Installing a Desktop System

[I have used two laptops so far, one with Legacy BIOS and HDD, other with UEFI and SSD. I have used 16 distros so far, over 4 years. So the following is a mix of those situations.]

Things to know or decide first

  • What kind of processor does your computer have ? Some distributions have different ISO files for different processor families (architectures).

    On Windows, go to desktop, right-click on "My PC", click on "Properties". Look at "Processor" field, and also note whether "System type" is 32-bit or 64-bit.

  • Does your computer have UEFI or "Legacy" BIOS ?
    For partition table: UEFI uses GPT, Legacy BIOS uses MBR.

    On Windows, do Windows-R, run "Msinfo32", look for "BIOS Mode" field.

  • How much free disk space do you have (assuming Windows installed already) ?

    You'll probably need at least 100 GB free if you want to dual-boot Windows and Linux.

    In Windows Explorer, find your main disk, right-click on it, click on "Properties".

  • Does your computer have pretty new hardware ? If so, choose a distro with a pretty new kernel.

  • Boot your computer into a "live session" (run from distro's install image on USB stick) and test for hardware problems (mainly display, graphics, networking, audio, webcam, touchpad). If you have problems, choose a different distro.

  • Do you want to dual-boot Linux and Windows, or boot just Linux ?
    I strongly recommend against dual-booting. Use one OS or the other. Or get a second PC, and have one OS on each. [I think the common misspelling "duel boot" has some truth to it.] Or put a second disk into your machine, and keep one OS on each disk.

    If you want to dual-boot, first you'll have to shrink the Windows partition to make room for Linux partition(s). Don't shrink the Windows partition so far that it has no free space left in it.

    If you're dual-booting, install Windows first. And whenever using or installing/upgrading Windows, disconnect the Linux disk if possible.

    Apparently, at least with Ubuntu 19.10: if you choose ZFS filesystem format instead of ext4, you can't dual-boot on same disk, ZFS needs to manage the whole disk. Choose ext4 unless you're feeling very adventurous.

    Andre Da Costa's "How to Dual Boot Windows 10 and Linux"
    Easy Linux tips project's "Windows 10: how to prepare it for dual boot with Ubuntu or Linux Mint"
    Easy Linux tips project's "How to create a dual boot when preserving Windows seems impossible"
    Chris Xiao's "#SwitchToLinux: How to Dual-boot"
    Arch Wiki's "Dual boot with Windows"
    Christian Cawley's "Windows Update Deleted Linux! What to Do and How to Prevent It"

  • Do you want to keep Linux system ("/") and /home in same partition or separate partitions ?

    Two cases: static filesystem, or filesystem with sub-volumes

    • Using old static filesystems (such as ext4), each mount-point corresponds to a filesystem, which occupies a whole static-sized partition. So you have to decide up-front how big each will be.

      part 3 is 40 GB == root part == ext4 FS == mounts on /,
      part 4 is 210 GB == home part == ext4 FS == mounts on /home.

      So, if root ever grows to 40 GB, you're stuck, that's the limit.

    • Using new filesystems with sub-volumes (such as Btrfs and I think ZFS), each mount-point can correspond to a sub-volume of a filesystem, and the filesystem occupies a whole static-sized partition. You have to decide up-front how big the filesystem will be, but the multiple sub-volumes in it share the total space.

      part 3 is 250 GB == main part == Btrfs FS, and:
      subvolume @ mounts on /,
      sub-volume @home mounts on /home,
      sub-volume @snapshots mounts on /.snapshots.

      So, you're fine until total of root plus home plus snapshots grows to 250 GB. Root could grow to 100 GB as long as the others add up to 150 GB or less.

    If you choose to use static filesystems (such as ext4)

    I strongly recommend a single partition for / and /home. That way you don't have to guess the right sizes, and you'll never run out of space on one partition while having plenty of extra space on the other.

    If instead you used separate partitions, later you could zap the / partition and install a new distro without affecting your /home files. But it's better to just copy the home directory files, install distro, and then restore home files into new system, so having separate partitions isn't much of an advantage.

    From Easy Linux tips project's "39 Frequently Asked Questions about Linux Mint: PART 2":
    I advise against a separate home partition: it only makes things more complicated, while offering no extra safety at all.

    You always want an external backup of your documents, on an external device. A separate home partition is still part of the very same hard drive that all the other partitions are on. And they all die when the hard drive dies ...

    Plus you'll want to erase most of the old application settings anyway, before upgrading or re-installing. Because some of them may cause malfunctions in the new Mint version.

    The settings that you do want to keep, can easily be copied to an external device and then transferred back into a new installation.

    Furthermore, a separate home partition means a non-optimal allocation of disk space, sometimes causing space shortage on either the root partition or the home partition. This is of course especially problematic on small hard disks.

    Other people agree: separate partitions mean you're trying to guess the right sizes (so you don't exhaust one while having lots of free space on the other), and when re-installing it's probably best to blast all of home directory settings anyway (a lot of junk builds up in there).

    For Legacy BIOS system using MBR, reasonable sizes might be 200 MB for boot, size of RAM for swap, 25-30 GB for root, rest of disk for /home. If you're going to use a swap file instead of a swap partition, add another 1.5x the size of RAM to the size of root. If you're going to install huge applications, add more to root (for example, Docker version of OpenVAS takes about 6 GB).
    Archlinux's "Partitioning"

  • The installer may give you no choice at all, or may let you choose only "separate /home and how big should root be ?".

    But, you could choose manual partitioning if you wish.

  • Given the preceding decisions, sketch out list of partitions and how big each one will be.
    My info (after shrinking Windows main by 140 GB) would look like:
    OEM0.1 GB0.1 GB
    boot0.2 GB
    swap4 GB
    root40 GB
    /home95 GB
    Windows main143 GB19 GB
    Windows Recovery14.65 GB6.38 GB

    My system, an MBR system (Legacy BIOS), can have only 4 primary partitions on a disk. But the Linux partitions are logical partitions, not primary partitions. And the bootloader maybe is not counted as a primary partition ?

    I could delete the OEM partition:
    AOMEI's "Simple Steps to Delete Dell OEM Partition Safely in Windows 7/8/10"
    EaseUS's "Free Delete OEM Partition in Windows 10/8/7/XP/Vista"

    I could have no Linux swap partition.
    See "Swap" section of my Using Linux page.

    [After I got a new laptop with 16 GB RAM and an SSD, I changed to using no swap. Works well, except for one case where I ran a huge make and oom-killing kicked in. Maybe I could add a swapfile temporarily when doing a big make.]

    I could make a Windows Recovery USB, and delete the Windows Recovery partition
    Josh Norem's "How to create a Windows 10 recovery USB drive"
    Gary Newell's "How to Delete a Windows Recovery Partition"

    So my info (after shrinking Windows main by 140 GB) would look like:
    boot0.2 GB
    Linux /139 GB
    Windows main143 GB19 GB
    Windows Recovery14.65 GB6.38 GB

    From people on reddit:
    You can use an extended partition table to get around the MBR 4-partition limit. See AskUbuntu's "What does the term 'Extended Partition' mean? Is it safe to use this type of partition?".

    You can use a swap file instead of a swap partition in any case (though technically not required at all). Also keep in mind re-installation will be much easier if /home is separate.


    Within windows reduce your windows partition and create an extended partition using all of your free space. Then in that extended partition you can put / (root) and /home.

    Whether you have one single mint partition or you split your root and home is up to you, personally i prefer separate root and home, makes reinstalling, or recovering from chaos much easier. There's also the question of whether you want a data partition to share with windows.

    So potentially you could have up to three partitions inside that extended one.


    [I asked how to do it:]
    > So I don't have to do anything to create an extended
    > partition, I can just create a bunch of logical partitions ?

    Yes, basically if it allows you to do it, you're fine.
    Someone else says: "Legacy BIOS limited to 4 Primary partitions. One of the primaries can be an extended partition containing numerous logical partitions or as many as your disk can hold."
    But in my experience, most of this planning goes out the window when you get into the Linux installer. Unless you do full-custom partitioning, the installer will make choices without asking you.

