heard of BalenaEtcher before now.
I"m horrible with names of programs and mess with a lot of junk comps switching out OS's and just tinkering around so I'm always using crazy utility programs. BalenaEtcher is used in a lot of tutorials or guides for installations, I think recently both Elementary OS and even Ubuntu had instructions pointing towards BalenaEtcher.
I never thought it was a great program, it was finicky to use and errors out quickly multiple times. Looking back I saw the signs, weird new program being promoted above other "well established" burn programs, ads, and now scrolling down their webpage it's just a bunch of promotional subscription bullshit. I think I just threw up in my mouth a little bit looking at the "balenacloud" and "balenasense", like if they're collecting your data through etcher then all of that shit is probably compromised. Another fucking google wannabe corp.
If you need a FOSS, cross platform GUI for bootable USB sticks, Raspberry Pi Imager is a really good solution.
It is mainly used to flash SD cards for RPIs, but also you can burn any ISO on any support with it.
I used to use the fedora media writer but the RPi imager software is so easy I switched
I remember a while back, years before this surfaced, there was a thread on /g/ with a group photo of Balena's employees and a caption like "why does it take so many people to develop an electron wrapper around dd". Obviously it was low effort engagement bait (balena does much more than etcher), but the comments were full of people calling the company a glowie honeypot and the like. Moral of the story: Trust the schizos, they sense spyware form lightyears away.
So tor is compromised?
Is no one aware of Fedora Media Writer? It's FOSS and the most trustworthy ISO burning software in existence. It's only issue is that its named as if it is written only for producing Fedora bootable media. It works for everything.
Opensuse has one too. And dd exists for the brave or the foolish
The article at the end mentions they suggest dd as alternative for MacOS (due to Unix user space). It seems the balena -> rufus decision is about the easiest-onramp Mac+Win-portable option, for those uncomfortable dropping to low-level device-writing CLI tools in their current system.
Side-note: Last time I was on a friend's Windows I installed dd simply enough both as mingw-w64 (native compiled) and under Cygwin. So for Windows users who are comfortable using dd it only requires a minor step. When I once used WSL devices were accessible too, but that was WSL1 (containerized), whereas WSL2 (virtualized) probably makes device-mapping complex(?) enough to not be worth it there.
WSL2 has relatively easy (a few powershell commands iirc) device mounting, provided you aren't trying to mount C: or the windows install drive (not necessarily the same).
Thanks, that's good to know, but for raw-writing a bootable image to a device do you (or anyone reading) know if there are also straightforward powershell commands for mapping devices at the block level? (as opposed to mounting at filesystem level)
I dunno... I just use dd.
cat works perfectly fine too 👌
Eh, I prefer being able to specify block sizes, to maximize the throughput.
Seeing progress, too
Meh i find it slow.
Or gnome disks, which also adds an "open with 'write to drive'" option to isos and images
Sudo dd if=tails.iso of=/dev/sdb
bash: Sudo: command not found
Lol, nice one
Sudontplease :P
Ah, a
doasuser, I see!Or working on a case sensitive system
Oh, damn, that was the joke!? Went right over my head lol
In my early days of Linux, I royally fucked up a USB thumb drive (back when they were expensive) using
ddand as a result do not trust myself with it.I would use Hannah Montana Linux if it was the only GUI option to burn a USB ISO.
Weird. I can't even tell you how many times I've used that command. But it's probably been several thousand. And I've never screwed up a flash drive that way.
There has been once or twice where I've pulled the flash drive out too quickly after it finished writing and it actually hadn't finished writing and had to redo it, but other than that, I've not actually screwed up any drives beyond repair or anything.
for Windows?
Rufus.
And who cares if there's spyware on windows, you're already using windows so there is, it's windows. At that point you may as well just use etcher, but I'd use Rufus anyway because let's be real it's just better. The only reason not to use Rufus is because it's windows exclusive, but if you're using windows that probably doesn't bother you, so...
Install wsl lol.
