Linux Installing a Desktop System section
Installing a Server section
Miscellaneous section





Installing a Desktop System



[I've chosen Linux Mint Cinnamon, and my system has a Legacy BIOS, so some of the following will be specific to that situation.]



Things to know or decide first:
Gary Newell's "15 Things Windows Users Need To Know Before Installing Linux"



Linux Installer idea:
I'd like to see a better installer for Linux, especially for users migrating from an existing system to Linux. The current installation process is confusing and complicated and the user sometimes is surprised at the results.

There should be a two-part installer, where the first stage is a Windows/Mac/Linux program run on the old system, as a planner:
  1. Analyzes your existing PC and Windows/Mac/Linux setup, determines things such as UEFI vs BIOS, Secure Boot, SATA mode, 32-bit versus 64-bit, what disks you have (spinning, SSD, etc), what your partitions and existing OS's are, what the graphics and network interfaces are, how much RAM you have, etc.

  2. Interviews user to find out what they do with their computer and what they want to do under Linux, what hardware they attach, do they use Bluetooth and Wi-Fi etc.

  3. Records some basic system settings such as: what keyboard language is being used, system language, system time-zone, etc.

  4. Maybe offers to save a list of existing installed applications and drivers, so user can re-install them or install alternatives once they get into the new installation. Catches any problems where an exact replacement just does not exist, or a manufacturer just does not support Linux.

    Maybe go through list of applications in Windows and Linux, giving user opportunity to select Linux apps to be installed or not. Encourage use of backup, encryption and AV software.

  5. Interviews user to find out do they want encryption, dual-boot or single-boot or multi-boot, partition sizes, swap partition/file/none, separate / and /home partitions or just everything in / partition, etc.

    Really drills down on WHY do they want dual-boot: could they run a Windows VM or emulator under Linux instead ?

    Do they want a password on GRUB ? Tell them how many passwords they'll have to type to boot and log in, and what each one is protecting against.

  6. Warns about any potential problems such as unsupported language/keyboard, too little disk space, too little RAM.

  7. Shows a diagram of how the partitions will look, what types of encryption will be applied to each, whether whole disk will be encrypted, says how many passwords the user will have to type at boot time.

  8. Decides what drivers and settings must be used in Linux, for graphics and network etc.

  9. Reminds user to do backups, including backups of unusual items such as browser configuration.

  10. Suggests that user delete all cookies and then try using their usual web sites, to make sure they have all the login info saved somewhere.

  11. Suggests that user check if a BIOS update is available for their machine.

  12. Suggests that user run BIOS diagnostics on RAM and disk (good practice).

  13. Reports any BIOS settings user must change (Secure Boot, SATA mode, etc) before installing.

  14. Reports or performs any OS settings user must change (such as Windows "Fast Startup" setting in dual-boot situation) before installing.

  15. Records install-time useful info such as name/password for Wi-Fi.

  16. Downloads appropriate Linux ISO and helps write it to install medium (maybe offering buttons to launch Rufus, Etcher, dd, Disks, UNetbootin, etc), and creates an installer-directive file on the install medium.

  17. Suggests that user be on AC power and wired connection to internet during the install process.

Then user boots from the install medium, and the second-stage Linux installer (pretty similar to today's installer) runs:
  1. Reads the installer-directive file.

  2. Checks that directives file matches the hardware.

  3. Then does the install.

  4. User can override some choices during the install, but not too many (better that they re-run the first-stage program if they're going to mess with partitioning or something).



Relevant:
Wikipedia's "Preseed"
Debian's "Appendix B. Automating the installation using preseeding"
Ubuntu's "Appendix B. Automating the installation using preseeding"
I see a bunch of users saying preseed doesn't work on Mint 18 and later.
Fedora Wiki's "Anaconda"
YaST and openSUSE's "AutoYaST Guide"
FOG Project (uses a server and does PXEboot boot over network)
GitHub topic "preseed"
Microsoft's "Windows Setup Automation Overview"
HashiCorp's Vagrant and Packer

In this, I see little support for a single user on single machine wanting to plan and execute a major change on that machine. There are server solutions, or solutions for using one machine to automate installation on another N machines, or hooks to use a text file to drive an installer. But no wizard to help plan the changes and create that text file.


Some app design details:
Started building it: OS-Installation-Planner




Things to do before installing:
  1. Do backups !
    Maybe back up things you usually don't, such as browser bookmarks, settings of "trained" browser add-ons (such as uBlock Origin, uMatrix, Privacy Badger, CanvasBlocker), contents of Downloads and other temp folders, digital certificates installed in browsers, etc.
    Everyday Linux User's "5 things to consider when installing Linux for the first time" (item 3 about backing up Windows)

  2. Record your Windows product ID.

  3. Maybe make a Windows restore/recovery disk.

  4. Is there anything on your current system that you can't lose ? Try clearing all cookies and then see if you still can log in to key accounts. If there's some problem or dependency, best to find it out before changing OS.

  5. Maybe a good time to update firmware/BIOS, if an update is available.

  6. Maybe a good time to boot into BIOS and do a low-level disk diagnostic.

  7. Get distribution's ISO.
    If you wish, you can verify the image:
    Linux Mint Installation Guide's "Verify your ISO image"

  8. Get a writable CD or a flash drive (minimum 8 GB).

  9. Copy distribution's ISO onto a bootable CD or bootable flash drive.
    Universal USB Installer
    Etcher
    Rufus

  10. If your disk is small, or you plan to dual-boot, be aware that probably you need at least 20 GB of disk space for the system, plus more for your personal files.