  • Do you want to encrypt your whole Linux system disk (all Linux partitions), just /home, or both, or neither ?
    Red Hat's "Encryption"
    Archlinux's "Data-at-rest encryption"
    cryptsetup FAQ
    Consensus seems to be that encryption imposes little performance penalty.

    My opinion: Encrypt the whole (Linux) disk, because:

    • It is very easy for someone with physical access to your system or disk to change the passwords, by booting into Recovery or into a Live session, unless you have the whole disk encrypted.

    • Some of your private info may be outside of /home, in swap, in system temp files, in application local data, in system config files.

    • It defends against the (unlikely) possibility of someone physically grabbing your disk and installing a keylogger or something in the system.

    I wrote this up and got it confirmed by people online:
    I want to dual-boot Linux and Windows, on my machine with Legacy BIOS. Machine already has Windows 10 installed on it.

    I'll have Linux partitions for boot, swap, root, and /home. And the main Windows partition, and the Windows recovery partition.

    • When I install Linux, installer creates boot partition and puts GRUB in it. Windows bootloader is in start of main Windows partition. At system boot time, the BIOS and MBR handle choosing between booting Linux or booting Windows, just by selecting which partition to load bootloader from.

    • When I install Linux, and choose "encrypt the whole disk", it encrypts the swap, root, and /home partitions. But not boot or the two Windows partitions.

    • The swap, root, and /home partitions each get encrypted separately, but with same password. Each has their own LUKS header, so if one gets corrupted, the others are not affected.

    • When I boot into Linux, I give the password once, and it gets applied to all three partitions (swap, root, and /home).

    From /u/suorce on reddit:
    You can use the BIOS to manually select to boot into the Linux or Windows OS, but usually your Linux bootloader will be able to find all the bootable OSes in the system. So just [set the BIOS to] boot into your Linux bootloader [by default], which can provide both the Linux and Windows options. You can set a timeout for that choice with a default OS set. The Windows bootloader will not offer you the choice to boot into your Linux partition.

    From someone on reddit:
    [First they said a dual-boot system can't have "full disk" encryption on Linux. I pushed back on that, saying the installers seem to allow it, lots of articles talk about it. And got this response:]

    With FDE, the installer creates an unencrypted boot partition and another encrypted partition to serve as a container for the rest of the system partitions. Since it is possible to encrypt individual partitions without erasing the disk, it is only a limitation of the installer if this configuration isn't possible during normal installation.
    Some corrections: Apparently in Mint 19 what gets encrypted is not the whole /home partition, but the user's home directory tree, such as /home/user1 and everything under it. And if you want "hibernate" to work, you need either a swap file or a swap partition, probably at least as big as RAM. In Ubuntu 20, different.

    In my experience, most of this planning goes out the window when you get into the Linux installer. Generally you'll get a one-button "encrypt or not" choice. Choose Yes.

  • Which Linux distribution ?

  • Do you want 32-bit version or 64-bit version ?

    64-bit for any modern system.
    If you have UEFI, you must use 64-bit ?

  • Do you want latest official/stable release, latest official/rolling/unstable release, or some unofficial release ? Is there an LTS (Long Term Support) release that is different from latest official release ?

  • You want a binary-only distribution, not source-only or binary-plus-source.

  • Which Desktop Environment do you want ?

  • What Linux filesystem format do you want ? Usually ext4.

  • What computer name and login username do you want to set ?

    Usually best to pick generic names such as "laptop1" and "user1" to avoid giving away information on networks or in bug reports. Best to use only lowercase characters and numbers ?

  • This transition is a good time to straighten out any problems in the way you organize your personal files. What directory-tree structure do you want under your home directory ?

    My structure (I'm not entirely happy with it):
    /home/user1   # home dir
        campics       # transient photos from phone
        Desktop       # created by OS
        Documents     # created by OS; I don't use it
        mywifesname   # data/pics about wife and her family
        Downloads     # created by OS
        Music         # created by OS
        myinfo        # data scripts container, back up to cloud
        myinfo.nocloudbackup   # sensitive local-only, pw mgr db
        myweb         # my main web site
        myweb2        # family tree stuff, used to be on web
        pages         # transient docs and saved web pages to read
        Pictures      # created by OS; transient photos to go elsewhere
        projects      # programming/development projects
        Public        # created by OS or Apache ?  I don't use it
        reference     # eBooks, maps, desktop backgrounds, test viruses
        snap          # created by OS
        Templates     # created by OS
        toread        # eBooks
        Videos        # created by OS; videos, and audio podcasts
        [dot-files]   # .profile, .config, .local, .mozilla, etc
    IDOCS        # mount of LUKS2 container that lives in MyInfo
        config        # configs and credentials
        myweb         # configs and credentials
        travel        # sensitive info about my life in Spain, mainly
    XNEW         # mount of LUKS2 container in MyInfo.NoCloudBackup
    BLACK/BLUE/ORANGE   # mounts of LUKS2-encrypted external backup disks
    # Note: IDOCS is mounted most of the time, others only when needed.
    A good rule of thumb: one page (about 20) of items in each folder, so you don't have to scroll, if the items mainly are folders.

    For use with CLI, best to avoid spaces, and use lowercase, in file/dir names.

Linux Installer idea:
I'd like to see a better installer for Linux, especially for users migrating from an existing system to Linux. The current installation process is confusing and complicated and the user sometimes is surprised at the results.

There should be a two-part installer, where the first stage is a Windows/Mac/Linux program run on the old system, as a planner:
  1. Analyzes your existing PC and Windows/Mac/Linux setup, determines things such as UEFI vs BIOS, Secure Boot, SATA mode, 32-bit versus 64-bit, what disks you have (spinning, SSD, etc), what your partitions and existing OS's are, what the graphics and network interfaces are, how much RAM you have, etc.

  2. Interviews user to find out what they do with their computer and what they want to do under Linux, what hardware they attach, do they use Bluetooth and Wi-Fi etc.

  3. Records some basic system settings such as: what keyboard language is being used, system language, system time-zone, etc.

  4. Maybe offers to save a list of existing installed applications and drivers, so user can re-install them or install alternatives once they get into the new installation. Catches any problems where an exact replacement just does not exist, or a manufacturer just does not support Linux.

    Maybe go through list of applications in Windows and Linux, giving user opportunity to select Linux apps to be installed or not. Encourage use of backup, encryption and AV software.

  5. Interviews user to find out do they want encryption, dual-boot or single-boot or multi-boot, partition sizes, swap partition/file/none, separate / and /home partitions or just everything in / partition, etc.

    Really drills down on WHY do they want dual-boot: could they run a Windows VM or emulator under Linux instead ?

    Do they want a password on GRUB ? Tell them how many passwords they'll have to type to boot and log in, and what each one is protecting against.

  6. Warns about any potential problems such as unsupported language/keyboard, too little disk space, too little RAM.

  7. Shows a diagram of how the partitions will look, what types of encryption will be applied to each, whether whole disk will be encrypted, says how many passwords the user will have to type at boot time.

  8. Decides what drivers and settings must be used in Linux, for graphics and network etc.

  9. Reminds user to do backups, including backups of unusual items such as browser configuration.

  10. Suggests that user delete all cookies and then try using their usual web sites, to make sure they have all the login info saved somewhere.

  11. Suggests that user check if a BIOS update is available for their machine.

  12. Suggests that user run BIOS diagnostics on RAM and disk (good practice).

  13. Reports any BIOS settings user must change (Secure Boot, SATA mode, etc) before installing.

  14. Reports or performs any OS settings user must change (such as Windows "Fast Startup" setting in dual-boot situation) before installing.

  15. Records install-time useful info such as name/password for Wi-Fi.

  16. Downloads appropriate Linux ISO and helps write it to install medium (maybe offering buttons to launch Rufus, Etcher, dd, Disks, UNetbootin, etc), and creates an installer-directive file on the install medium.

