"Disk re-encryption in Linux" by Stepan Yakimovich -- "Disk encryption is an essential technology for ensuring data confidentiality, and on Linux systems, the de facto standard for disk encryption is LUKS (Linux Unified Key Setup)."
https://is.muni.cz/th/zjyql/?lang=en

https://redd.it/1jnsswj
@r_linux

Other Linux builds besides Rocknix or Batocera for the Retroid Pocket 5.

For the Retroid Pocket 5...

I'm trying Rocknix Linux right now, but it's very limited, I don't like the UI, because I want a more open desktop type environment, and I want more freedom to use more apps and do computer type stuff like some light programming on this thing.

Is the Retroid Pocket 5 capable of properly booting into basic Debian image, then for me to install an environment like Q4OS. Or even just to boot into an already graphical environment based Linux OS, like some other Ubuntu or Debian build?

Booting from an SD card if that helps.

Also, I don't know if this server is really for asking specific questions for devices like this, just thought I'd try to post it here.

If this violates any rules, or can't be answered here, just delete it, moderators.

https://redd.it/1jnt7ik
@r_linux

Distro based on a virtual environment or containerization type approach

Basically I mean a distro where there Is an option to make venvs like Python to install a specific package such that deleting that venv deletes everything related to it.

1. Do flatpaks/snaps work like that?
2. If no, Does a distro like this exist? I vaguely remember reading this in some article but am unsure.
3. Is this approach actually feasible

https://redd.it/1jnwimp
@r_linux

Linux browser security technical details

Hi all, hopefully this is an OK place to post this; I'm interested in having a bit of a discussion of the technical details of browser security on Linux, mostly because I can't find any solid resources that consolidate all info into one place and, particularly when it comes to flatpak, there seems to be a lot of opinions presented as fact without any evidence or even ignoring key technical aspects of the discussion. This is partly musings on what I can find so far and partly an invitation/request for comment, particularly on the Webkit side.

What I'm most interested in is the security properties of browsers available on Linux with respect to host/browser isolation, tab to tab isolation, and privacy (ie isolating browsing activity from the vendor(s))

As far as running natively, Chromium based browsers seem to have the most robust sandboxing - they use user namespaces and seccomp-BPF to create a multi-layer, hardened sandbox. Firefox in theory uses the same approach but are maybe a touch behind just because there's less effort invested in auditing, testing and hardening their sandbox because of the smaller overall market share. Webkit (biggest example being Epiphany/Gnome Web) uses some sort of sandbox, beyond that I can't find any details so I have no idea if they use seccomp-BPF, user namespaces or both, searching for details of their sandboxing just gets flooded out by discussions of Flatpak and Chromium due to the shear volume. In theory they inherit work on sandboxing from the underlying Webkit which should have additional work put into it by Apple though so the small share of Webkit browsers on Linux might not hold it back as much as Mozilla's limited resources do, which might help them keep up with the bigger players.

For running in a flatpak, the discussion space is flooded with half baked opinions and misunderstandings that completely ignore the fact that host/browser isolation isn't really the same thing as tab to tab isolation and they can (and should) be analysed separately. Flatpak blocks containerised applications from direct access to user namespaces, which means that browsers inside a flatpak can't use that features to sandbox between tabs. A lot of people frame this as "replacing the browser sandbox with a weaker sandbox" but that's completely ignoring the fact that, properly configured, a flatpak sandbox will provide stronger isolation between the browser and the OS since flatpak provides a much simpler and stricter interface between the container and the host than the much more complex interface between a browser and the host, and the fact that flatpak uses the exact same technology - user namespaces - that it's barring containers from accessing, that's the entire reason they block access to it in the first place, so the container can't just reconfigure the namespace and try and escape. This is an important consideration because, in theory, a smaller interface between the upstream sandbox, flatpak, and the OS means that there's a lower chance of malicious code breaking all the way through to the host than there would have been for it to break out of the browser sandbox when running natively. Also worth noting that flatpak allows this to be mitigated by providing a nested namespace tool.

