Made the jump to Linux today!
Hey folks!
Im happy to announce that im finally making the jump to Linux today. Everything is installed, everything works. Except 1 thing...
Autodesk inventor. And while i know there have been some earlier discussions befire about this, id like to ask it again now a few months/years later to see if it made any progress.
Heres the deal: ive installed wine, ive tried running the installer, nothing happens. My knowledge kinda leaves me behind on the part of finding alternatives to even run inventor or such a demanding program on my linux laptop.
The specs:
I7-11370H
64Gb ram (plenty enough id say 😅)
Rtx 3050 (works good for basic cad on windows)
I dont think storage is all that important, but il list it anyways: 1tb SSD NVME samsung evo, and 1TB HDD...
Thanks in advance. And no, switching to windows after using linux? Never an option 🐧🐧
https://redd.it/1oofki7
@r_linux
Hey folks!
Im happy to announce that im finally making the jump to Linux today. Everything is installed, everything works. Except 1 thing...
Autodesk inventor. And while i know there have been some earlier discussions befire about this, id like to ask it again now a few months/years later to see if it made any progress.
Heres the deal: ive installed wine, ive tried running the installer, nothing happens. My knowledge kinda leaves me behind on the part of finding alternatives to even run inventor or such a demanding program on my linux laptop.
The specs:
I7-11370H
64Gb ram (plenty enough id say 😅)
Rtx 3050 (works good for basic cad on windows)
I dont think storage is all that important, but il list it anyways: 1tb SSD NVME samsung evo, and 1TB HDD...
Thanks in advance. And no, switching to windows after using linux? Never an option 🐧🐧
https://redd.it/1oofki7
@r_linux
Reddit
From the linux community on Reddit
Explore this post and more from the linux community
Still EPIC: Maintaining Linux on Itanium in 2025 (Tomáš Glozar)
https://www.youtube.com/watch?v=IRYdhj7R7kY
https://redd.it/1ookg61
@r_linux
https://www.youtube.com/watch?v=IRYdhj7R7kY
https://redd.it/1ookg61
@r_linux
YouTube
Still EPIC: Maintaining Linux on Itanium in 2025 (Tomáš Glozar)
Intel Itanium (also called IA-64) is a now discontinued high-performance processor architecture based on explicitly parallel instruction computing (EPIC), a form of very long instruction word (VLIW) design. Since its removal from the Linux kernel mainline…
anybody know any linux mp3 players with cool-looking skins like the old winamp ones?
https://redd.it/1ooyx9p
@r_linux
https://redd.it/1ooyx9p
@r_linux
AI Engineering in a Homelab: Building a Secure, Optimized RAG System on a Low-Power NAS (i5 Gen 8)
https://redd.it/1ooz6br
@r_linux
https://redd.it/1ooz6br
@r_linux
Flatpak Happenings
https://blog.sebastianwick.net/posts/flatpak-happenings/
https://redd.it/1op0mw4
@r_linux
https://blog.sebastianwick.net/posts/flatpak-happenings/
https://redd.it/1op0mw4
@r_linux
swick's blog
Flatpak Happenings
Yesterday I released Flatpak 1.17.0. It is the first version of the unstable 1.17 series and the first release in 6 months. There are a few things which didn’t make it for this release, which is why I’m planning to do another unstable release rather soon…
backing up my home folder (linux) ABB vs Borg ?
I have PC with Ubuntu 25.04 with BTRFS (and 25.10 in a moment) and I want to do my home folder incremental backups.
I know that ABB (Synology Active Backup for Business) allows me to do that (file server backup), and it has only multi-versioned \-mean full backups, incremental - only latest version is available ? (it uses rsync over SSH - no local agent required)
most popular/recommended tool for backups on Linux is Borg, extra feature is deduplication - so I can store many incremental versions (possibly saving A LOT of space, right?)
Did I miss something? of course at the end, ABB allows me to browse backups from DSM UI.
Borg allows me to browse backups from clients or If I install borg-webgui I could do it from NAS's web as well.
Did anyone compare those solutions? any strong reason (or not strong :) ) to use one over another ? (or maybe something completely different?)
https://redd.it/1ooyqdc
@r_linux
I have PC with Ubuntu 25.04 with BTRFS (and 25.10 in a moment) and I want to do my home folder incremental backups.
I know that ABB (Synology Active Backup for Business) allows me to do that (file server backup), and it has only multi-versioned \-mean full backups, incremental - only latest version is available ? (it uses rsync over SSH - no local agent required)
most popular/recommended tool for backups on Linux is Borg, extra feature is deduplication - so I can store many incremental versions (possibly saving A LOT of space, right?)
Did I miss something? of course at the end, ABB allows me to browse backups from DSM UI.