  17. Suggests that user be on AC power and wired connection to internet during the install process.

Then user boots from the install medium, and the second-stage Linux installer (pretty similar to today's installer) runs:
  1. Reads the installer-directive file.

  2. Checks that directives file matches the hardware.

  3. Then does the install.

  4. User can override some choices during the install, but not too many (better that they re-run the first-stage program if they're going to mess with partitioning or something).

Wikipedia's "Preseed"
Debian's "Appendix B. Automating the installation using preseeding"
sedlav's "Unattended Debian installation"
Ubuntu's "Appendix B. Automating the installation using preseeding"
I see a bunch of users saying preseed doesn't work on Mint 18 and later.
Fedora Wiki's "Anaconda"
YaST and openSUSE's "AutoYaST Guide"
FOG Project (uses a server and does PXEboot boot over network)
GitHub topic "preseed"
Microsoft's "Windows Setup Automation Overview"
HashiCorp's Vagrant and Packer
Dedoimedo's "WUBI - Windows Ubuntu Installer"

In this, I see little support for a single user on single machine wanting to plan and execute a major change on that machine. There are server solutions, or solutions for using one machine to automate installation on another N machines, or hooks to use a text file to drive an installer. But no wizard to help plan the changes and create that text file.

Some app design details:
  • App has to be desktop, not a web site, and has to be portable.

  • Produce/edit/compare/print a JSON that represents the hardware and software of a system (existing or desired final system).

  • Display/print a set of instructions to change system from one state to another. Some instructions may be manual steps for user to do, others may be directives to an installer.

Started building it: OS-Installation-Planner but got stuck, mostly around questions of disk naming and partitioning.

Things to do before installing

  1. Make a list of all the apps and extensions you use, so you can install same or equivalents later.

  2. Make sure your password manager is updated with all the login info you need.

  3. Do backups !

    And back up or note down things you usually don't back up, such as browser bookmarks, settings of "trained" browser add-ons (such as uBlock Origin, uMatrix, Privacy Badger, CanvasBlocker), contents of Downloads and other temp folders, digital certificates installed in browsers, PGP keys, settings of big apps such as source-code editors and email clients, VPN and firewall settings, etc.

    In Windows, note monitor sizes and resolutions and refresh rates.

  4. Record your Windows product ID.

  5. Maybe make a Windows restore/recovery disk.

  6. Is there anything on your current system that you can't lose ? Try clearing all cookies and then see if you still can log in to key accounts. If there's some problem or dependency, best to find it out before changing OS.

  7. Get distribution's ISO.
    If you wish, you can verify the image:
    Linux Mint Installation Guide's "Verify your ISO image"

  8. Get a writable CD or a flash drive (minimum 8 GB).

  9. Copy distribution's ISO onto a bootable CD or bootable flash drive.
    Universal USB Installer
    Create a bootable USB with N different ISOs on it: Ventoy (attach USB stick, umount USB, sudo sh -i /dev/sdX, sync, remove USB, attach USB, copy ISO to USB, remove USB, boot from USB; note: Ventoy doesn't support Secure Boot)

  10. If your disk is small, or you plan to dual-boot, be aware that probably you need at least 20 GB of disk space for the Linux OS, plus more for your personal files.

  11. Boot into BIOS and make sure booting from USB and/or CD is allowed.

  12. Boot into BIOS and note what graphics and network hardware you have.

  13. Maybe a good time to boot into BIOS and do a low-level disk diagnostic.

  14. Maybe boot into Windows and turn off "Fast Startup" in Control Panel / Hardware and Sound / Power Options / System Settings. This will make Windows do a complete shutdown when you choose "Start / Shutdown". Not sure what would happen if you hibernated Windows, changed partition table in Linux, then booted the hibernated Windows image.

  15. A good time to update firmware/BIOS, if an update is available. But if you're using BitLocker and plan to dual-boot, disable BitLocker first ?


  1. Remove or unplug any extra disks you don't want anything to touch.

  2. Best to have internet connection available while the installer is running. Definitely use wired ethernet if you have a choice between that and Wi-Fi. Have your Wi-Fi login information written down on paper.

  3. If a laptop, best to have AC power connected, and 100% charged battery, while the installer is running.

  4. If needed, boot into Windows and delete the OEM partition and/or Windows Recovery partition.

  5. If needed, boot into Windows and shrink the main Windows partition.
    I think it's safer to do it in Windows rather than do it later in the Linux installer.

    You have done a backup already, right ?

    Don't shrink the Windows partition so far that it has no free space left in it.

    From /u/ss-stamper on reddit:
    1. Remove paging file on the drive in question through the System > Advanced area.
      [In Windows 10: Control Panel > Advanced System Settings > Performance > Settings > Advanced > Virtual Memory. Set to "no paging file".]
    2. Disable boot / error logging to the volume in question.
      [How to do this ?]
    3. Run defrag (such as Auslogics Disk Defrag).
      [Or Microsoft's "Defragment your Windows 10 PC"]
    4. Open up Disk Manager > right click volume > shrink.
    After you finish shrinking, reboot into Windows, make sure everything is okay. And check that you have unallocated space on disk of the size expected: open up Disk Manager.

    After you finish shrinking, I think turn on the paging file again ?

    Tim Fisher's "How to Open Disk Management"
    Microsoft's "Overview of Disk Management"

  6. Attach bootable USB device.

  7. Boot into BIOS, or to boot-device-selection menu, or straight onto USB device.

  8. Boot from that device. Now you're running Live session of Linux.

    If booting failed, maybe: you are trying to boot a UEFI image in a legacy-BIOS system, or vice-versa, or booting a 32-bit image in a 64-bit system, or vice-versa, or booting an ARM image in an AMD/Intel system, or vice-versa, or Secure Boot needs to be turned off, or "nomodeset" is wrong, or your USB-stick is bad, or the stick didn't get written properly ? If you have NVIDIA graphics, try a "safe mode" to boot in ?

  9. Connect to internet.

    [Depending on release version, you might be able to connect later, in the Linux installer, too. But might as well do it here.]

  10. Double-click "Install" icon to run installer.

  11. Choose language, keyboard type, location, date/time. Set user name and computer name. Not sure exactly where in the process these occurred.

  12. Depending on distro, you might get options to "Install third party software" and "do update while installing". Choose both of those.

  13. Installation Type.

    [Note about setting passwords: I want to end up with a good/long encryption password, and a bad/short user account password (because I'm going to type it 50 times/day into sudo). Sometimes while installing it's unclear which password you're setting, or how many places it will be used. When in doubt, set as the good/long password. You can always go in later and change the user account password to the bad/short value.]

    For Mint 19.0, I had:
    Choice here, one of these two:

    • Choose "Install Linux Mint alongside Windows Boot Manager".

      I think this is a bad choice because partitioning and maybe resizing Windows partition will happen automatically.

      Can you also choose "Encrypt the new Linux Mint installation" ? Yes.

      If only one partition slot is empty on an MBR system (3 used out of 4), will installer be smart enough to have no swap partition ?

    • Choose "Something else" (create or resize partitions yourself).

      Can you also choose "Encrypt the new Linux Mint installation" ?
      Dell install instructions for Ubuntu say no, encryption available only if you choose automatic partitioning.

      Create root (logical, use as "ext4", "/" mount point),
      swap (logical, use as "swap"),
      and /home (logical, use as "ext4", "/home" mount point) partitions.
      Boot gets created automatically, or uses existing boot partition ?

      Set "Device for bootloader installation" to the device with the "type" set to "EFI".
      [True whether you have Legacy BIOS or UEFI ?]
      [Will this overwrite the Windows bootloader and put GRUB in there, even on an MBR system ? Or maybe Windows bootloader is in first blocks of Windows main partition, doesn't get overwritten.]

      If you don't create a partition for swap, you'll get a warning message, but just click "Continue without swap space".