  11. Boot into BIOS and make sure booting from USB and/or CD is allowed.

  12. Maybe boot into Windows and turn off "Fast Startup" in Control Panel / Hardware and Sound / Power Options / System Settings. This will make Windows do a complete shutdown when you choose "Start / Shutdown". Not sure what would happen if you hibernated Windows, changed partition table in Linux, then booted the hibernated Windows image.




Installing:
  1. Best to have internet connection available while the installer is running. Definitely use wired ethernet if you have a choice between that and Wi-Fi. Make sure you have your Wi-Fi login information written down.

  2. If a laptop, best to have AC power connected while the installer is running.

  3. If needed, boot into Windows and delete the OEM partition and/or Windows Recovery partition.

  4. If needed, boot into Windows and shrink the main Windows partition.

    [I think it's safer to do it in Windows rather than do it later in the Linux installer.]

    You have done a backup already, right ?

    Don't shrink the Windows partition so far that it has no free space left in it.

    From /u/ss-stamper on reddit:
    1. Remove paging file on the drive in question through the System > Advanced area.
      [In Windows 10: Control Panel > Advanced System Settings > Performance > Settings > Advanced > Virtual Memory. Set to "no paging file".]
    2. Disable boot / error logging to the volume in question.
      [How to do this ?]
    3. Run defrag (such as Auslogics Disk Defrag).
      [Or Microsoft's "Defragment your Windows 10 PC"]
    4. Open up Disk Manager > right click volume > shrink.
    After you finish shrinking, reboot into Windows, make sure everything is okay. And check that you have unallocated space on disk of the size expected: open up Disk Manager.

    After you finish shrinking, I think turn on the paging file again ?

    Tim Fisher's "How to Open Disk Management"
    Microsoft's "Overview of Disk Management"

  5. Boot into BIOS.

  6. Attach bootable USB device or insert bootable CD.

  7. Boot from that device. Now you're running Live session of Linux.

  8. Connect to internet.

    [Depending on release version, you might be able to connect later, in the Linux installer, too. But might as well do it here.]

  9. Double-click "Install" icon to run installer.

  10. Choose language.

  11. Check the "Install third party software" check-box.

  12. Installation Type. Choice here, one of these two:

    • Choose "Install Linux Mint alongside Windows Boot Manager".

      I think this is a bad choice because partitioning and maybe resizing Windows partition will happen automatically.

      Can you also choose "Encrypt the new Linux Mint installation" ? Yes.

      If only one partition slot is empty on an MBR system (3 used out of 4), will installer be smart enough to have no swap partition ?

    • Choose "Something else" (create or resize partitions yourself).

      Can you also choose "Encrypt the new Linux Mint installation" ?
      Dell install instructions for Ubuntu say no, encryption available only if you choose automatic partitioning.

      Create root (logical, use as "ext4", "/" mount point),
      swap (logical, use as "swap"),
      and /home (logical, use as "ext4", "/home" mount point) partitions.
      Boot gets created automatically, or uses existing boot partition ?

      Set "Device for bootloader installation" to the device with the "type" set to "EFI".
      [True whether you have Legacy BIOS or UEFI ?]
      [Will this overwrite the Windows bootloader and put GRUB in there, even on an MBR system ? Or maybe Windows bootloader is in first blocks of Windows main partition, doesn't get overwritten.]

      If you don't create a partition for swap, you'll get a warning message, but just click "Continue without swap space".

  13. Point of no return: Click "Install Now".

  14. Choose location.

  15. Choose keyboard layout.

  16. Create user and set computer name.
    Encrypt home directory ?

  17. More ...

Linux Mint Installation Guide's "Install Linux Mint"
Easy Linux tips project's "How to install Linux Mint 19.1 alongside Windows"
Dell's "How to Install Ubuntu Linux on your Dell PC"
Gary Newell's "How To Dual Boot Windows 8.1, Windows 10 And Linux Mint 18"
Tecmint's "How to Install Ubuntu 16.10/16.04 Alongside With Windows 10 or 8 in Dual-Boot"
Abhishek Prakash's "How To Install Ubuntu Along With Windows"
Jay LaCroix's "How to dual-boot Linux and Windows"

Easy Linux tips project's "Solutions for 27 bugs in Linux Mint 19.1"









My experience 8/2018:
  1. Using Dell Inspiron N5010 laptop running Windows 10, with wired Ethernet, legacy BIOS, 3 GB RAM, 320 GB disk.

  2. Decided to wipe Windows completely and install only Linux Mint Tara Cinnamon 64-bit.

  3. Decided to allocate 35 GB to OS partition, use a swap file, and give rest of disk to /home.

  4. Decided to encrypt all partitions where it's supported (OS and /home, I think).

  5. Did backups to two external disk drives. Careful to back up things I don't usually include in the backups, such as my Dropbox files and browser bookmarks and downloaded files in temp folders.

  6. Can't find anywhere that shows what version of firmware is installed on the laptop. Obtained EXE for version A11. Ran the EXE, it says I have A10 and it will install A11. Started the installation, mouse stopped working, dialog shows progress. Then a Windows dialog saying "battery is low, plug into AC" popped up right across everything, covering the progress dialog, mostly. But I'm already plugged into AC power. Firmware installation finished, was able to close the battery dialog, clicked Restart, machine restarted okay through new firmware, into Windows.