Within the above limits, there's a few approaches. A lot of Chromium browsers use Zypack to emulate the old SetUID approach to the top layer sandbox by effectively tricking the browser into requesting flatpak to set up namespaces for it. A few use a patch that directly calls the flatpak namespace API instead. Firefox just switches off layer 1 sandboxing and relies entirely on seccomp-BPF - in theory this is less secure, in practice the Firefox devs not-unreasonably point out that seccomp-BPF seems to be pretty secure so far (although if that's the case why bother with user-namespaces?). Also of note is that neither Chromium nor Firefox use userns on systems where that feature is disabled, which has historically been the case on a number of Debian based systems and seems to

still be the case on Ubuntu if AppArmor isn't configured for a given application. There's absolutely no information I can find whatsoever as to what Webkit does here - if they use seccomp-BPF only when running natively presumably they just keep doing that in a flatpak, but I can't find any details about this.

Any thoughts? Anything I've missed? I'm pretty sure everything I've said is accurate so far but I'm coming at this from the standpoint as a hobbyist sysadmin with some additional interest in security, I'm not a coder by any stretch and would very much appreciate hearing the thoughts of others here, particularly if anyone can detail what Webkit uses.

https://redd.it/1jnykfm
@r_linux

Will i need another hardware to test the kernel?
https://redd.it/1jnzisj
@r_linux

Shotcut 25.03 Released (video editor)
https://www.shotcut.org/blog/new-release-250329/

https://redd.it/1jo1lca
@r_linux

SATA SSD disappears on reboot command but not shutdown

I'm not sure what all information is required to help troubleshoot this issue so please ask whatever questions are necessary.

I have a PC running KDE Neon (ubuntu 24.4). Linux was installed originally on a SATA SSD that was over 12 years old (OCZ vertex4) and the SSD was mounted at /. Everything worked fine but the OCZ drive was so old it did not have all the modern SMART features and did not have the ability to provide remaining life status. I was getting a bit paranoid as the drive was old. Shutdowns and restarts worked with zero issues.

I recently wanted to upgrade the OCZ SSD and got a Samsung 870 Evo. I used clonezilla to clone the OCZ to the Samsung SSD. Everything booted up fine and worked. I noticed the drive disappeared on reboots and thought it was defective so I replaced it. I swapped back to the OCZ and ordered a WD Blue SATA SSD. Upon receiving it, I did the same thing. I used clonezilla to do device-to-device cloning from OCZ to WD. Booted up the WD and everything worked fine except the drive would disappear on reboots. Same as the Samsung I just didn't notice the pattern with the Samsung.

So starting to look into it more, when using the "restart" command in KDE, when the computer reboots and gets to the bios startup, the bios does not see the SSD anymore. The SSD has essentially powered down or went into sleep and wont wake back up. I have to remove power at the power supply and then power back up and bios sees the SSD just fine and boots. The shutdown menu button in KDE has no such issue. If I use the shutdown menu button and then turn the PC back on, drive is seen right away in the bios and boots with no issues. So something is happening or not happening with the restart KDE menu button that causes the drive to go offline.

Thinking that this might be some issue due to the original install being on a very old SSD which acted more like an HDD than modern SSD, I tried a fresh new Live USB session to test and see if that had the same issue. It does. Using the KDE Neon latest Live USB version, restart command kills the drive but shutdown command does not.

I think this might have something to do with EFI or APM. This old PC has legacy bios and not UEFI. Would someone be able to help me figure this out?

THanks for any help.

https://redd.it/1jo3uyn
@r_linux

Linux GTK Theme for a completely black and white setup with red accents

Hi there! I'm currently trying to rice sway to make it completely black/white with a few red accents and I wanted to ask if anybody can provide a gtk-config that matches the setup. I once tried to tweak GTK myself but I'm no pro and some things looked very weird.

https://preview.redd.it/tdxbeobdw1se1.png?width=1920&format=png&auto=webp&s=065e950faa7cf5240ffc8f709e0b73eaa29f95d3



https://redd.it/1jo76o0
@r_linux

Linux saved me from buying a new Laptop
https://redd.it/1jo84ln
@r_linux

Linux 6.15 Perf Tooling Introduces New Support For Latency Profiling
https://www.phoronix.com/news/Linux-6.15-Perf-Tools-Latency

https://redd.it/1jocbf3
@r_linux

bootable usb

hey fellow linux users, i created a bootable usb using rufus and when i click on try/install ubuntu a a ubuntu logo appears with the loading circle and after a minute or so the loading circle disappears and im just left with the ubuntu logo on a black screen. any ideas on what is happening that it is not loading ubuntu?