Borg allows me to browse backups from clients or If I install borg-webgui I could do it from NAS's web as well.
Did anyone compare those solutions? any strong reason (or not strong :) ) to use one over another ? (or maybe something completely different?)
https://redd.it/1ooyqdc
@r_linux
Reddit
From the linux community on Reddit
Explore this post and more from the linux community
I built SemanticsAV, a free, AI-native malware scanner for Linux that runs 100% offline. I'm looking for your honest feedback!
Hey everyone,
I'm the creator of SemanticsAV. This project has been a long time coming, and I'm thrilled (and terrified) to finally share it with all of you.
A few years ago, I was designing ML-based malware detectors for a security firm, hitting top scores at major AV tests. I then left the industry for a while to work in CV/NLP and saw AI advancing at lightning speed.
Looking back, I was shocked that malware detection was still stuck in the past, fundamentally chained to the 1990s model of signature databases. Every vendor claims "AI-powered," but for most, it's just a thin layer on top of the same old signature game.
This isn't just a tech problem—it's an economic gate. The signature model means only those with massive data collection budgets can compete, forcing high prices. The result is that the entire Linux ecosystem, the backbone of the internet, has been stuck with ClamAV, a respectable but aging project, as its only real general-purpose open-source option for decades.
I consider this a structural failure, so I decided to build a solution from first principles. My goal was to prove that a true end-to-end AI approach could replace signatures entirely, and deliver top-tier performance without harvesting user data.
This is SemanticsAV:
* AI-Native, Signature-Free: We replaced the slow, expensive, and fallible work of human signature creation with a single, end-to-end AI. It learns directly from raw binary architecture to discover its own brutally effective patterns.
* Free for Linux, Forever: The scanner is perpetually free for all commercial uses on Linux, requiring only attribution. Updates are ultra-lightweight AI models downloaded on-demand via the open-source CLI, ensuring the core engine remains 100% offline during scans.
* Trust Through Verifiable Architecture: The core engine (SDK) is a closed-source binary, but it is architecturally incapable of networking. This isn't a claim you have to trust; it's a fact you can verify. All legitimate network activity is handled exclusively by the MIT-licensed open-source CLI, which you can audit line by line.
* Privacy by Design (Offline-First): The free scanner is 100% offline. Our optional paid Cloud Intelligence service for deeper threat analysis never sends your files, only a tiny (\~15KB) one-way encrypted "architectural fingerprint."
Current Status & The Ask:
The platform currently supports PE and ELF files, with more formats on the roadmap. My goal is for SemanticsAV to become a foundational malware scanner for the Linux ecosystem.
But here's the honest truth: I'm an engine developer, not an open-source maintainer. I've spent years obsessed with the core tech, but I'm a novice at building a community. I'm sure the integration experience has rough edges, the CLI could be better, and the documentation has holes.
This is where I need your help. I'm looking for your brutal, honest feedback. Tell me what's broken, what's confusing, and what's missing. I'm here to learn and will be actively replying to comments.
\---
TL;DR: I was frustrated with old signature-based AV like ClamAV, so I spent years building a free, truly AI-native, 100% offline malware scanner for the Linux community. The CLI is open-source (MIT). I'd love your feedback!
Links:
* Website: https://www.semanticsav.ai/
* GitHub: https://github.com/metaforensics-ai/semantics-av-cli
Thanks for reading, and I'm looking forward to hearing what you think!
https://redd.it/1op43n8
@r_linux
Hey everyone,
I'm the creator of SemanticsAV. This project has been a long time coming, and I'm thrilled (and terrified) to finally share it with all of you.
A few years ago, I was designing ML-based malware detectors for a security firm, hitting top scores at major AV tests. I then left the industry for a while to work in CV/NLP and saw AI advancing at lightning speed.
Looking back, I was shocked that malware detection was still stuck in the past, fundamentally chained to the 1990s model of signature databases. Every vendor claims "AI-powered," but for most, it's just a thin layer on top of the same old signature game.
This isn't just a tech problem—it's an economic gate. The signature model means only those with massive data collection budgets can compete, forcing high prices. The result is that the entire Linux ecosystem, the backbone of the internet, has been stuck with ClamAV, a respectable but aging project, as its only real general-purpose open-source option for decades.
I consider this a structural failure, so I decided to build a solution from first principles. My goal was to prove that a true end-to-end AI approach could replace signatures entirely, and deliver top-tier performance without harvesting user data.
This is SemanticsAV:
* AI-Native, Signature-Free: We replaced the slow, expensive, and fallible work of human signature creation with a single, end-to-end AI. It learns directly from raw binary architecture to discover its own brutally effective patterns.
* Free for Linux, Forever: The scanner is perpetually free for all commercial uses on Linux, requiring only attribution. Updates are ultra-lightweight AI models downloaded on-demand via the open-source CLI, ensuring the core engine remains 100% offline during scans.