  7. Took one last look for anything not backed up, then shut down Windows. Plugged in Linux Mint USB, powered on, hit F12 a bunch of times to get Boot Options, gave boot password, booted into Linux Mint USB.


  8. Double-clicked "Install Linux Mint" icon. Installer came up. Chose keyboard type.

  9. Next Window asked if I want to install custom/proprietary drivers for my hardware. Clicked "Yes", and it took almost 10 minutes.

  10. Somewhere in here, I had to set computer name, user name, password.

  11. Next Window asked about partitioning. At first I selected the three settings for "automatic, encrypt everything, use LVM". But after clicking "Continue", I realized that wouldn't give me /home and root in separate partitions. So backed up, clicked "Customize", and wrestled with partitioning. Not clear: I see some "mapper" partitions and then some "/dev/sdN" partitions, and most of the buttons/controls don't work on most of them. Probably should have read the install instructions, if there are any. Finally managed to create the partitions I want as "/dev/sdN" partitions: 1 GB for /boot, 36 GB for /, rest (about 280 GB) for /home. But then I got some dialogs popping up saying "restart now before continuing the install", so I restarted.

  12. Back into installer, this time "install custom/proprietary drivers for my hardware" went very quickly, into custom partitioning again. The mapper partitions have disappeared, but had to set "/dev/sdN" partitions again: 1 GB ext4 for /boot, 36 GB ext4 for /, rest (about 280 GB) ext4 for /home. Set check-box to format each of them. Clicked "Continue", got a dialog showing the partitions, and I checked "encrypt /home". clicked "Continue", install started. Took 10-15 minutes, I think. Restart at end.

  13. Removed USB drive, and system booted up into Linux Mint from hard disk. Success ! Disk partition sizes in File Explorer look right. I suspect only /home is encrypted, and LVM is not being used.





After installing and booting into Linux:
  1. Login as the username you picked.

  2. Adjust touchpad.

    For me on Mint: install Synaptics touchpad support via "sudo apt install xserver-xorg-input-synaptics" and then log out and back in. [But later I removed it; I suspect it was causing UI freezes.]

    Kris Wouk's "How to Fix a Touchpad Not Working in Linux"

  3. If you're dual-booting and/or going to access the Windows filesystem from Linux, fix the clock.

    Do "timedatectl set-local-rtc 1".
    Or edit /etc/default/rcS and set "UTC=no".

    Mike Beach's "Windows, Linux dual-boot system time issues"

  4. If your installation doesn't have a swap partition, create a swap file.

    Aaron Kili's "How To Create a Linux Swap File"
    Ryan Sechrest's "System running out of memory: create a swap file"

  5. Connect to internet.

  6. Set repositories. [On Mint, I didn't do this, seems to be no need.]

    Months later, I ran the Software Sources application and added the Firejail PPA, "ppa:deki/firejail", so I'd have the latest Firejail.

    Ubuntu's "Repositories/Ubuntu"
    Abhishek Prakash's "Things to do After Installing Ubuntu 18.04" (item 2)

  7. Update drivers.

    Open Driver Manager, looked for "recommended" drivers.

    Linux Mint Installation Guide's "Hardware drivers"

  8. Set up system snapshots.

    Linux Mint Installation Guide's "System snapshots"

  9. Basic security software.

    Some possible things to install or turn on:
    • Password manager.
    • VPN.
    • Firewall (GUFW). [I let this go until later.]
    Leave it at that for now; we'll return to this subject later.

  10. Check power-management settings (if any). Maybe install TLP ? [I didn't, until a couple of months later.]

  11. Turn off any features you don't want: file-sharing, Telnet/SSH server, whatever.

    On Mint, run System Settings application and click through many of the icons.

  12. What accounts exist and what are their passwords ?

    See Accounts section of my "Using Linux" page.

  13. Install or update multimedia codecs.

    Linux Mint Installation Guide's "Multimedia codecs"

  14. Install applications.

    Launch the "Ubuntu Software Center" or similar application.

    From Easy Linux tips project's "Avoid 10 Fatal Mistakes in Linux Mint and Ubuntu":
    "Never remove any application that's part of the default installation of Ubuntu or Linux Mint."
    [But I think removing clearly isolated applications such as GIMP or VSCode or Qbittorrent or vim would be fine.]

  15. Set Update frequency and do Updates.
    Launch the Ubuntu "Software Updater" or similar application.
    Dave Merritt's "Getting Started with Linux Mint? Focus on These Three Tools"
    Easy Linux tips project's "Update Manager: understand and optimize it"

    Note: "A manually installed application receives no updates from Mint!"

  16. Test and adjust various things: display, touchpad, microphone, camera, using USB devices (external disk, camera, flash drive, Android phone), playing audio and video, etc.

  17. Test and adjust various applications: browser, word-processor, etc.

  18. Install fonts ? Microsoft windows font pack ?

    Later followed instructions in SK's "Install Microsoft Windows Fonts In Ubuntu 18.04 LTS":
    sudo apt update
    sudo apt install ttf-mscorefonts-installer
    sudo fc-cache -f -v
    

  19. Install a printer.
    Dell's "How to install and configure a Dell Printer using the Ubuntu Operating System"

  20. Install anything special you need.

    For me on Mint: install support for WD My Passport Ultra encrypted external hard drives.

    See Special Hardware section of my "Using Linux" page.

  21. Copy personal files from backup to Linux home directory.

  22. Try opening your files, especially various file types such as TXT, PDF, MP3, JPG, MP4, etc.

  23. Mount Windows filesystem under Linux:

    If you turned it off before, you can boot into Windows and turn on "Fast Startup" in Control Panel / Hardware and Sound / Power Options / System Settings. Now that you're not going to mess with partitions any more, it should be safe to hibernate Windows.

