rzg
November 5, 2025, 3:52pm
9
1. Isn’t implementing rules for BleachBit shred in dom0 an easier solution?
The challange is the in-system data sanitization (not the whole disk). Can the DISCARD command (fstrim) also mark Logical Block Addressing as unused without the inconvenience of deleting all data?
Disk trimming is the procedure by which the operating system informs the underlying storage device of which storage blocks are no longer in use. It does this by issuing an ATA_TRIM command for the block. This is also known as a discard. In this way, the storage device can perform garbage collection of the unused blocks and internally prepare them for reuse. SSDs in general benefit from this, while HDDs do not.
In a Linux system running on bare metal, this is relatively straight-forward. When in…
Wear leveling (also written as wear levelling) is a technique for prolonging the service life of some kinds of erasable computer storage media, such as flash memory, which is used in solid-state drives (SSDs) and USB flash drives, and phase-change memory.
The idea underpinning wear leveling is similar to changing position of car tires, avoiding repetitive load from being used on the same wheel. Wear leveling algorithms distribute writes more evenly across the entire device, so no block is used m...
Plausible deniability is a social tactic that allows people to deny knowledge, participation, or an active role in carrying out an activity, relaying a loaded message, etc. The deniability exists due to a lack of culpable evidence, or more commonly, from multiple plausible intrepretations of the present evidence. Plausible deniablity is prime shield of defense against accountability, and forms the basis of covert attacks that make up human social behavior.
In a chain of command, senior officia...
2. Regarding memory encryption, something that protects against memory corruption vulnerabilities may already be a step forward in Qubes:
Hardened Malloc
Hardened allocator designed for modern systems. It has integration into Android's Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.