* Trust Through Verifiable Architecture: The core engine (SDK) is a closed-source binary, but it is architecturally incapable of networking. This isn't a claim you have to trust; it's a fact you can verify. All legitimate network activity is handled exclusively by the MIT-licensed open-source CLI, which you can audit line by line.
* Privacy by Design (Offline-First): The free scanner is 100% offline. Our optional paid Cloud Intelligence service for deeper threat analysis never sends your files, only a tiny (\~15KB) one-way encrypted "architectural fingerprint."
Current Status & The Ask:
The platform currently supports PE and ELF files, with more formats on the roadmap. My goal is for SemanticsAV to become a foundational malware scanner for the Linux ecosystem.
But here's the honest truth: I'm an engine developer, not an open-source maintainer. I've spent years obsessed with the core tech, but I'm a novice at building a community. I'm sure the integration experience has rough edges, the CLI could be better, and the documentation has holes.
This is where I need your help. I'm looking for your brutal, honest feedback. Tell me what's broken, what's confusing, and what's missing. I'm here to learn and will be actively replying to comments.
\---
TL;DR: I was frustrated with old signature-based AV like ClamAV, so I spent years building a free, truly AI-native, 100% offline malware scanner for the Linux community. The CLI is open-source (MIT). I'd love your feedback!
Links:
* Website: https://www.semanticsav.ai/
* GitHub: https://github.com/metaforensics-ai/semantics-av-cli
Thanks for reading, and I'm looking forward to hearing what you think!
https://redd.it/1op43n8
@r_linux
www.semanticsav.ai
SemanticsAV - From Syntax to Semantics. From Detection to Attribution.
AI-native malware detection with instant genetic positioning. Zero-day detection with threat attribution in seconds.
GNOME Mutter Now "Completely Drops The Whole X11 Backend"
https://www.phoronix.com/news/GNOME-Mutter-Drops-X11
https://redd.it/1op49hf
@r_linux
https://www.phoronix.com/news/GNOME-Mutter-Drops-X11
https://redd.it/1op49hf
@r_linux
Phoronix
GNOME Mutter Now "Completely Drops The Whole X11 Backend"
The merge to GNOME Mutter has finally happened that 'completely drops' the X11 back-end to make GNOME strictly focused on Wayland-based environments.
Ubuntu Core (Immutable) will be the main ubuntu version in the future
https://redd.it/1op6xyv
@r_linux
https://redd.it/1op6xyv
@r_linux
An appreciation post
Wednesday, 05/11/25 16:04:50
I use Linux on both my PC and my laptop. I love Linux. I was an early adopter in the form of Red Hat 6.1 -> Mandrake -> SuSE -> Ubuntu around 25 years ago. I stuck with Linux up until my PC died and with limited funds I could buy a "gaming" PC from eBay for \~£450.
The specs on the new machine were, on paper, 'okay', not great but certainly okay. The only bottle neck was the CPU. Now, my demands are not great. World of Warcraft is the heaviest lifting any of my machines do and this eBay bargain played it just fine. FPS in major cities on retail is a bit dismal and in heavy raid scenarios things can get dire. But, I am a simple WoW player. I like questing; I like levelling professions; I like making money on the Auction House. In other words, my focus is not on heavy demanding end-game scenarios.
Then, around 18 months ago I started getting the occasional blue screen and lock ups.
When I bought the machine, I was told that, if I press F11 on start up, I would be able to reinstall Windows. It didn't work. So I was stuck with a PC that was becoming more and more unusable as the weeks passed and I didn't (don't) have the money to either buy a licence or replace it.
I always knew Linux was an option but now it was becoming a necessity. The last distro I used was Ubuntu so that was my first port of call. However, I remembered preferring KDE over GNOME, and I knew of Kubuntu. So, I downloaded 24.04 not long after release, used Balena Etcher in Windows to create the USB stick and said goodbye to Windows one last time.
I was up and running in no time and since then my usage has been an absolute joy.
As I have said, my demands are not great. In many ways I am an every day user; the apps I have on my taskbar are Brave, Thunderbird, WoW, Shortwave (radio app), Spotify, Only Office, RedNoteBook (journal), PokerStars, Kate, Konsole and Geany.
Not long after, I found out my daughter hadn't been using a 2014 MacBook Air I had bought her because it had aged and with MacOS it had become unusable. I asked her if I could have it, she said 'sure' and I brought it downstairs. i5 CPU, 4GB RAM and 128GB SSD. Instinctively, I knew Xubuntu - Ubuntu's XFCE variant - would be a good match.