https://redd.it/1jof4jd
@r_linux

Support for Go library and utilities by Foxboron · Pull Request #36914 · systemd/systemd
https://github.com/systemd/systemd/pull/36914

https://redd.it/1jogknh
@r_linux

Why installing Linux is "hard"

I am someone who does not finding installing Linux "hard". Like many Linux users, I was already a proficient computer user when I started using Linux, and that was because I really like using computers. Installing Linux is "hard" for most people because 90% of users are hopelessly incompetent. Linux users will say "Ubuntu/Mint is just as easy as installing Windows" which is true, but the vast majority of users have not installed any operating system in the past 15 years and most of those people have never installed an operating system once. Installing windows simply is not a normal part of the user experience anymore, and so those 90% of users never interact with the bios and don't even know it exists. Shit, some particularly oblivious people likely don't even know that their os is called "Windows" you might think that's impossible given it's all over the screen but a lot of people don't actually read what's on the screen. All they know is that they bought a "Dell" or an "Asus".

That and also, a unix-like system is fundamentally different to windows in a way that is going to be very unintuitive to most users due to starting on windows. I remember being confused as to why Linux had no equivalent to ".exe" for executables, and why something like a bash noscript was in many ways treated the same as a binary, but now I see the sense in it and I prefer it to the windows way. Finding solutions for Linux problems isn't always easy since every distro has it's own quirks, and noobs don't understand that what they are actually interacting with most of the time is the desktop environment, and so they probably want a solution for a problem on XFCE, or Gnome, rather than Ubuntu or Manjaro. A GNU/Linux system is kind of just a bunch of software thrown in a pile which I'm not a huge fan and so I've been interested in trying FreeBSD for some time but that's besides the point.

Before a novice user can even live boot their Linux usb, they have to look up how to get to the bios, how to choose a boot device, and then they can live boot. And this sums up why I think Linux is hard - using Linux trails off into having to research a lot of unfamiliar vocabulary before you can really understand what it actually is you're doing. And that really is hard for a novice user.

https://redd.it/1jojmx9
@r_linux

Breathe! (Again! Antix and a story)
https://redd.it/1jomybt
@r_linux

Introducing Void Linux: Enterprise Edition
https://voidlinux.org/news/2025/04/enterprise.html

https://redd.it/1jonyna
@r_linux

Help plz... Getting my label printer working.

Hello All,
I have no clue if what I want is even possible.
I have a Casio Lateco EC-P10 label printer (https://www.casio.com/jp/label-writer/product.EC-P10/)
This printer was intended to run on Windows/Mac but, I am running Linux Mint.

The printer can connect to wifi, and the builtin application sends data to it. I attempted to use Wireshark to figure out what port it is on, but haven't yet figured it out.

The printer doesn't show up in the netework printers dialog.

I COULD run virtual box to talk to it, but my hope is to add this printer to my work flow where when I code an MCU using STM32CubeIDE I then trigger a process to print a label. I am all ready to get the process triggered, but sadly I can't figure the printing part out.

Does anyone know where to start on this, and if it is even possible at all?

Thanks everyone!

https://redd.it/1jonvwf
@r_linux

This is why I use linux
https://redd.it/1jop49h
@r_linux

Belgium Introduces “Freedom Fee” on US Commercial Software, Open Source Spared
https://redd.it/1josx52
@r_linux

Firefox 137.0, See All New Features, Updates and Fixes
https://www.mozilla.org/en-US/firefox/137.0/releasenotes/

https://redd.it/1joulnf
@r_linux

BREAKING: Linus merged /dev/llm0 into kernel 6.16

In a surprise move, Linus Torvalds has merged /dev/llm0 into Linux 6.16. This new character device responds to plain English prompts with context-aware code suggestions, shell pipelines, and sarcastic comments about your coding habits.

The merge commit message reads:

“As long as it doesn’t break userspace, I don’t care if it hallucinates.”

Early benchmarks show /dev/llm0 consumes 3GB RAM just to say “it depends.”

https://redd.it/1jowcms
@r_linux