This is kind of how VeraCrypts hidden partition feature works.

You start the process of the volume’s encryption and set a “false” password for it. It creates a partition that is encrypted with that password. When it finishes, you mount it and store “fake” files, the files you would reveal under duress. Veracrypt then takes in a second password and creates a “hidden partition” in the remaining free space of the disk - to be clear, that memory space still reports as unused/free if investigated, but the partition is there.

You can then mount that with your second password and store your actual files. You can work with files and folders in the hidden partition as needed, however if anything is added or changed etc in that first fake partition, the data in the hidden partition will be corrupted by those actions.

This means that so long as you plan ahead, someone can literally put a gun to your head and demand the password to the encrypted disk, and you can give them one that works without revealing the data to them.

In theory, since the data in the hidden partition is encrypted and unreadable, it is impossible to detect that it exists in the “unused” space of the disk, even by a forensic analyst. To them it would just look like old, randomly flipped bits that came from previous usage followed by a quick format.

Now, what’s really cool about this is that if you use the veracrypt bootloader, you can store and boot from an undetectable OS you store in that hidden partition:

https://veracrypt.io/en/VeraCrypt Hidden Operating System.html

Oh for sure - I think that this method has more efficacy in production environments ran by small businesses anyway, since best practices are rarely followed in many of them (until something happens that changes their mind on what they budget for haha), and even at that it is still a rare attack to see.

I am unaware of this type of attack ever occurring on a persons personal network, most likely because so few end users make backups, there is no need to go through the trouble of doing this, making this method useful only in highly targeted attacks.

We are definitely in agreement on proper backups still being the best method to recover from the vast majority of problems - even this one, depending on the backup solution.

They usually embed themselves in within the system files and have some scheduled job that basically checks for the criteria - if you are only backing up and restoring user data then it’s a non-issue, but if you do a full recovery including the system files/the system scheduler etc, then it can happen, and it is often necessary to backup executable and system files for production environments (true, not so much for individual users and their systems).

When I was working in an IT shop, one of our clients was ransomwared with this method. The saving grace for us in that instance is that our backups were going to a product that allowed you to easily break open and dissect the compressed backups pre-recovery, so we were able to determine where the malicious files were and kill them before pushing the backups. Of course we only noticed that it was in the backups after we had tried to push the backups once already, so it was quite the timely process - I think I worked for something like 18 hours that day.

You can read about such malware if you search for “timebomb malware” or “malware does not execute until date” etc.

The attack is not super common anymore, but still happens.

For example, here is an article discussing time bomb methods on linkedin.

https://www.linkedin.com/pulse/time-bombs-malware-delayed-execution-any-run

Another on the knowbe4 blog:

https://blog.knowbe4.com/ransomware-can-destroy-backups-in-four-ways

There are viruses that are time-bombs. They specifically don’t do really do anything until some criteria is met in the future, such as the current date being beyond a specific date, at which point they proc. They do this in order to make sure they are in your backups when you restore them so that they immediately run when recovery is completed and the system is booted.

little one deleted

The Debian docs were really useful for me in setting up my 3090 on Debian proper.

Since Mint is downstream, maybe they will help you.

https://wiki.debian.org/NvidiaGraphicsDrivers

On desktop I just turned off the compatibility settings for proton and then reinstalled. Steam cloud held all my saves and they were unaffected.

This is beautiful.

I’ve been looking for exactly this for some time, really excited to try it out.

It wasn’t for me on Debian 12/13. I just had to add the repo for the drivers and run 1 or 2 lines of bash and I’ve been good ever since with my 3090.

I was not about to put up with windows co-pilot or recall and had already put up with enough ads and bugs.

I had been running Debian on my laptop for a year without a problem and then finally Windows 11 started doing this when I was trying to update:

Click check for updates? Same result. Wait a week and try again? Same result.

I could no longer trust that the OS was secure from even 3rd parties, so I pulled the trigger and installed Debian 12 - later upgrading to Debian 13 when it released.

There just is never any going back now - Linux is just waaaaaaay too good.

Now I just need something similar to happen with phones.

Goodbye, have a good day.

The craziest thing I discovered when I started using it was when I noticed that because my desktop was now connected to my phone and my phone was connected to my watch, I could completely control the media on both from my watch and the integration felt natural - but also something I haven’t seen work that well in the proprietary world.

People like Arch because to many it feels more truly like your system than other distributions.

It isn’t that Arch is in some way more customizable than other distros, rather it’s that if there is a package on your Arch system, its probably there because it was your choice to put it there in the first place, and so the system can feel more representative of you given it only contains the things you want or need and nothing more from the get go.