    For Ubuntu GNOME 20.04:
    I had two main choices: dual-boot or overwrite Windows.
    Then secondary choices:
    Click Advanced button, or not. Inside there, choose LVM encryption, or ZFS filesystem.
    Choose "custom partitioning tool" or not.

    I had various errors and false starts, but eventually I did "overwrite Windows, and LUKS encryption, no custom partitioning". It failed, and said something like "couldn't tell kernel about new partitioning, you should restart".

    Shut down, and you may have to power off hard.

    I booted and started the installer again, and this time it showed Windows and an existing Ubuntu system (which I think was vestigial, just a partition) on disk. I think I had four main choices: dual-boot, or overwrite Windows, or add new Ubuntu to existing Windows and Ubuntu systems (triple-boot), or overwrite existing Windows and Ubuntu systems and use whole disk.

    I chose "overwrite Windows and Ubuntu, use whole disk, LUKS encryption, no custom partitioning". And this time it worked.

  14. If GRUB install fails, go to BIOS and make sure secure boot is disabled, fast boot is disabled, you have OS image that matches your firmware type (e.g. both are EFI). Sometimes the installer will try to install GRUB on a too-small or inappropriate partition, and you have to do something manual. Maybe see this1 or this2 for ideas.

  15. When done, follow instructions: usually remove USB stick, shut down, power on.

  16. System should boot from hard disk, asking for various passwords (BIOS, disk, user) along the way.

Linux Mint Installation Guide's "Install Linux Mint"
Easy Linux tips project's "How to install Linux Mint 19.1 alongside Windows"
Dell's "How to Install Ubuntu Linux on your Dell PC"
Tecmint's "How to Install Ubuntu 16.10/16.04 Alongside With Windows 10 or 8 in Dual-Boot"
Abhishek Prakash's "How To Install Ubuntu Along With Windows"
Jay LaCroix's "How to dual-boot Linux and Windows"

Easy Linux tips project's "Solutions for 27 bugs in Linux Mint 19.1"

After installing and booting into Linux

+/- Star Wars emperor let the Linux flow through you

[Following instructions assume Debian's "apt" package manager, but syntax is similar/same for Red Hat's "dnf" and Manjaro's "pamac". Exception: "apt show" == "dnf info". ArchWiki's "pacman/Rosetta"]

  1. Login as the username you picked.

  2. Adjust touchpad

    I always turn off "tap to click" and "middle click to paste". Might have to do that for both "mouse" and "touchpad".

    Synaptics touchpad driver has caused freezes / crashes for me on two different laptops, so now I always remove it.

    See Touchpad section

  3. Special software for advanced features of the mouse ?

    See Mouse section

  4. If you're dual-booting and/or going to access the Windows filesystem from Linux, fix the clock.

    Do "timedatectl set-local-rtc 1".
    Or edit /etc/default/rcS and set "UTC=no".

    Mike Beach's "Windows, Linux dual-boot system time issues"

  5. If calendar / date format is wrong (often set to match location, not system language):

    "localectl status"

    To get English language and USA numbers but 24-hour clock, I use locale "en_DK".
    "sudo localectl set-locale en_DK.UTF-8" or
    "sudo localectl set-locale LC_TIME=en_DK.UTF-8"

    Some systems (Manjaro) don't run NTP by default.
    There are two ways to run it: ntpd or systemd-timesyncd.

    # Check the status of both:
    sudo systemctl status ntpd.service --full --lines 1000
    sudo systemctl status systemd-timesyncd.service --full --lines 1000
    # You could disable ntpd.service and enable systemd-timesyncd.service:
    sudo systemctl stop ntpd.service
    sudo systemctl disable ntpd.service
    sudo systemctl enable systemd-timesyncd.service
    sudo systemctl start systemd-timesyncd.service
    sudo systemctl status systemd-timesyncd.service --full --lines 1000

    Look for some settings like Language / Regional or Locale.
    Or in dconf-editor, try "com.canonical.indicator.datetime.time-format", for time in system tray in Ubuntu MATE 20.04 at least.
    Some applications (Caja, calendars) contain their own settings for date/time format.

  6. Connect to internet.

  7. Set repositories.

    See Linux Packaging - Repositories.

  8. Check what graphics hardware you have and what driver you're using ("inxi -G", "lspci | grep -iE 'vga|display'", "sudo dmesg | grep amdgpu").
    Lubos Rendek's "Install the Latest Nvidia Linux Driver"

  9. Update drivers ?

    If system seems to be running okay, I would not do this. You could cause trouble.

    On Mint, open Driver Manager, looked for "recommended" drivers.

    Note: UEFI "Secure Boot" can affect what drivers are used. If your system booted with SB on, but you have some graphics or Wi-Fi problems, maybe try turning off SB and updating drivers.

    Linux Mint Installation Guide's "Hardware drivers"

  10. Figure out if Linux installer did what you wanted:
    • Booting in UEFI or BIOS mode ?

      If UEFI, /sys/firmware/efi/efivars or (old) /sys/firmware/efi/vars exists and has files in it.

    • Secure Boot enabled ?

      sudo mokutil --sb-state
      sudo mokutil --list-enrolled
      dpkg -l '*shim*'
      dnf list --installed | grep shim
      yay -Si shim
      pacman -Ss shim
      zypper search shim
      for m in `lsmod | cut -d' ' -f1 | grep -v 'Module'`; do modinfo "$m" -F name; modinfo "$m" -F signer; done

    • Are / and /home separate partitions, or do you have a / partition and /home is a directory in the / partition ?

      "sudo df -khT | grep /home" will show a /home partition (volume) if it exists. If it's on a real device, you have separate partitions. If it's Btrfs on a map device (such as /dev/dm-0), it's on a Btrfs sub-volume, and "sudo df -khT | grep /dev/dm" will show both / and /home on same map device.

    • What got encrypted ? Check order and number of passwords you have to give when you boot:

      It's complicated, there can be many passwords:
      1. BIOS password.
      2. Disk hardware encryption password.
      3. Maybe disk software encryption (LUKS) password (if /boot/grub is inside encrypted partition; openSUSE at least).
      4. Bootloader password.
      5. Disk software encryption (LUKS) password.
      6. Linux user account password.

      The typical cases are 1+6 or 1+5+6.

      • If you don't have to type a BIOS password, then there is no password set in your BIOS. You probably should change that. Following steps assume you have a BIOS password.

      • If you have to type BIOS password, then another password before you see anything about GRUB or Linux, you probably have hardware (in disk controller) or software (ZFS ?) full-disk encryption. Following steps assume you don't have this.

      • If you have to type BIOS password, maybe see GRUB menu, see prompt such as "Please unlock disk sdaN_crypt" or "Enter passphrase", then type disk password, see Linux user name, then type Linux user password, you have full-Linux-extended-partition (LVM) encryption.

        The boot partitions will be unencrypted ("sudo df -khT | grep boot" shows that).

        There is an LVM encrypted volume group (in "/dev/sda6" or "/dev/nvme0n1p3" on my systems), and your root, swap and other volumes/filesystems are inside that encrypted volume group ("lsblk -f /dev/sda" or "lsblk -f /dev/nvme0n1" shows that).

        This will use dm-crypt ("device mapper") to make mapped devices ("sudo df -khT | grep -E '/dm|/mapper'" shows that). The encryption framework/header usually will be LUKS ("sudo cat /etc/crypttab" shows that), but also could be other (plain dm-crypt, loop-AES, TrueCrypt/VeraCrypt, BitLocker). To see if "luks" in there means LUKS1 or LUKS2, do "sudo cryptsetup luksDump /dev/sda6 | grep 'Version:'" or "sudo cryptsetup luksDump /dev/nvme0n1p3 | grep 'Version:'". Also see cryptsetup.

        But many different ciphers can be used within the LUKS framework, which just calls kernel encryption functions. To see the cipher used, do "sudo cryptsetup luksDump /dev/sda6 | grep -i cipher" or "sudo cryptsetup luksDump /dev/nvme0n1p3 | grep -i cipher". Probably it will be "aes-xts-plain64", which is AES-256 or equivalent. Run "cryptsetup benchmark" to see all algorithms available in your kernel ?