    See Connecting Linux and Windows section of my "Using Linux" page.


Easy Linux tips project's "10 Things to Do First in Linux Mint 19.1 Cinnamon"
Easy Linux tips project's "10 Things to Do First in Linux Mint 19.1 Tessa"
Dell's "How to configure Ubuntu Linux after it's first installed on your Dell PC"
Mehedi Hasan's "Top 10 Best Things To Do After Installing Linux Mint 19 'Tara'"
Aquil Roshan's "Things To Do After Installing Linux Mint 18.3"
Abhishek Prakash's "Things to do After Installing Ubuntu 18.04"
Gary Newell's "38 Things to Do After Installing Ubuntu"
Mike Turcotte-McCusker's "5 Things to do after a fresh install of GNU/Linux"
David Westcott's "Ubuntu 17 Install (Focused on Privacy and Security)" (PDF)
DuckDuckGo Blog's "How to Protect Your Privacy on Linux"


My experience 8/2018:
  1. Logged in as the user name I chose, get desktop and then Welcome Screen application.

  2. Looked into System Snapshots backup settings, too complicated, will try again later.

  3. Did Driver Manager, one custom Wi-Fi driver available for my hardware, installed it, forced to restart.

  4. Did Update Manager, about 20 updates available, did them all. Restarted.

  5. Looked at System Settings, didn't really change anything.

  6. Did Mint's Software Manager, looked through lists of hundreds of applications. Many that I want already are installed (Firefox, VLC, etc). Installed another dozen or so. Restarted. Root partition still has about 25 GB free.

  7. Found touchpad settings and turned off "tap to click"; I hate that setting.

  8. Installed package for my Synaptics touchpad, but didn't see any differences or new settings.

  9. Both Wi-Fi and wired Ethernet connections are working. Not sure how the system remembered the Wi-Fi password, somehow copying it from Windows to Linux. Turned off Wi-Fi; I want to use only wired Ethernet.

  10. Installed software to access my encrypted WD My Passport Ultra external disk drives, connected a drive, was able to mount it. Started copying my personal files into home directory.

  11. Plugged MP3 player into USB and a File Explorer window opened for it, no problem. Same for an Android phone.

  12. Installed all the add-ons and settings I wanted into Firefox, and imported bookmarks from my backup. But I'm going to have to re-do all the tweaks I did to NoScript and Privacy Badger, to get various sites to work. I didn't back up those settings; not even sure how to do it.

  13. Installed Windscribe VPN client.

  14. Trying to fix the script files I use to upload my web site.

    Was using WinSCP, now have to use SFTP. Had to do "sudo apt-get install sshpass", then script file contains "sshpass -p YOUR_PASSWORD sftp -oBatchMode=no -b YOUR_COMMAND_FILE_PATH USER@HOST". But had to go to my hosting service to generate a keyfile, still not working, opened a ticket with them, maybe they have to turn on SSH on my account. They turned SSH on, not working, said don't use a keyfile, so I stopped using that and deleted keyfiles, not working. Finally figured out that SFTP asks for confirmation very first time you connect to a server, and I was in batch mode so not seeing that. One time in interactive, then batch worked using "sshpass -pPASSWORD sftp -P 23189 USER@HOST <Cmdall.txt".

    But still have to copy that command to CLI to run it; double-clicking on ".sh" file containing it and selecting "Run in Terminal" does nothing. Asked on reddit, and had to change two things: add "#!/bin/bash" as first line of file, and then convert Windows line-endings to Linux line-endings ("apt install dos2unix" then "dos2unix yourscript.sh"). Now it works !

  15. An oddity: if you double-click on a .TXT file in File Explorer, it says something like "this is an executable text file, do you want to run or display it ?" Strange. Any way to make only .SH files executable ?

  16. Installed VeraCrypt by downloading a script and then running it via "sudo bash", but I don't see VeraCrypt in the GUI menu of applications. It showed up later. Made a couple of containers, and they work fine.

  17. Installed Tor Browser by downloading an archive and extracting from it. But trying to put it in a location shared by all users (/usr/local/bin) caused a permission nightmare and it wouldn't run. Put it in my home directory and it works, but I don't see it in the GUI menu of applications.

  18. Can't copy text out of windows in Mint's Software Manager. A pain when you're trying to copy version numbers and such.

  19. Found something I read before but didn't pay enough attention to: Release Notes for Linux Mint 19 Cinnamon.

    And it led to [FIX] no swap on fresh LM19 install with home directory encryption.

    So, did "ls /home/.ecryptfs", and it replies with my username/homedirname, so I have /home encryption turned on.

    Did "swapon --show", and it replies "/dev/dm-0 partition 1.6G 524K -2", so swap is working and has a 1.6 GB partition on disk. I wanted a swap file, not a partition. But from that "fix" article, "it shows you have encrypted swap" and "General recommendation is to have about 20% of RAM as swap" (I have 53%). So I'm good. Someone else says swap partition won't show up in "df" or "mount"; "swapon -s" is the way to confirm it.

    Also did "cat /proc/swaps" and "free", and they all show swap partition.

    Later found out about "lsblk -f", and it shows encrypted swap partition.

    Later found out about "sudo parted -l", and it shows no physical swap partition. It shows "/dev/mapper/cryptswap1: 1664MB" on partition table "loop".