Within an hour I had a perfectly usable laptop by my side. While I play WoW or poker on my desktop, I'll be watching a stream on the laptop. I also prefer it for social media and I keep my personal journal on it too.
So, now, I have a 9 year old PC and an 11 year old MacBook as my set up. I would dearly love a new computer but, being the eternal pauper, that simply isn't possible.
I am very happy with my little set up. I want for nothing. Linux gave me that.
https://redd.it/1op87g3
@r_linux
Wednesday, 05/11/25 16:04:50
I use Linux on both my PC and my laptop. I love Linux. I was an early adopter in the form of Red Hat 6.1 -> Mandrake -> SuSE -> Ubuntu around 25 years ago. I stuck with Linux up until my PC died and with limited funds I could buy a "gaming" PC from eBay for \~£450.
The specs on the new machine were, on paper, 'okay', not great but certainly okay. The only bottle neck was the CPU. Now, my demands are not great. World of Warcraft is the heaviest lifting any of my machines do and this eBay bargain played it just fine. FPS in major cities on retail is a bit dismal and in heavy raid scenarios things can get dire. But, I am a simple WoW player. I like questing; I like levelling professions; I like making money on the Auction House. In other words, my focus is not on heavy demanding end-game scenarios.
Then, around 18 months ago I started getting the occasional blue screen and lock ups.
When I bought the machine, I was told that, if I press F11 on start up, I would be able to reinstall Windows. It didn't work. So I was stuck with a PC that was becoming more and more unusable as the weeks passed and I didn't (don't) have the money to either buy a licence or replace it.
I always knew Linux was an option but now it was becoming a necessity. The last distro I used was Ubuntu so that was my first port of call. However, I remembered preferring KDE over GNOME, and I knew of Kubuntu. So, I downloaded 24.04 not long after release, used Balena Etcher in Windows to create the USB stick and said goodbye to Windows one last time.
I was up and running in no time and since then my usage has been an absolute joy.
As I have said, my demands are not great. In many ways I am an every day user; the apps I have on my taskbar are Brave, Thunderbird, WoW, Shortwave (radio app), Spotify, Only Office, RedNoteBook (journal), PokerStars, Kate, Konsole and Geany.
Not long after, I found out my daughter hadn't been using a 2014 MacBook Air I had bought her because it had aged and with MacOS it had become unusable. I asked her if I could have it, she said 'sure' and I brought it downstairs. i5 CPU, 4GB RAM and 128GB SSD. Instinctively, I knew Xubuntu - Ubuntu's XFCE variant - would be a good match.
Within an hour I had a perfectly usable laptop by my side. While I play WoW or poker on my desktop, I'll be watching a stream on the laptop. I also prefer it for social media and I keep my personal journal on it too.
So, now, I have a 9 year old PC and an 11 year old MacBook as my set up. I would dearly love a new computer but, being the eternal pauper, that simply isn't possible.
I am very happy with my little set up. I want for nothing. Linux gave me that.
https://redd.it/1op87g3
@r_linux
Reddit
From the linux community on Reddit
Explore this post and more from the linux community
Script to tweak webcam settings
I use Linux as my daily driver but for certain calls, I tend to boot into Windows because the webcam images look so much better on Windows.
I got a bit annoyed with it and wrote a noscript (ai-assisted) to improve the camera quality. Depending on the ambient lighting, the camera can look just as good as Windows. Makes it usable for me on Linux now.
Here's the github repository. Feel free to use/fork/create prs.
https://redd.it/1op97cs
@r_linux
I use Linux as my daily driver but for certain calls, I tend to boot into Windows because the webcam images look so much better on Windows.
I got a bit annoyed with it and wrote a noscript (ai-assisted) to improve the camera quality. Depending on the ambient lighting, the camera can look just as good as Windows. Makes it usable for me on Linux now.
Here's the github repository. Feel free to use/fork/create prs.
https://redd.it/1op97cs
@r_linux
GitHub
GitHub - pravin/fix-webcam-linux: A set of noscripts to make your webcam look as good as (or better than) Windows.
A set of noscripts to make your webcam look as good as (or better than) Windows. - pravin/fix-webcam-linux
Flatpaks kinda suck in my experience
Let me start off by saying the idea of them is great. Obviously uniting all distros behind a single format is a sound idea and having them sandboxed is great for security. It's just that nine times out of ten, using a flatpak just causes issues for me that are easily solved by not using the flatpak version. Whether it's programs straight up not launching or causing issues with my hardware or other software or certain functions just not working, they just cause issues too often. It's gotten to a point where I will just install the RPM without even trying the flatpak because I don't want to deal with the issues that it is inevitably going to have. I never see anyone talking about this so I wonder if some of you might recognize what I'm getting at.