        If using LUKS on SSD:
        Add "discard" to end of line (4th field) in /etc/crypttab

        Once you get through the mapping and encryption, the decrypted block device contains a standard filesystem such as "ext4" ("sudo df -khT | grep '/$'" shows that).

        Make a backup of your LUKS header: see LUKS encryption section of my "Linux Storage" page.

      • If you only have to type BIOS password, maybe see GRUB menu, see Linux user name, then type Linux user password, you have either:

        • User-home-directory encryption.

          "sudo df -khT | grep /home/" will show a /home/USERNAME/.Private volume with type "ecryptfs". Also do "ls /home/.ecryptfs" ?

          "ecryptfs" is a filesystem type with encryption built in. It actually stacks on top of a directory and replaces it with a filesystem, it doesn't handle a partition. ArchWiki's "eCryptfs"

          Make a backup record of your eCryptfs mount passphrase (which is derived from your password). "ecryptfs-unwrap-passphrase"

          See eCryptfs section of my "Linux Storage" page.

        • No encryption.

    • Is there any free (wasted, un-partitioned) space left on disk ?

      "sudo parted /dev/sda print" or "sudo parted /dev/nvme0n1 print".
      Maybe you will see a few small (less than 1 MB) interstitial free spaces needed to adjust alignment.

      "sudo fdisk --list /dev/sda" or "sudo fdisk --list /dev/nvme0n1"

      Maybe (do this carefully): "sudo parted /dev/sda" or "sudo parted /dev/nvme0n1" to get into interactive mode, "p" to list partitions, "align-check opt N" to check alignment for each partition, "q" to quit.

      Maybe (do this VERY carefully): "sudo fdisk /dev/sda" or "sudo fdisk /dev/nvme0n1" to get into interactive mode, "n" to try to create a new partition, see message saying "No free sectors available", "q" to quit without saving. On a GPT disk there probably WILL be free sectors below sector 2048.

      Scott McBrien's "Where did my disk space go?"

    • What kind of swap is implemented ?

      "swapon --show"

      See "Swap" section of my Using Linux page.

    If some of these are seriously wrong, now is the time to fix them or re-install.

    Raiders of the Lost Ark: you have chosen wisely

  11. With SSD, I like to do fsck at every boot.

    For / as ext4 filesystem on LUKS:
    "sudo tune2fs -c 1 /dev/mapper/vgkubuntu-root" (Kubuntu)
    "sudo tune2fs -c 1 /dev/mapper/vgubuntu--unity-root" (Ubuntu Unity)
    "sudo tune2fs -c 1 /dev/mapper/data-root" (Pop!_OS)
    "sudo tune2fs -c 1 /dev/mapper/SolusSystem-Root" (Solus)
    "sudo tune2fs -c 1 /dev/mapper/luks*" (Ubuntu ?)

    "sudo tune2fs -l /dev/mapper/NAME | grep 'Last checked'" (to see when last checked)

    To check results of fsck:
    "sudo journalctl --since=today | grep systemd-fsck\\["
    (Appears to be checking only boot partition, not LVM/LUKS partition ?)

    Seems to be no equivalent for Btrfs filesystem.
    You could manually do a "sudo btrfs check --readonly --force /dev/mapper/luks-SOMETHING", or create a systemd unit to do it at boot time.

  12. If SSD, how is TRIM being done ("sudo systemctl status fstrim.service fstrim.timer --full --lines 1000" or "sudo systemctl status btrfs-trim.service btrfs-trim.timer --full --lines 1000"), is noatime set (look in "mount | column --table" or "findmnt -A"), do you want to set "lazytime", are partitions aligned to 1 MB or 2 MB boundaries, is full nominal disk space used ? There are various other tweaks. See Solid-State Drive (SSD).

    If the fstrim services are not running, do: "sudo systemctl enable fstrim.service fstrim.timer" and "sudo systemctl start fstrim.timer"

  13. Update software. There may be nothing to update at this point.

  14. Check power-management settings (if any).

    See "Battery / Power Management" section

  15. Turn off features you don't want: file-sharing, Telnet/SSH server, whatever.

    Run System Settings application and click through many of the icons.
    "sudo service --status-all"
    "sudo systemctl status"
    "sudo systemctl --failed"

    Maybe turn off file-search-indexing.
    On KDE: "balooctl disable"
    On Unity: Unity Tweak Tool - Search - Enable search of your files.
    On GNOME: tracker. "man tracker-control".

    Maybe turn off background repo updates.
    On Fedora:
    "sudo systemctl status dnf-makecache.timer"
    "sudo systemctl disable dnf-makecache.timer"
    On GNOME:
    "gsettings set download-updates false"

    Maybe turn off unattended updates:
    On Ubuntu: "grep 'APT::Periodic::Unattended-Upgrade' /etc/apt/apt.conf.d/*" and edit that line of that file. Also "sudo apt remove unattended-upgrades" ?
    On KDE: System Settings / System Administration / Software Update, set to "Manual". And un-check the "Use offline updates" option.

    "sudo ss -lptu" to see what listeners are running.
    Probably don't want to see SSH or Telnet or RDP in there.
    If you don't want kdeconnectd, see KDE Connect.
    "nmap localhost" to see what ports are open.
    Or from a smartphone or another computer, do a port-scan of this Linux system to see if any ports are open.

  16. Turn on security controls.

    Probably install firewall "gufw" and enable it, with Incoming set to "Deny". Then "sudo systemctl enable ufw.service" and "sudo systemctl start ufw.service". I think it's normal that "sudo systemctl status ufw.service" shows a "Starting ..." and then immediately "Finished ..." ?

    "sudo apt install openvpn NetworkManager-openvpn"
    "sudo apt install network-manager-openvpn"

    See Tightening Security section of my "Linux Controls" page, especially about password store, VPN, and firewall. Also see macchanger section of my "Computer Security and Privacy" page. And I like to turn off IPv6.

    After doing any VPN or firewall stuff, reboot and make sure the VPN comes up automatically and the firewall settings are persistent.

    [I didn't do these:] Particular to SUSE: Configure YaST Security to the recommended settings. Set openSUSE PolKit default privileges to standard. Add my user into Trusted and other relevant groups, e.g. Flatpak, Firejail, etc.

    Outbound firewall: OpenSnitch

  17. What accounts exist and what are their passwords ?

    # To see accounts that can log in:
    sudo grep -v ':\*:' /etc/shadow | grep -v ':\!:' | grep -v ':\!\!:' | grep -v ':\!\*:'
    # [Maybe] To see accounts that can do "sudo" to root:
    sudo grep -E '^sudo|^wheel' /etc/group
    getent group sudo
    getent group wheel
    sudo grep 'ALL=' /etc/sudoers

    See Accounts section of my "Linux Controls" page.

  18. If you haven't already, deliberately shut down and then power on again, to make sure booting works okay.

  19. Kernel selection:

    Ubuntu automatically boots into the most recent Linux kernel. If you have Legacy BIOS (not UEFI), and want an option to choose a kernel, you could install GRUB Customizer (I haven't done this): do "sudo apt install grub-customizer", launch it, go to General Settings, change "Boot default entry after" to a value higher than 0 seconds, go to Advanced Settings, change GRUB_TIMEOUT_STYLE to 0. Save the configuration.

  20. Snaps on Ubuntu 20.04:
    • I was planning to disable all snaps and flatpaks. But I decided to leave them in use, and see how well they functioned.

