But how trustworthy is Rufus? This is a pretty critical operation, after all.
Assuming you have a brand-new Windows laptop in front of you, how do you go about getting Linux on it? Genuinely interested to know. Last time I had to do this, I went via Windows Powershell or whatever it’s called, and used dd. Seemed like the option involving the least untrusted parties.
Personally I think that the distros should be taking charge of this themselves, and providing the .exe installer as well as the ISO.
Why would you count Rufus and balena etcher not trustworthy? Sounds like you’re to deep in the paranoia, which I completely understand, but gets just impractical “Man yelling at cloud” depending on how deep you are.
dd is just another program too, why trust dd? Linux is just another Program too, why trust Linux? And so on. You can audit every (OSS) Program if you want in theory, but let’s be real, no one does that because time is better spent elsewhere.
Rufus is open source, and you can view its source code here. If you have any reason not to trust it, you can audit the source code yourself. All things said, it’s bot a very complex program. Auditing it yourself wouldn’t take a ridiculous amount of time.
Linux distros are not going to distribute .exe files. First off, those are binary files and you cannot verify the integrity of the binaries the same way you can verify the integrity of an ISO. An ISO has all of the files packaged in a readable format, and you can view and verify them manually. Second, compiling a .exe would require the use of Windows, which is non-free software, going against the ideology of open source practices. It is unnecessary and quite frankly ridiculous. A Linux distro is complicated and difficult to maintain as is; each distro being required to maintain their own Windows version of the installer adds a significant amount of work to developers that (for the most part) already aren’t getting paid. The developers working on Linux distros do not have Windows installed, and thus will have greater limitations to testing the installers in Windows. Binary files will work differently on different versions of Windows, which will only introduce more complexity and difficulty to maintaining such an option. Additionally, it would add compilation time to create the .exe files, which will cost money and time over the long run. There are already open source and well trusted softwares to create liveUSBs from ISOs in Windows, it’s just impractical and unnecessary for distros to maintain and distribute those tools themselves. Besides, as far as your “trust” situation goes, that just shifts trust to another entity; it’s zero sum anyway. Just use a tool that already exists like Rufus, Balena Etcher, or Ventoy (all of which are open source).
As far as answering the rest of your question, all you need to do is download the ISO from your distro’s website, download and install Rufus, Balena Etcher, or Ventoy (your choice, doesn’t matter which), plug in a USB device with at least 8GB that you can use for the liveUSB, run Rufus/Etcher/Ventoy, select the USB device, select the ISO file, hit confirm, and you have a liveUSB. Now all you need to do is reboot your computer and (for most systems), it will automatically boot into the live OS where you can install through a GUI installer. In some systems, you’ll need to boot into the BIOS/UEFI settings and enable or move USB boot up in the boot order, or manually boot from USB in the boot selection menu (the button to enter the boot selection screen varies by manufacturer). Then it will boot into the live OS and you can click the install button when it pops up. It’s actually almost the exact same process you’d use to make installation media for Windows and install it to another device, except Microsoft also has their own installation media creator that asks for the same stuff as Rufus if you don’t want to use the ISO from Microsoft for whatever reason. You could also just use Rufus with the Windows ISO though, it’s essentially the exact same thing.
Yes OK I do understand all that, I have used Linux for many years, which includes installing it from time to time.
I am just concerned that all this is beyond the capability of ordinary people, and we need those people if Linux is to thrive. Just the terms and vocab you use in your explanation will leave most of those people mystified. And the ones who decide to take the plunge anyway find themselves with choices that they should not have to face. I speak from experience. I am not a born geek myself, I was a history major.
Anyway, I’ve already had this debate with others here. My opinion does not seem very popular, I get it.
Linux distros are not going to distribute .exe files
One or two distros do. I believe Fedora offers an all-in-one installer executable.
As for the question of trust, the advantage of bundling the installer with the ISO is that you remove third parties. If I trust the distro and my TLS connection to the distro’s website, that’s good enough for me and should be good enough for most users.
But how trustworthy is Rufus? This is a pretty critical operation, after all.