https://redd.it/1opb8bl
@r_linux
Let me start off by saying the idea of them is great. Obviously uniting all distros behind a single format is a sound idea and having them sandboxed is great for security. It's just that nine times out of ten, using a flatpak just causes issues for me that are easily solved by not using the flatpak version. Whether it's programs straight up not launching or causing issues with my hardware or other software or certain functions just not working, they just cause issues too often. It's gotten to a point where I will just install the RPM without even trying the flatpak because I don't want to deal with the issues that it is inevitably going to have. I never see anyone talking about this so I wonder if some of you might recognize what I'm getting at.
https://redd.it/1opb8bl
@r_linux
Reddit
From the linux community on Reddit
Explore this post and more from the linux community
We Should Act Before The Irreversible Loss of Computing Ownership
I see a very strong trend in the industry: General-purpose computing is being locked down, and the trend is accelerating. It's not one particular manufacturer or architecture; it's systemic.
# The mobile ecosystem is getting worse.
Phones have always been bad, but it's getting worse. Most bootloaders are locked. OEMs make unlocking really painful or extremely punitive: voiding warranties or breaking features. Alternative OSes like postmarketOS have to struggle with proprietary driver blobs and zero hardware documentation. Android is also clamping down with integrity checks and API gating, even when independent software is technically side loadable.
# And it's now also spreading to laptops and desktops.
The same lock-down is following as ARM becomes mainstream in PCs. Apple migrated from UEFI, relatively open Intel Macs to iBoot, much more restrictive Apple Silicon. Linux runs via Asahi only because they reverse-engineered Apple's boot process; it's not a standard UEFI experience.
But this is not because ARM has to be closed. UEFI and Secure Boot work just fine on ARM. The ARM PCs running Windows use them today. Arm's SystemReady program makes ARM devices boot exactly like the x86 PCs. Lock-down is a deliberate product choice, not a technical requirement for the presence of this technology.
# 'Security' is a misleading term and a false justification
Manufacturers say they lock bootloaders for security, but x86 Windows PCs prove you can have secure defaults while letting owners disable Secure Boot or enroll their own keys. Security and openness are not in mutual exclusion; manufacturers simply choose restriction because it maintains control.
# OS lock-down is not justified by regulatory requirements.
Radios and DRM firmware can remain vendor-signed and isolated, but without locking the OS boot process. The baseband/radio actually runs on its own secure processor with signed, secure firmware satisfying FCC/RED requirements. It doesn't need to control what OS the user boots. Same thing for DRM: Measured boot with owner keys can provide attestation for banking/enterprise without requiring OEM-exclusive control.
In other words: lock what regulators actually require (the radio subsystem), not the owner's whole computer.
# What we really should demand?
Owner control of Secure Boot on all general-purpose computers (phones, tablets, laptops, desktops or any architecture):
Allow disabling Secure Boot, OR
Provide documented owner key enrollment (manage your own PK/KEK/db)
# Separation of concerns:
Radio/baseband firmware remains vendor-signed and isolated to meet FCC/RED
But this MUST NOT require OEM control of OS boot
Publish open interfaces, so third-party OSes can use radios, GPUs, cameras without proprietary, NDA-only drivers
# Standards-based attestation with owner keys:
Support measured boot (TPM/DICE) such that banking/enterprise/DRM can get integrity signals even on those third parties operating systems
Works with owner keys, not just OEM keys
# Right-to-repair / EOL:
When OEM updates end, devices MUST allow owner unlock or key enrollment
It enables secure third-party OSes to extend device life, reducing e-waste.
# Transparency:
We should have documented boot architectures and unlock procedures in accessible manuals, so open source implementation can develop properly.
# Why now?
If closed boot with OEM-only attestation becomes the default across phones and ARM PCs, it will be virtually impossible to reverse. We have a small window of opportunity to act now while ARM is still growing, before lock-down is irreversible.
Anchoring in the right place: EU's right-to-repair agenda, and associated cybersecurity frameworks CRA, RED. An argument for mandated secure defaults plus documented owner-control paths to achieve radio compliance via isolation of signed firmware - without justification of OS locking due to radio requirements.
# What you can actually do?
Contact your MEP: frame this in the context of
I see a very strong trend in the industry: General-purpose computing is being locked down, and the trend is accelerating. It's not one particular manufacturer or architecture; it's systemic.
# The mobile ecosystem is getting worse.
Phones have always been bad, but it's getting worse. Most bootloaders are locked. OEMs make unlocking really painful or extremely punitive: voiding warranties or breaking features. Alternative OSes like postmarketOS have to struggle with proprietary driver blobs and zero hardware documentation. Android is also clamping down with integrity checks and API gating, even when independent software is technically side loadable.