    • If you want to replace existing snaps with non-snaps:

      Maybe follow instructions in Kevin Custer's "Disabling Snaps in Ubuntu 20.04", or:
      snap list
      snap remove [packages]
      apt install [packages]
      And then to prevent re-installation of snap, create /etc/apt/preferences.d/99-Prohibit-Snapd :
      Package: snapd
      Pin: release a=*
      Pin-Priority: -10

    • Pratik's "How to Remove Snap From Ubuntu"
      Maybe some of:
      # remove Ubuntu's default store
      snap remove snap-store
      # install a store that can handle snaps, debs and flatpaks
      sudo apt install gnome-software
      # Optional: show and install flatpaks in the software center.
      # Note: some distros (Fedora) have their own Flatpak hub.
      # Look first in the Store application for a way to turn on Flatpak.
      sudo apt install gnome-software-plugin-flatpak
      flatpak remote-add --if-not-exists flathub
      flatpak remote-add --if-not-exists flathubbeta
      # then reboot

    After 5 months of using snaps, I find a few have small IPC or directory-permission bugs, but most work fine.

  21. Install some useful stuff:

    Tweak these as you wish. Some apply only to certain DEs, some may be installed already.

    sudo apt install dconf-editor curl inxi traceroute
    sudo apt install whois mtr net-tools nmap ping6
    sudo apt install efibootmgr smartmontools
    sudo apt install exfat-fuse exfat-utils btrfs-progs rename mlocate
    sudo apt install imagemagick youtube-dl exiftools exiv2 ffmpeg jq sshpass
    sudo apt install tidy codespell p7zip-full most unrar
    sudo apt install macchanger postfix mailutils
    # Needed in Ubuntu GNOME with Nautilus file-explorer:
    # Also for Thunar file-explorer in Xfce:
    touch ~/Templates/newfile.txt    # add "New Document" item to file-explorer
    # For man pages and terminal; bad if terminal has white background
    # add to end of .profile:
    export PAGER=most

    If you plan to do some development or compiling:
    # Debian family:
    sudo apt install git build-essential libtool intltool clang
    # Fedora:
    sudo dnf groupinstall "Development Tools"
    # or:
    sudo dnf install @development clang
    # Red Hat family:
    sudo yum groupinstall "Development Tools"
    # Manjaro:
    sudo pamac install base-devel
    # Arch family:
    sudo pacman -S base-devel
    # openSUSE:
    sudo zypper install -t pattern devel_C_C++

    If you want Snaps:
    sudo apt install snapd plasma-discover-snap-backend

    If you want Flatpak:
    # Note: some distros (Fedora) have their own Flatpak hub.
    sudo apt install flatpak plasma-discover-flatpak-backend
    flatpak remotes
    sudo flatpak remote-add --if-not-exists flathub
    sudo flatpak remote-add --if-not-exists flathubbeta

    If you want Docker:
    sudo apt install docker docker-compose

    If you want Openbox window manager:
    sudo apt install openbox obconf tint2 network-manager-applet volumeicon

    In Kubuntu or Ubuntu Unity, for VPNs:
    sudo apt install network-manager-openvpn network-manager-strongswan

  22. Install or update multimedia codecs.

    Linux Mint Installation Guide's "Multimedia codecs"
    On Ubuntu 20: "sudo apt install ubuntu-restricted-extras"
    On Kubuntu: "sudo apt install kubuntu-restricted-extras"
    On Zorin OS: "sudo apt install zorin-os-restricted-extras"
    On openSUSE: "sudo zypper install opi" and "sudo opi codecs"

  23. Install applications.

    Launch the "Ubuntu Software Center" or similar application.
    On Fedora, also "sudo dnf group list -v".

    From Easy Linux tips project's "Avoid 10 Fatal Mistakes in Linux Mint and Ubuntu":
    "Never remove any application that's part of the default installation of Ubuntu or Linux Mint."
    [But I think removing clearly isolated applications such as GIMP or VS Code or Qbittorrent or vim would be fine.]

  24. Set Update frequency and do Updates.

    Launch the Ubuntu "Software Updater" or similar application.
    Dave Merritt's "Getting Started with Linux Mint? Focus on These Three Tools"
    Easy Linux tips project's "Update Manager: understand and optimize it"

    Note: "A manually installed application receives no updates from Mint!"

  25. Remove Linux telemetry-type things:
    There is a spectrum of things that range from "tracking users" to "gathering statistics" to "as a side-effect possibly could be used to track you" to "reporting bugs". This section lists many mechanisms, but you have to judge for yourself which ones you accept or want to disable.

    Some of the information here is for old releases of software only. But you may want to check for yourself anyway.

    Apparently there is a unique "machine ID" generated at installation or first boot:
    cat /etc/machine-id
    cat /var/lib/dbus/machine-id # maybe link to /etc/machine-id
    man machine-id
    # could change to generic value (the Whonix ID):
    #    b08dfa6083e7567a1921a715000001fb
    # after changing, system journal fails until reboot

    On Ubuntu-family:
    # See if a report has already been sent:
    ls -l $HOME/.cache/ubuntu-report
    # If a report has already been sent, you could do:
    ubuntu-report -f send no
    # See history of crash-reports sent from this machine:
    xdg-open$(sudo cat /var/lib/whoopsie/whoopsie-id)
    # Apparently popularity-contest has been broken since 18.04 anyway.
    # Remove stuff:
    sudo apt remove popularity-contest ubuntu-report
    sudo chmod a-x /etc/cron.daily/popularity-contest
    # apport is for bug-reporting; I wouldn't remove it.
    # Same with KDE's drkonqi.
    sudo sed -i "s/ENABLED=1/ENABLED=0/" /etc/default/motd-news
    sudo systemctl disable motd-news.timer
    sudo systemctl disable motd-news.service
    # new "apt news" facility ?  not sure this is right:
    apt-config dump | grep -i news
    sudo pro config set apt_news=false
    # Ubuntu Pro:
    pro status

    Some other distros have similar stuff, such as a "census" on Zorin OS.

    Debian had/has a popularity contest:
    sudo apt remove popcon python3-popcon

    Red Hat family, but unlikely to be installed in your system:
    sudo dnf remove collectd fedora-coreos-pinger

    Arch family: pkgstats.

    A thing with a suspicious name, but it's not evil: Linux Uprising's "How To Completely Disable Tracker, GNOME's File Indexing And Search Tool". I wouldn't disable or remove it; just go into Settings / Search and dial it down.

    Karim Buzdar's "How to force Ubuntu [18.04] to stop collecting your data from your PC"

    See "Network Manager connectivity-checking" section of my Linux Networking page

    Some counting can be done if the system uses a distro-specific time server.
    See "Time service" section of my Using Linux page.

    Some counting can be done via the package manager's update mechanism.
    Fedora Docs' "DNF Counting"
    Fedora: set "countme=false" in /etc/dnf/dnf.conf
    openSUSE: delete or rename the file /var/lib/zypp/AnonymousUniqueId
    On systems that use rpm-ostree, mask the rpm-ostree-countme timer.

    ANY package-manager system can be used to do telemetry/counting: package manager asks repo X if any updates, now server for repo X knows that something at your IP address A is running the distro that uses that repo.

    Core dumps can contain sensitive info, and get sent to the developers ?
    Vivek Gite's "How to disable core dumps in Linux"
    Michael Boelen's "Understand and configure core dumps on Linux"
    Red Hat's "How to stop abrt from generating/detecting crash report for selected executables?"
    There may be a way in AppArmor to disable core-dumping for a specific application ?
    Developer of an app can prevent parts of its memory from being included in crash dumps, via madvise(2) MADV_DONTDUMP.
    Ubuntu Wiki's "Apport"
    KDE's drkonqi.

    If you install Firefox from distro's repo, it may come with an "about:config" setting "app.partner.DISTRONAME" set to distro's name. There seems to be no way to delete this setting; all you can do is change the value, but the name still reveals what distro you're using.

    Also there are some "distribution.*" settings that show your distro type and version; some can be deleted, others can't.

    Also maybe "" ?

    Also maybe "browser.partnerlink.*" ?

    And there is a distro-specific Google API key, so if you set browser to use Google's features (maybe "block dangerous content" ?), you're telling Google what distro you're using.

    And there is a distro-specific Mozilla API key, so if you set browser to use Mozilla's location service, you're telling Mozilla what distro you're using.

    Maybe all of this is not a big problem, but the only way to stop it is to install a generic Firefox from Mozilla's site.