Install WSL
Oh, sorry. I didn't realize you were on Windows. That's a Linux command. I haven't used Windows very much since about 2018, so I don't even consider Windows anymore unless it's brought up.
The article was about Windows. And, no, I'm not on Windows. i use GrapheneOS on my phone and triple-boot Arch/Debian/Fedora on my laptop. I'm just making the point that the article was about Windows so replying with UNIX commands doesn't really make sense.
Friendship ended with Balena
Now Rufus is my new best friend
i still don't understand why anyone would use etcher. it's an electron wrapper over
dd. it's 80MB where rufus is 1.5. when it appeared there were already other programs that did its job better.Rufus seems to be just for Windows and dd does not have a gui
that's correct. on windows, rufus is a better tool, and on linux or mac it's just a built-in command with a manual packed in.
also, ubuntu ships with startup image creator, and gnome disks ships as a flatpak, if those are more your speed.
Thanks for the info, I'm on linux mint and after checking these out it isn't immediately apparent from their websites whether or how I could install them. Still think etcher occupies a niche that alternatives don't fill, its website directs you straight to installing it, it's cross platform, and using it is very easy, so it's something that could reasonably be linked to in various install tutorials.
on mint you install them as packages.
I like clicking buttons that have a text on them saying what they do instead of trying to memorize a gajillion terminal commands and flags where I have to enter more commands and flags to see what they do.
plus it's some some sanity checks like not showing you your system drives. Or warning you when the drive you are about to nuke is suspiciously large and maybe not the usb drive you actually want to use.
This is basically the main feature. Stopping you from fatfingering the wrong drive
use rufus.
I used it because that's what the instructions on the Linux Mint website for creating a bootable USB stick from Windows say to do.
I have no clue what "electron wrapper", "dd", or "rufus" are. I'm trying to learn more, but can't learn it all in one day.
https://linuxmint-installation-guide.readthedocs.io/en/latest/burn.html#in-windows-mac-os-or-other-linux-distributions
weird that the installation guide is hosted on a separate website that hasn't been updated in eight years. that's irresponsible of them. anyway rufus is a better version of etcher that you can download for windows.
I've typically used Etcher when I have to write an ISO on Windows
use rufus.
Happy user of Ventoy here
Good luck with the binary blob!
For some more context:
https://lemmy.one/post/19193506
💀💀 seems like dd commands and gnome's MultiWriter might be the only ways to flash stuff on linux
Fedora Writer is another one (also works on Windows and maybe Mac), and there's also GLIM for multiboot, similar to Ventoy.
There's also Popsicle which is made by the folks over at System76.
Gonna look into GLIM, thanks
The linked article recommends Raspberry Pi Imager for writing Tails from macOS, and that is also available on Linux and Windows.
https://www.raspberrypi.com/software/
Though the site only shows how to install on Ubuntu, the GitHub repo for the tool does have an AppImage that should work on any distro.
https://github.com/raspberrypi/rpi-imager/releases
I thought the binary blob thing was explained?
Basically UEFI booting requires shims and those need to be signed so the Ventoy author is re-using the ones from Fedora and OpenSUSE. This can be verified by comparing hashes, which the author of that comment shows how to do.
This whole thing seems to come down to people freaking the F out because they don't understand how the software works and the Author of the software is currently PO'd off at the community and stopped answering questions.
The price of doing business with UEFI. There are ways around it but it works so fucking smooth. I'm down with it.
A reason was given but no source was provided, and their response to the question was very slow. I don't trust it.
Last I heard it was also suspect: Ventoy source code contains some unknown BLOBs, still no word on the issue from the dev after months
Completely aside from the blob issue mentioned, the Tails team has recommended against using a multiboot utility like Ventoy to install Tails. Ventoy works fine for basically any other operating system (again, aside from the blob issue), just not Tails, which is what this post is about.
That's..... Interesting. I've been using Ventoy professionally for like... 2-3 years now and I've not once had an issue with daily use. Unironically like 2500-3000 uses without issue.
This has been my experience as well. Some people love it, but I'm not gonna rely on it for critical backup or recovery tools (also, there's that whole binary blob thing, besides).