# And it's now also spreading to laptops and desktops.
The same lock-down is following as ARM becomes mainstream in PCs. Apple migrated from UEFI, relatively open Intel Macs to iBoot, much more restrictive Apple Silicon. Linux runs via Asahi only because they reverse-engineered Apple's boot process; it's not a standard UEFI experience.
But this is not because ARM has to be closed. UEFI and Secure Boot work just fine on ARM. The ARM PCs running Windows use them today. Arm's SystemReady program makes ARM devices boot exactly like the x86 PCs. Lock-down is a deliberate product choice, not a technical requirement for the presence of this technology.
# 'Security' is a misleading term and a false justification
Manufacturers say they lock bootloaders for security, but x86 Windows PCs prove you can have secure defaults while letting owners disable Secure Boot or enroll their own keys. Security and openness are not in mutual exclusion; manufacturers simply choose restriction because it maintains control.
# OS lock-down is not justified by regulatory requirements.
Radios and DRM firmware can remain vendor-signed and isolated, but without locking the OS boot process. The baseband/radio actually runs on its own secure processor with signed, secure firmware satisfying FCC/RED requirements. It doesn't need to control what OS the user boots. Same thing for DRM: Measured boot with owner keys can provide attestation for banking/enterprise without requiring OEM-exclusive control.
In other words: lock what regulators actually require (the radio subsystem), not the owner's whole computer.
# What we really should demand?
Owner control of Secure Boot on all general-purpose computers (phones, tablets, laptops, desktops or any architecture):
Allow disabling Secure Boot, OR
Provide documented owner key enrollment (manage your own PK/KEK/db)
# Separation of concerns:
Radio/baseband firmware remains vendor-signed and isolated to meet FCC/RED
But this MUST NOT require OEM control of OS boot
Publish open interfaces, so third-party OSes can use radios, GPUs, cameras without proprietary, NDA-only drivers
# Standards-based attestation with owner keys:
Support measured boot (TPM/DICE) such that banking/enterprise/DRM can get integrity signals even on those third parties operating systems
Works with owner keys, not just OEM keys
# Right-to-repair / EOL:
When OEM updates end, devices MUST allow owner unlock or key enrollment
It enables secure third-party OSes to extend device life, reducing e-waste.
# Transparency:
We should have documented boot architectures and unlock procedures in accessible manuals, so open source implementation can develop properly.
# Why now?
If closed boot with OEM-only attestation becomes the default across phones and ARM PCs, it will be virtually impossible to reverse. We have a small window of opportunity to act now while ARM is still growing, before lock-down is irreversible.
Anchoring in the right place: EU's right-to-repair agenda, and associated cybersecurity frameworks CRA, RED. An argument for mandated secure defaults plus documented owner-control paths to achieve radio compliance via isolation of signed firmware - without justification of OS locking due to radio requirements.
# What you can actually do?
Contact your MEP: frame this in the context of
We Should Act Before The Irreversible Loss of Computing Ownership
I see a very strong trend in the industry: General-purpose computing is being locked down, and the trend is accelerating. It's not one particular manufacturer or architecture; it's systemic.
# The mobile ecosystem is getting worse.
Phones have always been bad, but it's getting worse. Most bootloaders are locked. OEMs make unlocking really painful or extremely punitive: voiding warranties or breaking features. Alternative OSes like postmarketOS have to struggle with proprietary driver blobs and zero hardware documentation. Android is also clamping down with integrity checks and API gating, even when independent software is technically side loadable.
# And it's now also spreading to laptops and desktops.
The same lock-down is following as ARM becomes mainstream in PCs. Apple migrated from UEFI, relatively open Intel Macs to iBoot, much more restrictive Apple Silicon. Linux runs via Asahi only because they reverse-engineered Apple's boot process; it's not a standard UEFI experience.
But this is not because ARM has to be closed. UEFI and Secure Boot work just fine on ARM. The ARM PCs running Windows use them today. Arm's SystemReady program makes ARM devices boot exactly like the x86 PCs. Lock-down is a deliberate product choice, not a technical requirement for the presence of this technology.
# 'Security' is a misleading term and a false justification
Manufacturers say they lock bootloaders for security, but x86 Windows PCs prove you can have secure defaults while letting owners disable Secure Boot or enroll their own keys. Security and openness are not in mutual exclusion; manufacturers simply choose restriction because it maintains control.
# OS lock-down is not justified by regulatory requirements.
Radios and DRM firmware can remain vendor-signed and isolated, but without locking the OS boot process. The baseband/radio actually runs on its own secure processor with signed, secure firmware satisfying FCC/RED requirements. It doesn't need to control what OS the user boots. Same thing for DRM: Measured boot with owner keys can provide attestation for banking/enterprise without requiring OEM-exclusive control.
In other words: lock what regulators actually require (the radio subsystem), not the owner's whole computer.