    Later saw that there is a 16 GB file "/swapfile".

    But I guess LVM is not used ? "sudo lvm fullreport" gives nothing.

    "cat /proc/sys/vm/swappiness" gives indicator 0-100 of how readily the swap gets used. Default is 60. Ran "sudo xed /etc/sysctl.conf" and added two lines at bottom:
    # Decrease swap usage to a more reasonable level
    vm.swappiness=10
    Then reboot. (For SSD, change to 1.)

    You may see swap space used even when there is free RAM space: something could get swapped out when RAM is full, later does not come back in unless needed. Lengthy discussion of swap and swappiness: Chris Down's "In defence of swap: common misconceptions".
    Also see Linux ate my ram !.
    Later the whole issue was made less important for me when I upgraded RAM from 3 GB to 8 GB.

  20. Installed IDrive backup scripts by downloading an archive (here) and extracting from it. Put it in my home directory, did "chmod a+x *.pl", and account settings script works. But instructions are very incomplete.

    Went back to it later. I already have an IDrive account. Ran "./account_setting.pl". Confused. Ran "./edit_supported_files.pl" and added folders to back up. Editor seems to be vi or vim.

  21. Scroll bars are a bit thin and hard to use, for me. Looked through System Settings, didn't see any setting for it.

  22. Adjusted Update Manager settings a bit, to un-select level-4 upgrades.

  23. Ran Firewall Configuration app and turned on the firewall. System kept working, including Windscribe VPN.

    But after shutting down overnight, next morning Windscribe VPN would not connect. Tried adding firewall rule to allow incoming UDP 443, tried turning off OS firewall, tried different VPN server, no go. Left OS firewall turned off, restarted Linux, Windscribe connected no problem. Windscribe Support says probably the two firewalls are fighting each other, choose one or the other. Then they said that Windscribe is using the Linux firewall, iptables.

  24. Doing nothing special, and File Explorer (Nemo) crashed. Second time that's happened, I think. Happened again a couple of hours later.

  25. Plugged my HP 3634 printer into a USB port, Linux recognized it and added it to the system. Double-clicked on a PDF file, it opened fine in Xreader application. Printed a page, page came out fine. Cool !

  26. Noticed that OS restart does NOT go through BIOS, don't have to give BIOS password again. [But later this changed, now restart always goes through BIOS !]

  27. Installed our personal Spanish govt digital certs (from .p12 files saved in Windows) into Firefox and Chromium browsers, and they work.

  28. Double-clicked a PowerPoint (.pptx) file, and LibreOffice Impress opened and handled it fine.

  29. Ran "df -h", and it shows /boot size of about 1 GB, / size of 33 GB (20 GB free), /home size of 259 GB. Which is good.

  30. Some useful CLI commands:
    "inxi -S": get version numbers.
    "systemd-analyze", "systemd-analyze critical-chain", and "systemd-analyze blame": see what loads at boot time and how long it takes.
    "sudo ufw status verbose": see status of firewall.
    "iwconfig": see status of Wi-Fi adapter; might want to turn off Power Management.

  31. Ran Startup Applications, tweaked some delays, added Windscribe VPN to the startup.

  32. Installed Openjdk-11-jdk from Mint's Software Manager.

  33. Installed Nemo-dropbox from Mint's Software Manager.

  34. Doing some heavy downloading in one browser, heavy pages in another browser, and the whole system froze solid. Mouse stopped moving, alt-tab didn't work, ctrl-alt-del didn't work, nothing. Had to power off and restart.

  35. Ran Timeshift to do a backup of system files. Space required is 16.4 GB. Did it onto my /home. It copied over 500K files. Left no snapshots scheduled.

  36. USB flash drives:

    I have a USB flash drive which may be corrupted. I see that doing "sudo touch /forcefsck" will force system (root) partition to be checked next time system boots. To check the USB drive, I unmounted it in Nemo. Hovering over the icon showed its device as "/dev/sdb1". In CLI, did "sudo fsck /dev/sdb1". Found some problems, fixed them, but drive still not correct.

    In Mint's Software Manager, installed GParted. Only shows one device at a time, have to use GParted/Devices menu item to switch from one to another. Formatted USB drive's partition. Device fixed. Did it to another USB also. They work.

    But Linux seems to handle these flash drives differently than Win10 does. You have to be very careful to software-eject them from Linux, and wait until you see a notification that it is safe to unplug the drive. Writes are buffered/cached, so unplugging a drive too soon can corrupt it. Ejecting using the System Tray icon doesn't give the notification; always eject using File Explorer.

    To turn off write-caching:
    "sudo hdparm -W 0 /dev/devicename"
    But this may result in more writes, which is bad on a flash drive.

    To reduce number of writes:
    Upon mount, set "noatime" (in /etc/fstab, change "defaults" to "defaults,noatime").
    But removable drives probably aren't permanently listed in fstab.


  37. Filesystem-checking:

    "sudo touch /forcefsck" will force system (root) partition to be checked next time system boots, but the check must be superficial, it didn't take very long.

    Maybe edit "/etc/default/grub" to change
      GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
    to:
      GRUB_CMDLINE_LINUX_DEFAULT="quiet splash fsck.mode=force fsck.repair=yes"
    and then do "sudo update-grub" ?

    Dan Nanni's "How to boot into command line on Ubuntu or Debian"

    Press Esc key while booting to get into grub menu.