    Snap package management:
    From someone on reddit 8/2022:
    "the telemetry of snap is just the list of snaps installed, their version, the country you are in, and maybe hardware info, all of which is anonymized, it's mostly for update and global stats."

    According to the "Metrics" section of all that is known (about your machine) to the snap's dev is what distro the snap is being used on.

    Snapcraft's "Snap Store metrics" says this is stored on your machine: "an anonymous identifier, the device-serial, ... the identifier persists for the lifespan of the machine."

    See and change that device-serial ID stored on your computer:
    snap model
    sudo jq .data.auth.device.serial /var/lib/snapd/state.json
    sudo sed -i "s/OLDVALUE/NEWVALUE/" /var/lib/snapd/state.json
    I think you'd want to change it periodically, maybe once a week ? But they still could track you by IP address if they wanted to.

    There are system-config-reporting apps that (so far) you'd have to install and run deliberately: gnome-info-connect, ubuntu-report, kuserfeedback-bin (on KDE, slider in System Settings - Personalization - User Feedback).

    There are other system-config-reporting apps that you'd have to install and run deliberately AND specify a destination server: sosreport.

    Summertime Tech's "Distro Telemetry Watch"
    Summertime Tech's "Linux Telemetry"
    Jake Edge's "Fedora, UUIDs, and user tracking"
    KDE Community's "Telemetry Use"
    The Cat's "KDE's Telemetry: The Tip Of The Iceberg?"
    "ls $HOME/.config/"'s "Stop using DICT dictionary apps (such as GNOME/MATE Dictionary)"
    Rob O'Leary's "VS Code - What's the deal with the telemetry?"

  26. Test and adjust various things: display, touchpad, microphone, camera, using USB devices (external disk, camera, flash drive, Android phone), playing audio and video, etc.

  27. Test and adjust various applications: browser, word-processor, etc.

    4/2020, on Ubuntu 20.04, some quirks I found:
    • Ubuntu Software - Installed is very slow when removing apps; wait for it to ask for sudo password, and it might take 15 seconds before asking, then more time to actually remove.

    • How to install GNOME shell extensions ?

      See install GNOME shell extensions.

      Install "GNOME Tweaks" application, which will give lots of controls (but not scrollbar width, apparently that's in theme) and will manage extensions once you get them installed.

    • Decided I can't live without Mint's Pix app. Installed it in Ubuntu; see Pix section of my Using Linux page.

    Needed to install "GNOME Software Center" to get apt/deb and flatpak versions of apps.
    sudo apt install gnome-software gnome-software-plugin-snap gnome-software-plugin-flatpak
    Now I have two apps with identical red-A icon: snap store is "Ubuntu Software" and all-formats store is "Software". In the all-formats store, for any particular app, check the "source" field to see what format it is.

  28. Install fonts ?

    I'd say: don't mess with this until after you've used the system for a while, and maybe found you really don't like the fonts.

    See Fonts.

  29. Miscellaneous settings I like.

    Turn off Bluetooth.
    Turn off KDEConnect: "sudo apt remove kdeconnectd".
    Turn off any wallet or keyring functionality.
    Turn off Search inside files ("baloo" on KDE).
    Turn off multiple workspaces, desktops, activities.
    Add any helpers to file-manager, such as LUKS service menu to Dolphin.
    Turn off CPU security mitigations (CPU).
    Disk-IO reduction for browsers: Browser profile caching.

  30. Install a printer.
    Dell's "How to install and configure a Dell Printer using the Ubuntu Operating System"
    System default paper size: "cat /etc/papersize"
    "man papersize"
    I'm in Europe, I want A4 size. "sudo echo a4 >/etc/papersize"

    Under Mint 19.0, I think I just plugged in the printer (HP Deskjet 3634) through USB and it worked.

    Under Ubuntu GNOME 20.04:
    TWO printers show up, one with address "localhost", other with address "Deskjet 3630 series [SERNUM]. ipp. tcp.local". And once or twice that second one disappeared from Settings / Printers, and then re-appeared (maybe I had a loose USB connection). Then when I tried to actually print something, nothing worked, just get "not connected" message.

    Eventually by power-cycling printer, enabling the check-box "share printer to network", and "start CUPS service" I got a page to come out, but by then I had FIVE printers appearing in the list ! Three of them say Model "HP 3630 series", which is correct, but two say Model "HP 3638 all-in-one", which is not. Two of them show Location "SYSTEMNAME", one shows Location empty, others show no Location field at all. A little later, I powered off the printer and disconnected it, and one of the five went away.

    A day later, using the printer as a scanner worked after a slight hiccup: two printers appear in list, and the one with a serial number in the name worked.

    A week later, I went to a Win10 machine and set up that HP 3634 printer to connect through Wi-Fi instead of USB. Went back to my Ubuntu machine, to Settings / Printers, deleted all 4 or 5 printers, and one of them popped up again. It was the HP 3634 on Wi-Fi. Printed to it, and it worked. Scanned from it, and it worked. Simple. [But later the printer keeps showing up as 4 or 5 devices.]

    Under Ubuntu MATE 20.04:
    Printer already has Wi-Fi enabled. Went to Settings / Printer app. Powered printer on. Icon for printer appeared in app. Right-clicked on it, set as system default printer.

    I'm hearing same from other people: using printer through Wi-Fi is the way to go.

    Later changed home Wi-Fi network. No way to get printer onto new Wi-Fi using Linux. Have to use a Windows machine. Even printing/scanning through USB isn't working most of the time.

    Tried smartphone:
    Turn off VPN on phone.
    Install "HP Smart" by HP Inc app on smartphone.
    Run app.
    Power on printer.
    HP 3634 printer:
    By pressing "I" button on printer, it will print instructions.
    You DON'T want "Wi-Fi Direct"; that turns off normal Wi-Fi on your phone/laptop and makes a peer-to-peer connection.
    Click app's "Set up new printer" button.
    On printer, press and hold Wirelss and Cancel buttons for 3 seconds. Power light will blink for a few seconds.
    App should find printer.
    Give Wi-Fi password.
    Should connect.

    Tried HP utils on Linux:
    sudo apt install hplip-utils
    Turn off VPN on laptop.
    Power on printer.
    Plug USB cable from printer into laptop.
    On printer, no lights on except Power.
    run HPLIP Toolbox (AKA "HP Device Manager") application.
    Remove any existing printers.
    Click "+"
    Select "Wireless (requires a temporary USB)"
    Finds printer.
    Connect through USB.

    For HP printers, on openSUSE: "sudo zypper install hplip", then go to YaST.

    Successor to CUPS: OpenPrinting ?

  31. Install anything special you need.

    For me on Mint 19: install support for WD My Passport Ultra encrypted external hard drives. See Special Hardware section of my "Using Linux" page.

  32. Copy personal files from backup to Linux home directory.

  33. Try opening your files, especially various file types such as TXT, PDF, MP3, JPG, MP4, etc.

  34. Mount Windows filesystem under Linux:
    If you turned it off before, you can boot into Windows and turn on "Fast Startup" in Control Panel / Hardware and Sound / Power Options / System Settings. Now that you're not going to mess with partitions any more, it should be safe to hibernate Windows.

    See Connecting Linux and Windows section of my "Linux Networking" page.

  35. Check the Startup Applications.

    Various ways to add a startup application or script if you want to: see if system has a "Startup Applications" application, create a systemd unit (how), create a .desktop file in /etc/xdg/autostart/, maybe add in GNOME Tweaks, add an entry to crontab, add in ~/.profile.