# What we really should demand?
* Owner control of Secure Boot on all general-purpose computers (phones, tablets, laptops, desktops or any architecture):
* Allow disabling Secure Boot, OR
* Provide documented owner key enrollment (manage your own PK/KEK/db)
# Separation of concerns:
* Radio/baseband firmware remains vendor-signed and isolated to meet FCC/RED
* But this MUST NOT require OEM control of OS boot
* Publish open interfaces, so third-party OSes can use radios, GPUs, cameras without proprietary, NDA-only drivers
# Standards-based attestation with owner keys:
* Support measured boot (TPM/DICE) such that banking/enterprise/DRM can get integrity signals even on those third parties operating systems
* Works with owner keys, not just OEM keys
# Right-to-repair / EOL:
* When OEM updates end, devices MUST allow owner unlock or key enrollment
* It enables secure third-party OSes to extend device life, reducing e-waste.
# Transparency:
* We should have documented boot architectures and unlock procedures in accessible manuals, so open source implementation can develop properly.
# Why now?
If closed boot with OEM-only attestation becomes the default across phones and ARM PCs, it will be virtually impossible to reverse. We have a small window of opportunity to act now while ARM is still growing, before lock-down is irreversible.
Anchoring in the right place: EU's right-to-repair agenda, and associated cybersecurity frameworks CRA, RED. An argument for mandated secure defaults plus documented owner-control paths to achieve radio compliance via isolation of signed firmware - without justification of OS locking due to radio requirements.
# What you can actually do?
* Contact your MEP: frame this in the context of
I see a very strong trend in the industry: General-purpose computing is being locked down, and the trend is accelerating. It's not one particular manufacturer or architecture; it's systemic.
# The mobile ecosystem is getting worse.
Phones have always been bad, but it's getting worse. Most bootloaders are locked. OEMs make unlocking really painful or extremely punitive: voiding warranties or breaking features. Alternative OSes like postmarketOS have to struggle with proprietary driver blobs and zero hardware documentation. Android is also clamping down with integrity checks and API gating, even when independent software is technically side loadable.
# And it's now also spreading to laptops and desktops.
The same lock-down is following as ARM becomes mainstream in PCs. Apple migrated from UEFI, relatively open Intel Macs to iBoot, much more restrictive Apple Silicon. Linux runs via Asahi only because they reverse-engineered Apple's boot process; it's not a standard UEFI experience.
But this is not because ARM has to be closed. UEFI and Secure Boot work just fine on ARM. The ARM PCs running Windows use them today. Arm's SystemReady program makes ARM devices boot exactly like the x86 PCs. Lock-down is a deliberate product choice, not a technical requirement for the presence of this technology.
# 'Security' is a misleading term and a false justification
Manufacturers say they lock bootloaders for security, but x86 Windows PCs prove you can have secure defaults while letting owners disable Secure Boot or enroll their own keys. Security and openness are not in mutual exclusion; manufacturers simply choose restriction because it maintains control.
# OS lock-down is not justified by regulatory requirements.
Radios and DRM firmware can remain vendor-signed and isolated, but without locking the OS boot process. The baseband/radio actually runs on its own secure processor with signed, secure firmware satisfying FCC/RED requirements. It doesn't need to control what OS the user boots. Same thing for DRM: Measured boot with owner keys can provide attestation for banking/enterprise without requiring OEM-exclusive control.
In other words: lock what regulators actually require (the radio subsystem), not the owner's whole computer.
# What we really should demand?
* Owner control of Secure Boot on all general-purpose computers (phones, tablets, laptops, desktops or any architecture):
* Allow disabling Secure Boot, OR
* Provide documented owner key enrollment (manage your own PK/KEK/db)
# Separation of concerns:
* Radio/baseband firmware remains vendor-signed and isolated to meet FCC/RED
* But this MUST NOT require OEM control of OS boot
* Publish open interfaces, so third-party OSes can use radios, GPUs, cameras without proprietary, NDA-only drivers
# Standards-based attestation with owner keys:
* Support measured boot (TPM/DICE) such that banking/enterprise/DRM can get integrity signals even on those third parties operating systems
* Works with owner keys, not just OEM keys
# Right-to-repair / EOL:
* When OEM updates end, devices MUST allow owner unlock or key enrollment
* It enables secure third-party OSes to extend device life, reducing e-waste.
# Transparency:
* We should have documented boot architectures and unlock procedures in accessible manuals, so open source implementation can develop properly.
# Why now?
If closed boot with OEM-only attestation becomes the default across phones and ARM PCs, it will be virtually impossible to reverse. We have a small window of opportunity to act now while ARM is still growing, before lock-down is irreversible.