    In grub menu, highlight first item "Linux Mint 19 Cinnamon" and press "e" key to edit the script for that menu item. Find line something like "linux ... ro quiet ..." and add a "fsck.mode=force" after the "ro quiet". Hit F10 to boot. After OS starts, a csd_housekeeping process will check disk, taking a couple of minutes. Results where ? Change to the boot script is not persistent; it will be gone next time you restart.

    After doing all this, someone told me to do "e2fsck -n -f /dev/sdaN" at CLI (after booting), and it tells me my root filesystem has all kinds of problems: orphan inodes, inode bitmap problems, free block count wrong, directories count wrong, etc. Same for /home filesystem. But someone else says: "If you run fsck on a mounted file system, you'll see errors all over the place because the system often defers writing data or 'tidying up' information already on the disk, especially for open and locked files associated with running processes. The only way to fsck the system partition sensibly is at boot time, when it can be temporarily unmounted by the booting process and before anything reliant on the disk loads, or better, booting with a separate device / partition entirely, e.g. a boot disk or USB."

    Log from boot process is /var/log/boot.log It says it checked both root and /home. It shows some details from checking root, but no details for checking /home. No errors reported, but it also doesn't explicitly say "no errors found".


  38. Installed Clamtk anti-virus through Mint's Software Manager, and ran it.

  39. Wanted to do some torrenting, found that Qbittorrent already is installed, by default.

  40. Decided to try Mega.nz for backups. Created an account, installed Megasync (or it was installed by default, I'm not sure). It's a storage/sync service, not a backup service. Has Linux GUI. 50 GB free storage. No way to exclude individual files in a folder, or exclude sub-folders.

  41. Running several apps (Firefox, Tor, GIMP) and launched a video in VLC, and the system froze solid except for the mouse-pointer. Had to power off and restart. Second freeze in the 10 days or so since I installed Linux.

  42. After 14 days or use, a third solid freeze (not even mouse working), and Nemo file explorer has crashed half a dozen more times.

  43. A few days later, a freeze while in the Lock screen, mouse cursor still moves, something is touching disk every now and then, looks like maybe my keyboard is bad and filled the password field with characters. The keyboard has been a bit flaky in other ways too, occasionally producing a spurious PgDn keypress or a spurious "turn off touchpad" keypress while I'm typing.

  44. Installed Psensor (to check hardware temperatures) through Mint's Software Manager.

  45. Firewall and VPN:

    I went down a bit of a rabbit hole for a while, tweaking iptables a lot, then shutting down some listeners, and doing some testing. Also, new releases of Windscribe VPN client changed its effect on iptables a bit.

    To see what incoming ports are open and/or have listeners, do "sudo netstat -tulpn" or "sudo netstat -tulp". (Also "sudo ss -lptu") For all ports, do "sudo netstat -tuap".

    To see what iptables looks like, do "sudo iptables -L -v".

    Ran a couple of net-testing apps on my phone (which is on my LAN), targeting my PC, and they show all ports blocked, no response to ping, no services offered.

    See Tightening Security section of my "Using Linux" page.

  46. About Nemo crashing, someone said that happened to them in the past, if you see Nemo starting to be weird then at CLI you can do "nemo -q" and "nemo -n" to stop and restart Nemo.

    About the freezing, they said: "Something to try when the system becomes unresponsive is Ctrl+Alt+F1. Assuming the system is listening at all, this ought to switch to a text-only terminal (no GUI at all) that will allow you to log in, check and kill processes that look problematic through the command line. Usual caveats apply about taking care and at your own risk, etc. Ctrl+Alt+F7 or Ctrl+Alt+F8 will switch back to the GUI if it is still running / has been made to function again."

    Had an OS freeze while at the lock screen, and Ctrl+Alt+F1 did nothing.

  47. I reported my nemo crashes, and the devs quickly pointed at the Dropbox extension in nemo as a possible culprit, so I disabled that extension. But the next day I had another nemo crash, reported that. Later, removed Dropbox and nemo-dropbox from the system. [Much later, someone said nautilus-dropbox is better, maybe.]

    Finally found a simple way to make nemo crash, by plugging and unplugging my external hard drive a couple of times. Reported the details.

    A couple of days later, a dev had me install a changed version of nemo, and the nemo-crash problem seems to be fixed.

  48. Had an OS freeze or two. Then had another, and as with some of the previous ones, it looked like the underlying OS was running (saw disk accesses), so maybe just the mouse/touchpad is frozen. Removed the Synaptics touchpad package and restarted; will see if that fixes it.

  49. Tried to make a 28 GB VeraCrypt NTFS container in a 32 GB USB stick (PNY 32GB, USB 2.0, 28.8 GB free). It fails every time, spends 90+ minutes formatting, goes to the end, asks for sudo password, and then says "Bad file descriptor VeraCrypt::CoreService::StartElevated:517". No container file appears on the USB stick.

    I'm selecting "no file inside container will be greater than 4 GB" each time. Usually select "accessible from other operating systems". Tried formatting container as exfat4 once. "Quick format" option in VeraCrypt never is enabled, no matter what filesystem type I select.

    Realized the stick was formatted as fuse, formatted it as NTFS, no difference. Later noticed that the stick properties say formatted as fuse again.

    Upgraded VeraCrypt from 1.22 to 1.23, by downloading the tar.gz file, extracting "veracrypt-1.23-setup-gui-x64" from it, and running that via "run in terminal". As when I first installed VeraCrypt, can no longer find VeraCrypt through clicking on nemo Start button. Doing "nemo -q" then "nemo -n" didn't fix it. Logged out and logged back in, and that made VeraCrypt appear.