I have had no complaints about it, but with that said, I absolutely would not use it for any vital backup your recovery tools.
It was fantastic however, to use to load up with handfuls of different live distro ISOs to play around with.
Rufus is great! I worked with the maintainer to fix a bug in hardware they didn't have and it was a very pleasant experience.
Just use
dd. It's not that hard. You pass it 2 arguments:if=the file you want to flash, andof=the destination. If you're feeling fancy, pass in somestatus=progress. And don't forget to prepend it withsudo. That's it.I just tried this the other day and was unable to boot from the USB. Any chance you could shed some light on what I might have screwed up?
The command was:
The USB stick was not mounted and the fedora image was verified. The command completed successfully but I couldn't boot from it. When I used fedora writer to burn the same image to the same USB stick it booted no problem.
Edit: spelling & capitalization
Don't use Fedora myself, but it may not be a hybrid ISO that becomes bootable when written... so I looked and you are missing a flag
From https://docs.fedoraproject.org/en-US/quick-docs/creating-and-using-a-live-installation-image/
Ah! Thank you! I knew it was something I screwed up!
You didn't screw up, you beautifully proved why the CLI is never a simple solution.
It reminded me when I told a coworker he could force the Windows shutdowns with the command 'shutdown -p -f" from either a Run.exe or a cmd window.
Then he said it wasn't working, and that the cmd window would just open and close quickly but no shutdown.
Imagine my surprise when he was doing shutdown -pf .
I don't think
oflags=directhas any influence on the result. Apparently that's about disabling the page cache in the kernel, which can avoid a situation in which the system slows down due to buildup yet-to-write pages.Perhaps not. But the flag allows for direct I/O for data, bypassing buffers which can be overrun with certain size blocks, potentially causing dirty buffer depending on the machine being used. My understanding is that it's "more reliable" for writing (especially on shitty USB Flash drives) and getting the exact ISO properly written.
But it could be useless all the same - I'm just pointing out that OPs command is not the one recommended by Fedora when writing their ISO. Also OP is less likely to pull the drive before buffers have flushed this way.
Oh yeah that's where I was getting at, but I didn't have time to write that out earlier. I agree that OP probably pulled out the usb stick before buffers were flushed. I imagine that direct I/O would mitigate this problem a lot because presumably whatever buffers still exist (there would some hardware buffers and I think Linux kernel I/O buffers) will be minimal compared to the potentially large amount of dirty pages one might accumulate using normal cached writes. So I imagine those buffers would be empty very shortly (less than one second maybe?) after dd finishes, whereas I've seen regular dd finish tens of seconds before my usb stick stopped blinking it's LED. Still if you wait for that long the result will be the same.
Did you make sure that the
ofis correct?lsblkto make sure.If your sure it wrote to the right drive i would make sure that you have a good download. Did you run your checksums?
I think fedora works with secureboot but you might want to disable it just to see if that is the issue. I believe you can reenable it after install.
Make sure to go into the bios and boot from external drive/usb.
Out of 15 years of using
ddi have never had a problem.I did verify with
lsblk, with a listing before and after plugging in the stick to be absolutely sure.I also did verify the checksum of the ISO.
I'll double check SecureBoot, but as I mentioned, the same ISO written to the same stick with Fedora writer did boot in the same machine it wouldn't boot from with the
ddversion.I know it's something I did or didn't do to make it work correctly, so this is not me trying to dunk on
dd, just trying to understand what I did wrong.You might not have done anything wrong.
There is also the possibility of a bad USB drive or write memory failure. There is lots of things that could go wrong that's not your fault. Might try a different USB or a different USB port on your machine.
You might want to try zeroing out the USB,
if=/dev/zero. Then you might need to make a new partition table. You can use something like gparted. Or https://linuxconfig.org/how-to-manipulate-partition-tables-with-fdisk-cfdisk-and-sfdisk-on-linuxYou can try GPT or DOS. I dont think it matters.
Not sure if the ISO will have the partition table so you might want make the new partition table just to be sure the stick defiantly has one. If dd overwrites it from the iso no harm no foul.