Anchoring in the right place: EU's right-to-repair agenda, and associated cybersecurity frameworks CRA, RED. An argument for mandated secure defaults plus documented owner-control paths to achieve radio compliance via isolation of signed firmware - without justification of OS locking due to radio requirements.
# What you can actually do?
* Contact your MEP: frame this in the context of
right-to-repair, sustainability, and fair competition
* Reference existing proof: Windows ARM PCs already use UEFI, x86 PCs allow management of Secure Boot. This is owner rights, not weakening of security. Secure boot can stay enabled with your own keys.
Agree? Shall we organize around this and actually act and push MEPs on it?
Btw, sorry if I made mistake, English isn’t my native language.
And I'm not a professional on those things too, I just gathered as much info as I could to understand the situation. So please correct me if I'm wrong.
https://redd.it/1opdl8f
@r_linux
* Reference existing proof: Windows ARM PCs already use UEFI, x86 PCs allow management of Secure Boot. This is owner rights, not weakening of security. Secure boot can stay enabled with your own keys.
Agree? Shall we organize around this and actually act and push MEPs on it?
Btw, sorry if I made mistake, English isn’t my native language.
And I'm not a professional on those things too, I just gathered as much info as I could to understand the situation. So please correct me if I'm wrong.
https://redd.it/1opdl8f
@r_linux
Reddit
From the linux community on Reddit
Explore this post and more from the linux community
sharing luks-tray -- a system tray app to manage LUKS containers
I'm sharing LUKS Tray—a Qt-based utility designed to bring easy, ready access to your encrypted LUKS containers. When I converted to LUKS, I missed VeraCrypt's handy tray utility; so I made a trimmed-down, but high-feature comparable tool to fill that gap.
Running
https://preview.redd.it/ramkvkqdphzf1.png?width=505&format=png&auto=webp&s=745173849f5c4782f3662af4c8d145287a860cf0
One click starts the mount or unmount process for both devices and file containers. LUKS Tray handles the messy
Check out the docs and grab the package on PyPI: luks-tray · PyPI
https://redd.it/1opcqos
@r_linux
I'm sharing LUKS Tray—a Qt-based utility designed to bring easy, ready access to your encrypted LUKS containers. When I converted to LUKS, I missed VeraCrypt's handy tray utility; so I made a trimmed-down, but high-feature comparable tool to fill that gap.
Running
luks-tray places a shield icon in your system tray, where its color indicates the overall state of your containers (Locked, Active, or Alert).Right-clicking its tray icon brings up a menu like this:https://preview.redd.it/ramkvkqdphzf1.png?width=505&format=png&auto=webp&s=745173849f5c4782f3662af4c8d145287a860cf0
One click starts the mount or unmount process for both devices and file containers. LUKS Tray handles the messy
cryptsetup/mount logic behind the scenes, remembers your preferred mount points (a huge time saver!), and offers optional master password encryption for saved credentials. It runs on many DEs/WMs, but how well depends on its system tray support.Check out the docs and grab the package on PyPI: luks-tray · PyPI
https://redd.it/1opcqos
@r_linux
We are getting many new users. But are we losing any?
Like has anyone uninstalled Linux?
I think we should be discussing about cases and experiences like this. For one it may help the new user come back. Or it might raise awareness for an issue that needs to be solved.
https://redd.it/1opuwkb
@r_linux
Like has anyone uninstalled Linux?
I think we should be discussing about cases and experiences like this. For one it may help the new user come back. Or it might raise awareness for an issue that needs to be solved.
https://redd.it/1opuwkb
@r_linux
Reddit
From the linux community on Reddit
Explore this post and more from the linux community
KDE connect is the GOAT
After years of muscle memory on my phone lockscreen pattern, for whatever reason, today my brain decided to have permanent amnesia. Im now 8 hours away from next attempt and it looked like im gonna have to reset my phone along with all the data on it.
I tried normally connecting usb, adb, nothing worked.
That is when i realised i could try to access my phone's storage right through dolphin because i have kde connect installed. it worked. i would have like kde connect to unlock my phone as well but, worst case scenario avoided atleast. i can back up all the important stuff. its a bit slow over wifi, but atleast it works.
https://redd.it/1opvpws
@r_linux
After years of muscle memory on my phone lockscreen pattern, for whatever reason, today my brain decided to have permanent amnesia. Im now 8 hours away from next attempt and it looked like im gonna have to reset my phone along with all the data on it.
I tried normally connecting usb, adb, nothing worked.
That is when i realised i could try to access my phone's storage right through dolphin because i have kde connect installed. it worked. i would have like kde connect to unlock my phone as well but, worst case scenario avoided atleast. i can back up all the important stuff. its a bit slow over wifi, but atleast it works.
https://redd.it/1opvpws
@r_linux
Reddit
From the linux community on Reddit
Explore this post and more from the linux community