    Still not working. Consulted with people on reddit, no joy. Next day, started working on simplest case to demonstrate the problem so I can file an issue on GitHub, but now it's working ! Went for it, created the 28 GB NTFS container I wanted on the USB drive, worked.

  50. Turned off VPN and tried to use web version of Skype through Firefox; wouldn't work, wouldn't enable the "make a phone call" button. Read that you have to change the "user agent" to "Edge on Windows" to get it to work. Installed "User-Agent Switcher by Linder" into Firefox, and set agent to "Edge on Windows". Got a little further in web-Skype, but it wanted to install a Microsoft plug-in (a .msi file), so no-go. Then tried setting agent to "Explorer on Windows", "make a phone call" button is disabled again. (9/2018)

  51. Through Mint's Software Manager, installed chkrootkit and rkhunter.

    Ran "sudo chkrootkit", and it says "tcpd" is "infected".

    Ran "sudo rkhunter -c". Five system commands (such as /usr/bin/size), "Checking for suspicious (large) shared memory segments", "Checking /dev for suspicious file types", and "Checking for hidden files and directories" were tagged with "warning".

    All checks for specific rootkits by both programs came up negative, so I think my system is fine.

    See Anti-Virus and Malware Scanners section of my "Using Linux" page.

  52. Scroll bars are too narrow for my taste (other people have complained too).

    Edited various CSS files under /usr/share/themes/, but the changes didn't do anything.

    Installed Gnome Color Chooser from Mint's Software Manager, but the scrollbar width setting only affected the Start button menu, not Nemo or other apps. Looks like GCC effectively edited ~/.gtkrc-2.0 to add
    "style "gnome-color-chooser-scrollbar" { GtkScrollbar::slider_width = 45 }
    widget_class "*Scrollbar" style "gnome-color-chooser-scrollbar" " to it. Maybe it made changes elsewhere, too.

    I read that some apps (LibreOffice Writer, Calc) are GTK2.0, others (Nemo) are GTK3.0.

    Created and edited ~/.config/gtk-3.0/gtk.css and put
    ".scrollbar.vertical slider, scrollbar.vertical slider { min-width: 40px; }"
    in it, and that worked for Nemo and Firefox and Xed.

    [Later, after updating to Mint 19.2: System Settings / Appearance / Themes / Settings / Scrollbar behavior / Override ...]

  53. A new version (1.3) of the Windscribe VPN client software came out, and Update Manager installed it. Just had to login to Windscribe again, and it worked. Six or seven rules for Cloudflare in iptables; I thought rules like that were going to go away. A new rule for assets.windscribe.com, which is understandable.

    A week or two later, Windscribe failing to start up, saying "new version available". But I don't see a new version in Update Manager or Software Manager. Did "sudo apt-get update" and then "sudo apt-get install windscribe-cli", it says nothing changed. But now I can connect to Windscribe again.

  54. Wanted to test that my /home is encrypted, and that I can access it from a bootable USB if needed. Booted into a Live session from the same USB I used to install onto hard disk 2 months ago. Opened Nemo, went to hard disk, my /home/user1 dir just has two files in it, "Access-Your-Private-Data.desktop" and "Readme.txt". If I run "Access-Your-Private-Data.desktop", I get an error "cannot execute commands from a remote site". Following instructions in "Readme.txt", if on CLI I run "ecryptfs_mount_private" or "sudo ecryptfs_mount_private", I get an error "encrypted private directory is not setup properly".

    How it's supposed to work, see comment in superuser's "eCryptfs encrypted home - explanation".

    If you use an encrypted home directory, you should keep a backup copy of your mount passphrase ? Run "ecryptfs-unwrap-passphrase" to get it.
    Chris Hoffman's "How to Recover an Encrypted Home Directory on Ubuntu".

    Got script from superuser's "eCryptFS: How to mount a backup of an encrypted home dir?". Had to modify it to work, ended up with MountEncryptedHome.sh which works on Linux Mint 19 Cinnamon run from USB as of 10/2018.

  55. Every time I boot, kernel log contains a bunch of messages starting with "Could not find key with description: [xxxxxxxx]". Turns out lots of people have been seeing this for a couple of years: Cananonical Ubuntu's "ecryptfs-utils package Bug #1718658". Created an account and added my info to the bug report.

  56. 10/29/2018: Had a UI freeze, the first in a couple of weeks. At first the mouse moved but couldn't click anything, then mouse movement stopped. Ctrl+Alt+F1 did nothing. Still occasional disk accesses, and more after I disconnected a USB device, so the underlying OS was still running. No hint of anything wrong in kernel log file after I rebooted.

  57. Through Mint's Software Manager, installed Kontact PIM application. I think it also installed "mysqld-akonadi". Then in Software Manager also installed Kaddressbook and Korganizer. It says "starting personal information management service"; I don't see any new service or listener, but I see a lot of "kworker" processes. Selecting To-Do and then Settings/ConfigureDate+Time gives error "Could not start control module for date and time format". Also, tray icon for Kontact is a blank space. And at shutdown, Kontact in background does not quit, says not responding, have to do "shutdown anyway". KDE Bugtracking System: account creation failed until I turned off VPN.

  58. Key-shortcuts to do things in normal operation:

    Run Keyboard application and click on Shortcuts tab to see them.

  59. Magic key-sequences if stuff goes wrong:

    See Magic key-sequences section of my "Using Linux" page.