Thats all the troubleshooting steps I can think of right now.
I tried belenaEtcher once on my Mac... And it seemed to me more like a spyware than an actual software, I was a bit confused and never used it again.
Here's a wildcard people might not know about: Raspberry Pi Imager
I use it because it's faster than Etcher and it also has a bunch of quick links to download popular images (mainly for RPI and other arm-based SBCs) in one click which is handy if you use those regularly.
Why use a fancy GUI tool when good old
dddoes the trickcp command works well too
dd status=progresscan also tell you how far along the operation is.Dang, nice! I've been using dd for nearly 30 years and have never seen that. I actually used to used dcfldd because it had better progress reporting than dd (and supported repeated patterns for input). Thanks for sharing!
cat is the tool of distinguished gentlemen
Because of the risk of accidentally wiping the main drive if you're just copy pasting stuff
If that happens to you, that's both a great reminder that mindlessly copy-pasting commands from the internet is a terrible idea, and a chance to practice your restore-from-backup routine! I see no downsides.
Wow, I was not aware of that. I really liked balena. Thankfully, I haven't been using it since installing Mint.
Can always use dd but I always go stupid when I need to set boot flags and all that crap, which is so much easier with etcher. I think I've done dd with gparted in the past.
i've never needed to set a single flag with dd. i just do
if=the_iso of=the_disk. what flags?Don't you need to mark usb disks as bootable if you want to boot from them to install Linux or whatever
that's not something i've ever had to do, i've only done that for hard drives.
i think it depends on the image you get - for archlinux you can simply cat (or dd) the file onto a usb stick and it works perfectly fine, bootable. but i think i have seen an image at some point where it didn't work, but i don't recall what it was.
It won't depend. I think it's because back in the day we never had an easy way to force boot a device, if a device wasn't flagged as bootable it wouldn't boot
https://circle.gnome.org? Never tried their ISO software, I just use dd.
Not using Ventoy in 2025?
Ventoy uses several blobs without any instructions of compiling them yourself?
I guess I could install Ventoy on the raspberry Pi's SD card, but I prefer it to be bare, since the idea is to keep it simple.
Balenaetcher has, for me at least, failed to write to USBs for the last 3 years or so that I've tried to use it - meanwhile random iso writers from flatpak have been more reliable for me. Very obnoxious that so many iso related sites recommend it. Rufus kicks tons of ass, if for whatever reason you're still on windows.
Also on most distros I've tried, the disk utility has some sort of right click or context menu that gets you a 'restore disk image' button that works great as well.
Edit= I used Popsicle USB writer from flatpak on steam deck with no issue today! Made by system76 (makers of popOS) and found on flatpak. It is absolutely no frills, but works well enough to write an SD card image for a raspberry pi! 🙂
Flatpack? You are using Linux and you need "iso writers"? Is your dd broken, son?
This sounded like a techy Ron Swanson.
Are the scissors broken in your house, son?
At least one person got the reference!
😂 I also read this as Ron's voice!
Nah as much as i love doing stuff via terminal, I am extra paranoid specifically about writing to the wrong device and losing data; I prefer as many confirmations as possible that I'm writing to the correct drive, and graphical installers tend to give me just a few more reassurances. A few examples would be stuff like
I'm also the kind of person who stares at a written email worrying about every last nuance of my phrasing, so 🤷♂️😂 definitely a me problem, I think!
Yet another reason for people to run a default prompt (deny until prompt answer) firewall.
A what?
Good question. I will attempt to clarify:
OP is saying that individual should run firewalls on their machines, that block port activity by default, and only allow traffic upon an approved request by the administrator account.
An interactive firewall.
One that blocks programs from accessing the internet and prompts the first time they try until you click a button that says allow or you choose the alternative which is deny. A program like this you'd have no reason to give it internet access, it's something whose operations should be entirely local.
Linux mint factory USB creator just right click and make bootable.
Not used it since I discovered this nonsense. Shows how seriously they take security. https://github.com/balena-io/etcher/issues/3410
have they tried also tracking for errors, cause it fucks up every second image unlike rufus
Truth. Etcher is garbage. Rufus is king.
i still had issues using 150MB electron based bloated and heavy software instead of rufus, not that it worked for me anyway
I only tried to use it once, and same. 150MB of a Web app to copy an ISO? I think I was using a Macbook to flash it and decided to use ventoy instead, with my PC.
I understand that it needed a GUI, but 150 megs?? When :
Yeah Mac has dd too, I often forget about the terminal existing there. I wish Ventoy for Mac was a thing tho.
Generally Ventoy is better than both. Choose a dedicated flash storage, flash Ventoy to it, then click and drag as many ISO's as can fit on your drive and you can boot from any one of them at any time.
Much better than Etcher or Rufus, IMO.
Who tf is downvoting? Ventoy is the best
From literally the same thread: https://lemm.ee/comment/14867214
What options are there for flashing to SD cards? Something that works on Mac too would be nice. A gui is preferred.
Plug your usb drive in and run lsblk to figure out which letter to use instead of x in /dev/sdx
sudo dd if=image.iso of=/dev/sdx bs=1M status=progress
EDIT: I totally didn't read your request. This is not gui or Mac based, but it still might help someone.
I'm pretty sure mac, being based off freebsd, would include dd
Mac should have dd,
I'd assume lsblk as wellnot lsblk though. There's fdisk thoughThanks for trying.
I'm not against terminal, but I'd just have to look up commands every time that I rarely use.
The comment said "SD Card" so it would be
/dev/mmcblk*I use a microSD to usb adapter and have 2 spinning rust disks. So it's /sdc for me, but i still always double check. Dd isn't called the disk destroyer for nothing.
Doesn't the official guide recommend using GNOME Disk Utility anyway?
Glad I saw this. I downloaded the tool on recommendation from a forum post when I was reviving my homelab. I’ll nuke it for sure.
Thats a shame, it was one of the few disk imagers that "just worked"
Ahh too bad because balenaEtcher just werks for me.
If you actually read the post, you would have known, it does work, but there are some privacy concerns with it:
I did read the post before constructing my comment and that's why I feel sad for seeing privacy concerns popping up at balena, because that's just my fav.
Thank you for pointing it out.
...and that's how I met your
motherforkHonestly, if you're using Windows, then you most likely already sent any and all of your secrets to Microsoft anyway. Including that you installed Tails.
I've been avoiding it ever since the Balena moniker change.
The MX Linux live USB maker should work well on Debian based distros.
balenaEtcher never worked for me. No image that I flashed has been usable to boot. The RPi imager has been working flawlessly
Unrelated to balenaEtcher but I haven't been able to flash ISO files from Windows 11, either by using Rufus, Etcher, Fedora Media Writer, or even the WSL. I need to borrow a computer running a FLOSS operating system or to install OpenBSD first, and then from OpenBSD to download and burn an ISO file.
That sounds like an issue with your computer rather than W11. I just used Etcher on my W11 desktop to flash Mint XFCE yesterday with no issues.
Thanks for the tip, I'll try that with different computers.
I mean for privacy things it makes sense to avoid leaking anything. But I fail to understand where the danger is to have anonymous data that says a user installed "Ubuntu-24.04-wappity-whatever.iso" to "KINGSTON DATA TRAVELER 32GB" at some point.
If anything that seems like worthwhile analytics for the dev team to have access to.
Most software lets you opt out of sending anonymous analytics data though.
They could just ask. "Please allow us to know what you flash and on what device so we can improve the software" yes, no, tell me more, show me the data
Then I would have no problem using the SW, transparency is important to me
It is a trap for people not knowing and government may use it as excuse to activate executive
I used it less than a week ago for a Mint install, worked fine.
If you actually read the post, you would have known, it does work, but there are some privacy concerns with it:
I seriously DGAF who knows which Mint edition I installed or the brand of flash drive I used.
Dude really goes to a cyber security community and hits them with the 'i have nothing to hide'