Assuming you have a brand-new Windows laptop in front of you, how do you go about getting Linux on it? Genuinely interested to know. Last time I had to do this, I went via Windows Powershell or whatever it’s called, and used
dd. Seemed like the option involving the least untrusted parties.Personally I think that the distros should be taking charge of this themselves, and providing the .exe installer as well as the ISO.
Why would you count Rufus and balena etcher not trustworthy? Sounds like you’re to deep in the paranoia, which I completely understand, but gets just impractical “Man yelling at cloud” depending on how deep you are.
dd is just another program too, why trust dd? Linux is just another Program too, why trust Linux? And so on. You can audit every (OSS) Program if you want in theory, but let’s be real, no one does that because time is better spent elsewhere.
As I see it, there are two solutions to the trust problem.
The strong solution: read the source code.
The weak solution: trust as few actors as possible, if possible a single one - and download from their website.
I was advocating the second solution.
Rufus is open source, and you can view its source code here. If you have any reason not to trust it, you can audit the source code yourself. All things said, it’s bot a very complex program. Auditing it yourself wouldn’t take a ridiculous amount of time.
Linux distros are not going to distribute .exe files. First off, those are binary files and you cannot verify the integrity of the binaries the same way you can verify the integrity of an ISO. An ISO has all of the files packaged in a readable format, and you can view and verify them manually. Second, compiling a .exe would require the use of Windows, which is non-free software, going against the ideology of open source practices. It is unnecessary and quite frankly ridiculous. A Linux distro is complicated and difficult to maintain as is; each distro being required to maintain their own Windows version of the installer adds a significant amount of work to developers that (for the most part) already aren’t getting paid. The developers working on Linux distros do not have Windows installed, and thus will have greater limitations to testing the installers in Windows. Binary files will work differently on different versions of Windows, which will only introduce more complexity and difficulty to maintaining such an option. Additionally, it would add compilation time to create the .exe files, which will cost money and time over the long run. There are already open source and well trusted softwares to create liveUSBs from ISOs in Windows, it’s just impractical and unnecessary for distros to maintain and distribute those tools themselves. Besides, as far as your “trust” situation goes, that just shifts trust to another entity; it’s zero sum anyway. Just use a tool that already exists like Rufus, Balena Etcher, or Ventoy (all of which are open source).
As far as answering the rest of your question, all you need to do is download the ISO from your distro’s website, download and install Rufus, Balena Etcher, or Ventoy (your choice, doesn’t matter which), plug in a USB device with at least 8GB that you can use for the liveUSB, run Rufus/Etcher/Ventoy, select the USB device, select the ISO file, hit confirm, and you have a liveUSB. Now all you need to do is reboot your computer and (for most systems), it will automatically boot into the live OS where you can install through a GUI installer. In some systems, you’ll need to boot into the BIOS/UEFI settings and enable or move USB boot up in the boot order, or manually boot from USB in the boot selection menu (the button to enter the boot selection screen varies by manufacturer). Then it will boot into the live OS and you can click the install button when it pops up. It’s actually almost the exact same process you’d use to make installation media for Windows and install it to another device, except Microsoft also has their own installation media creator that asks for the same stuff as Rufus if you don’t want to use the ISO from Microsoft for whatever reason. You could also just use Rufus with the Windows ISO though, it’s essentially the exact same thing.
Yes OK I do understand all that, I have used Linux for many years, which includes installing it from time to time.
I am just concerned that all this is beyond the capability of ordinary people, and we need those people if Linux is to thrive. Just the terms and vocab you use in your explanation will leave most of those people mystified. And the ones who decide to take the plunge anyway find themselves with choices that they should not have to face. I speak from experience. I am not a born geek myself, I was a history major.
Anyway, I’ve already had this debate with others here. My opinion does not seem very popular, I get it.
One or two distros do. I believe Fedora offers an all-in-one installer executable.
As for the question of trust, the advantage of bundling the installer with the ISO is that you remove third parties. If I trust the distro and my TLS connection to the distro’s website, that’s good enough for me and should be good enough for most users.
Just my opinion.