  60. You should routinely check a couple of logs to see if anything unusual is happening in your system: "cat /var/log/kern.log" ("dmesg -T" command shows same log, with some useful coloring added), "sudo journalctl --pager-end".

  61. Various errors seen in "sudo journalctl --pager-end":

    • In Settings/Bluetooth, I have no Bluetooth devices and all settings are set to "off". But in output of journalctl, I see this while booting:
      pulseaudio[2770]: [pulseaudio] bluez5-util.c: GetManagedObjects() failed: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. P...
      dbus-daemon[853]: [system] Activating via systemd: service name='org.bluez' unit='dbus-org.bluez.service' requested by ':1.157' (uid=1000)
      dbus-daemon[853]: [system] Failed to activate service 'org.bluez': timed out (service_start_timeout=25000ms)
      
      and the last two lines are repeated occasionally as the system runs. Added this to an existing bug report on Ubuntu.


  62. An update came out, installing "freedesktop". In the log files next morning, I saw that now a GeoClue service is running. Don't want that. Eventually found in Mint's Software Manager you can remove Geoclue-2.0. Removed it, but kept getting a boot-time error from "Redshift". Renstalled Geoclue-2.0. Tried to wire it to show a fake location, but it's always returning zeros for lat/long. My release is 2.4.7-1ubuntu1; newest is 2.5.1. Did "sudo apt-get install geoclue-2.0", but it says I have the latest (from the repositories my system points to). Guess I'll wait until an update comes down.

  63. Had another UI freeze, mouse wouldn't move, ctrl-alt-F1 did nothing, but occasional disk access, so underlying OS was alive. I had been doing some debugging of a VSCode extension, pipes between processes, trying to open new pane, probably something ugly went wrong.

  64. Had another UI freeze a couple of days later, mouse wouldn't move, ctrl-alt-F1 did nothing, but occasional disk access, so underlying OS was alive. I had been doing some more debugging of a VSCode extension, pipes between processes, lots of simultaneous network requests.

  65. Changed to get updates from mirrors instead of central repository: Update Manager / Edit / Software sources.

  66. Now that I have 8 GB of RAM, changed to "shrink inode cache less aggressively" by:
    sudo xed /etc/sysctl.conf
    # scroll to bottom of file
    # add following two lines:
    
    # Improve cache management
    vm.vfs_cache_pressure=50
    
    # save, close, reboot
    















Installing a Server



From people on reddit:


If you're going to allow incoming SSH: change the port it uses, set up key-based login instead of password login, set up two-factor authentication on it, disallow root logins, maybe use fail2ban and ipset to restrict who/where can attempt to access it.

Some alternative web servers: Apache, Nginx, node-http-server.

SK's "Install Apache, MariaDB, PHP (LAMP stack) in Ubuntu 18.04 LTS Server"
Linux4one's "How to Install Apache on Linux Mint 19"
Linux4one's "How to Install XAMPP on Linux Mint 19"
Bryan Kennedy's "My First 5 Minutes On A Server; Or, Essential Security for Linux Servers"
Ubuntu Geek's "Step By Step Ubuntu 18.04 (Bionic Beaver) LAMP Server Setup"
Megha Pandey's "10 steps to secure Linux Server for Production Environment"
imthenachoman / How-To-Secure-A-Linux-Server
trimstray / the-practical-linux-hardening-guide
Kris Wouk's "How to Secure a Linux Home Server"
YourSecurityTech's "Defending Your Apache2 Instance"





Miscellaneous



Buying a new laptop to run Linux:
Ubuntu's "Ubuntu Desktop certified hardware"

Dell sells high-end laptops with Ubuntu pre-installed, but don't expect their Support people to know anything about Linux.

Easy Linux tips project's "Windows 10: how to prepare it for dual boot with Ubuntu or Linux Mint"
Ubuntu's "UEFI"
Adam Williamson's "UEFI boot: how does that actually work, then?"

From Linux Mint Installation Guide:
"The [same] Linux Mint ISO can be booted both in EFI or BIOS mode."

From Linux Mint Installation Guide - Multi-boot:
"If you want to dual-boot or multi-boot with Windows, it is easier and recommended to install Windows first, before you install Linux Mint."

From Linux Mint Installation Guide - EFI:
"If after installing Linux Mint in EFI mode, you are unable to boot due to a Secure Boot Violation, you can try one of the following solutions:
- Re-install, and do not select 'Install third-party software for graphics and Wi-Fi hardware, Flash, MP3 and other media', or
- Disable SecureBoot in the BIOS settings."

From someone on reddit:
"Be aware that 'newly released' laptops are often the most problematic things to install linux on."
and
"Typically on my nvidia systems i use the following kernel boot options to try to get things sane, so i can install: nomodeset,nofb,nosplash,noquiet."

Not sure if this applies to all/most new machines:
To boot Linux on USB (before installing): In Setup, set UEFI mode, disable legacy mode, disable secure boot, set SATA mode AHCI, disable RAID. Reboot, enter your system's one-time boot menu, select the install USB device from the UEFI devices list, not the legacy devices list.

With UEFI, you want an EFI partition of 512 MB, and rest of disk as one partition for Linux ?

On some new laptops, in BIOS Disk Settings, change from RAID to AHCI mode. On some machines, installer can't see any partitions until you do this.



Switching from one distro to another:
From someone on reddit:
apt-clone will create a working list of installed apps which you can backup and then integrate into a new system. Personal configs should come with your /home backup. Get your /home backup in first, then apt-clone your programs. The configs should drop back in nicely. Not perfect, but it's a tidy way of doing things.






Search my site: