Show HN: eInk optimized manga with Kindle Comic Converter (+Kobo/ReMarkable) (github.com)

72 points by seam_carver 1h ago 7 comments

Show HN: 100.st – Dev utilities I built for format conversions and encoding (100.st)

7 points by abdelbkk 2d ago 3 comments

Show HN: Clippy – 90s UI for local LLMs (felixrieseberg.github.io)

1055 points by felixrieseberg 1d ago 256 comments

Show HN: Whippy Term - GUI terminal for embedded development (Linux and Windows) (whippyterm.com)

85 points by SurvivorTed 18h ago 11 comments

Show HN: Plexe – ML Models from a Prompt (github.com)

115 points by vaibhavdubey97 1d ago 45 comments

Show HN: Sheet Music in Smart Glasses

193 points by kevinlinxc 1d ago 24 comments

Show HN: Feedsmith — Fast parser & generator for RSS, Atom, OPML feed namespaces (github.com)

63 points by macieklamberski 23h ago 9 comments

Show HN: LocoStudio - A better UI for Ollama (locostudio.ai)

4 points by simmy345 4h ago 0 comments

Show HN: Nelly – Create your own team of AI agents (nelly.is)

6 points by gitmagic 4h ago 0 comments

Show HN: VectorVFS, your filesystem as a vector database (vectorvfs.readthedocs.io)

265 points by perone 2d ago 135 comments

Show HN: Reverse Pac-Man (reverse-pacman.staticrun.app)

68 points by Eagle64 2d ago 47 comments

Show HN: YouTube Time Machine – browser extension to find forgotten videos (frankmeeuwsen.com)

8 points by thatinternetguy 11h ago 0 comments

Show HN: TextQuery – Query CSV, JSON, XLSX Files with SQL (textquery.app)

156 points by shubhamjain 2d ago 57 comments

Show HN: 80s Style AI Interface (vt320.odai.chat)

4 points by gsibble 1h ago 2 comments

Show HN: My AI Native Resume (ai.jakegaylor.com)

294 points by jhgaylor 2d ago 194 comments

Show HN: Klavis AI – Open-source MCP integration for AI applications (github.com)

77 points by wirehack 2d ago 50 comments

Show HN: Real-time AI Voice Chat at ~500ms Latency (github.com)

504 points by koljab 1d ago 224 comments

Show HN: Tkintergalactic - Declarative Tcl/Tk UI Library for Python (github.com)

85 points by leontrolski 1d ago 10 comments

Show HN: Outpost – OSS infra for outbound webhooks and event destinations (github.com)

64 points by alexbouchard 1d ago 8 comments

Show HN: Bracket – selfhosted tournament system (github.com)

149 points by tripleseven 2d ago 35 comments

Show HN: I built a 7-day calendar app – no months or years, just the next 7 days (weeklong.life)

45 points by nbagersh 1d ago 31 comments

Show HN: Wordle style games are not dead. I collected 314 and looking for more (dles.gg)

6 points by trizoza 9h ago 0 comments

Show HN: Free web "Form Builder" (TypeForm for free) (forms.labs.crafxdesign.com)

8 points by ssdesign 19h ago 0 comments

Show HN: PageQL – Embed SQL directly in HTML (pageql.dev)

13 points by xiphias2 1d ago 7 comments

Show HN: Agents.erl (AI Agents in Erlang) (github.com)

4 points by arthurcolle 15h ago 1 comments

Show HN: Journelly for iOS: like tweeting but for your eyes only (in plain text) (xenodium.com)

80 points by xenodium 3d ago 58 comments

Show HN: Driverless print server for legacy printers, profit goes to open-source (printserver.ink)

183 points by ValdikSS 2d ago 38 comments

Show HN: Free, in-browser PDF editor (breezepdf.com)

775 points by philjohnson 3d ago 171 comments

Show HN: CodeCafé – A real-time collaborative code editor in the browser (github.com)

77 points by mrktsm__ 2d ago 11 comments

Show HN: ProcASM – A general purpose, visual programming lanugage (procasm.temware.site)

10 points by Temdog007 2d ago 5 comments

Show HN: I taught AI to commentate Pong in real time (github.com)

204 points by pncnmnp 5d ago 52 comments

Show HN: New hypervisor for secure sandboxing (replaces Firecracker) (vieews.com)

4 points by vieews 18h ago 0 comments

Show HN: Use Third Party LLM API in JetBrains AI Assistant (github.com)

102 points by Stream 4d ago 40 comments

Show HN: OpenRouter Model Price Comparison (compare-openrouter-models.pages.dev)

8 points by pacific01 1d ago 4 comments

Show HN: Tired of bloated time trackers? Here's a dead-simple, free one I built (apps.apple.com)

16 points by vikmex 1d ago 5 comments

Show HN: Kevin-32B – how to do multi-turn RL on writing CUDA kernels (cognition.ai)

7 points by silasalberti 21h ago 0 comments

Show HN: I built a synthesizer based on 3D physics (anukari.com)

510 points by humbledrone 4d ago 123 comments

Show HN: Korey – a product management agent for software teams (korey.ai)

7 points by kschrader 22h ago 2 comments

Show HN: X402 – an open standard for internet native payments (x402.org)

14 points by __erik 22h ago 6 comments

Show HN: Pinggy – A free RSS reader for the web (pinggy.com)

6 points by vasanthv 1d ago 1 comments

Show HN: OSle – A 510 bytes OS in x86 assembly (github.com)

159 points by shikaan 5d ago 32 comments

Show HN: MCPBar – Open-Source Package Manager with Open Registry for MCP Servers (mcp.bar)

2 points by jdeng 1d ago 0 comments

Show HN: The World's Worst Factoring Algorithm – It Kind of Works (worldsworstfactoringalgorithm.com)

2 points by wwfa 1d ago 0 comments

Show HN: API Testing and Security with AI (qodex.ai)

8 points by siddhant_mohan 1d ago 3 comments

Show HN: FileKey – Encrypt files with passkeys, locally. No servers or accounts (github.com)

2 points by neutrinoq 1d ago 0 comments

Show HN: Roons – Mechanical Computer Kit (whomtech.com)

203 points by uncial 6d ago 30 comments

Show HN: Kubetail – Real-time log search for Kubernetes (github.com)

126 points by andres 5d ago 35 comments

Show HN: Create your own finetuned AI model using Google Sheets (promptrepo.com)

137 points by QueensGambit 7d ago 41 comments

Show HN: MP3 File Editor for Bulk Processing (cjmapp.net)

28 points by cutandjoin 3d ago 17 comments

Show HN: Pipask – safer pip without compromising convenience (github.com)

52 points by Feynmanix 4d ago 38 comments

iVentoy tool injects malicious certificate and driver during Win install

14 josephernest 8 5/6/2025, 9:26:35 PM github.com ↗

Comments (8)

josephernest · 19h ago

(I am not the person who found it, but I reproduced and I confirm his finding)

Another source:

https://security.stackexchange.com/questions/281238/iventoy-...

josephernest · 18h ago

Up to now, I confirm I can reproduce the following steps:

- download of official "iventoy-1.0.20-win64-free.zip"

- extraction of "iventoy.dat"

- conversion back to "iventoy.dat.xz" thanks to @ppatpat's Python code

- confirm that "wintool.tar.xz" is recognized by VirusTotal as something that injects fake root certificates

The next steps are scary, given the popularity of Ventoy/iVentoy :

> Analyzing "iventoy.dat.xz\iventoy.dat.\win\vtoypxe64.exe" we see it includes a self signed certificate named "EV" certificate "JemmyLoveJenny EV Root CA0" at offset=0x0002C840 length=0x70E. > vtoypxe64.exe programmatically installs this certificate in the registry as a "trusted root certificate"

Maxious · 17h ago

JemmyLoveJenny still lives!

https://www.bleepingcomputer.com/news/security/hackers-explo...

josephernest · 17h ago

Playing devil's advocate, could it be that they require a temporary access to a customized Windows driver (and thus they fake a trusted root certificate) to make Ventoy work? If that's the case, they should have documented it properly in the source...

Or do you think it's 100% malicious?

ziml77 · 13h ago

This year old issue regarding blobs in the repo with a ton of replies has not gotten responses from the author https://github.com/ventoy/Ventoy/issues/2795

Doesn't mean for sure it's malicious but them not even explaining why there's blobs like this is very suspicious.

Maxious · 9h ago

I think regardless of intent, it is a security vulnerability to install these ring 0 loopholes. Microsoft is cracking down on RGB lighting and anticheat software drivers similarly

sn0n · 13h ago

So... If I use ventoy should I worry?

*Starts looking for alternatives just cuz*

out-of-ideas · 10h ago

isnt iventoy different than ventoy?

also check if your system has the reg key listed in the issue

there's always https://www.supergrubdisk.org/super-grub2-disk/

and finally, if you are really concerned and dont want to re-install, you can always take export the registry key of your root certs of a ventoy installed system and compare against a system not loaded with ventoy

edit: can also use systemd to boot iso's (among many other things)