  36. Set up system backups (maybe with Timeshift), and do an initial snapshot (may take an hour or more).

    Linux Mint Installation Guide's "System snapshots"

  37. Record system settings, for use if you ever need to do troubleshooting later.

    I run a script:

Easy Linux tips project's "10 Things to Do First in Linux Mint 19.1 Cinnamon"
Easy Linux tips project's "10 Things to Do First in Linux Mint 19.1 Tessa"
Dell's "How to configure Ubuntu Linux after it's first installed on your Dell PC"
Mehedi Hasan's "Top 10 Best Things To Do After Installing Linux Mint 19 'Tara'"
Aquil Roshan's "Things To Do After Installing Linux Mint 18.3"
Willi Mutschler's "Installation guides"
Abhishek Prakash's "16 Things to do After Installing Ubuntu 20.04"
Abhishek Prakash's "Things to do After Installing Ubuntu 18.04"
Mike Turcotte-McCusker's "5 Things to do after a fresh install of GNU/Linux"
Dedoimedo's "Fedora 33 essential post-install tweaks"
M.Hanny Sabbagh's "Things To Do After Installing Fedora 36"
Vladimir Mikulic's "21 Things To Do After Installing openSUSE"
DuckDuckGo Blog's "How to Protect Your Privacy on Linux"

Things learned mostly from Mint 19.0 (plus a few Ubuntu 20.04)

  1. USB flash drives:
    I have a USB flash drive which may be corrupted. I see that doing "sudo touch /forcefsck" will force system (root) partition to be checked next time system boots. To check the USB drive, I unmounted it in Nemo. Hovering over the icon showed its device as "/dev/sdb1". In CLI, did "sudo fsck /dev/sdb1". Found some problems, fixed them, but drive still not correct.

    Installed GParted. Only shows one device at a time, have to use GParted/Devices menu item to switch from one to another. Formatted USB drive's partition. Device fixed. Did it to another USB also. They work.

    But Linux seems to handle these flash drives differently than Win10 does. You have to be very careful to software-eject them from Linux, and wait until you see a notification that it is safe to unplug the drive. Writes are buffered/cached, so unplugging a drive too soon can corrupt it. Ejecting using the System Tray icon doesn't give the notification; always eject using File Explorer.

    To turn off write-caching:
    "sudo hdparm -W 0 /dev/devicename"
    But this may result in more writes, which is bad on a flash drive.

    To reduce number of writes:
    Upon mount, set "noatime" (in /etc/fstab, change "defaults" to "defaults,noatime").
    A more-aggressive step: also set "lazytime".
    But removable drives probably aren't permanently listed in fstab.

  2. Filesystem-checking:
    "sudo touch /forcefsck" will force boot and system (root) partitions to be checked next time system boots. But note that Btrfs doesn't have fsck.

    See Force fsck in GRUB.

    Dan Nanni's "How to boot into command line on Ubuntu or Debian"

    After doing all this, someone told me to do "e2fsck -n -f /dev/sdaN" at CLI (after booting), and it tells me my root filesystem has all kinds of problems: orphan inodes, inode bitmap problems, free block count wrong, directories count wrong, etc. Same for /home filesystem. But someone else says: "If you run fsck on a mounted file system, you'll see errors all over the place because the system often defers writing data or 'tidying up' information already on the disk, especially for open and locked files associated with running processes. The only way to fsck the system partition sensibly is at boot time, when it can be temporarily unmounted by the booting process and before anything reliant on the disk loads, or better, booting with a separate device / partition entirely, e.g. a boot disk or USB."

    Log from boot process is /var/log/boot.log It says it checked both root and /home. It shows some details from checking root, but no details for checking /home. No errors reported, but it also doesn't explicitly say "no errors found".

    To check results of fsck:
    "sudo journalctl --since=today | grep systemd-fsck\\["

  3. Firewall and VPN:

    Good idea to enable firewall, especially on a laptop which may be taken out of the home LAN and connected to a public LAN.

    I went down a bit of a rabbit hole for a while, tweaking iptables a lot, then shutting down some listeners, and doing some testing. Also, new releases of Windscribe VPN client changed its effect on iptables a bit.

    To see what incoming ports are open and/or have listeners, do "sudo netstat -tulpn" or "sudo netstat -tulp". (Also "sudo ss -tulp" or "sudo ss -tulp '! ( src or src [::1] )'") For all ports, do "sudo netstat -tuap". Also "sudo lsof -i".

    To see what iptables looks like, do "sudo iptables -L -v".

    Ran a couple of net-testing apps (e.g. Fing) on my phone (which is on my LAN), targeting my PC, and they show all ports blocked, no response to ping, no services offered.

    To use Wi-Fi printer, may have to allow port 631 (IPP) and 5353 (mDNS).

    See Tightening Security section of my "Linux Controls" page.

  4. Scrollbars are too narrow for my taste in various distros.

    • GTK systems, such as GNOME, MATE, Cinnamon, Xfce:

      Create and edit ~/.config/gtk-3.0/gtk.css and put
      ".scrollbar.vertical slider, scrollbar.vertical slider { min-width: 20px; }"
      in it, and that works for Nemo, Xed, Firefox, Thunderbird, Terminal, Settings, Nautilus, Variety, GNOME Web, not VS Code, not KeePassXC, not Liferea, not snap-store, not Tor Browser.

      [Later, after updating to Mint 19.2: System Settings / Appearance / Themes / Settings / Scrollbar behavior / Override ...]

      Edit ~/.gtkrc-2.0 to add:
      style "scrollbar-style"
         slider-width = 9 # for example
      class "GtkScrollbar"   style "scrollbar-style"
      class "GtkVScrollbar"  style "scrollbar-style"
      class "GtkHScrollbar"  style "scrollbar-style"

      /etc/gtk-2.0/gtkrc to affect all users ?
      /etc/X11/app-defaults/* to affect all users ?

      sudo apt install qt5ct

      To affect Qt apps such as KeePassXC:
      Run "qt5ct" and set Appearance / Standard Dialogs to "GTK2".

      I think none of these are needed:
      Add file with "QScrollBar:vertical { width: 20px; }" somewhere ?
      Edit /usr/share/qt5ct/qss/sliders-simple.qss ?
      sudo apt-get install qt5-style-plugins ?
      sudo pamac install qt5-styleplugins ?
      Add "QT_QPA_PLATFORMTHEME=qt5ct" to /etc/environment

    • KDE / Qt:

      To control KDE / Qt apps: ???

      To affect GTK apps: ???

  5. On Ubuntu GNOME 20.04: GNOME desktop issues:

    Default Desktop Icons extension is very limited and can't be removed, and even if you turn it off I think it keeps running.

    To create icons on GNOME desktop:
    e.g. "ln --symbolic -t ~/Desktop /opt/thunderbird/thunderbird".

    Appearances and labels of applications in the left-hand bar can be controlled by editing .desktop files in /usr/share/applications. There also is ~/.local/share/applications, maybe that's for desktop icons ?

    See install GNOME shell extensions.

  6. On Mint 19: Wanted to test that my /home is encrypted, and that I can access it from a bootable USB if needed. Booted into a Live session from the same USB I used to install onto hard disk 2 months ago. Opened Nemo, went to hard disk, my /home/user1 dir just has two files in it, "Access-Your-Private-Data.desktop" and "Readme.txt". If I run "Access-Your-Private-Data.desktop", I get an error "cannot execute commands from a remote site". Following instructions in "Readme.txt", if on CLI I run "ecryptfs_mount_private" or "sudo ecryptfs_mount_private", I get an error "encrypted private directory is not setup properly".

    How it's supposed to work, see comment in superuser's "eCryptfs encrypted home - explanation".

    If you use an encrypted home directory, you should keep a backup copy of your mount passphrase ? Run "ecryptfs-unwrap-passphrase" to get it.
    Chris Hoffman's "How to Recover an Encrypted Home Directory on Ubuntu".

    Got script from superuser's "eCryptFS: How to mount a backup of an encrypted home dir?". Had to modify it to work, ended up with which works on Linux Mint 19 Cinnamon run from USB as of 10/2018.

  7. Key-shortcuts to do things in normal operation:

    Run Keyboard application and click on Shortcuts tab to see them.

  8. Magic key-sequences if stuff goes wrong:

    See Magic key-sequences section.

  9. You should routinely check a couple of logs to see if anything unusual is happening in your system:
    "cat /var/log/kern.log"
    ("sudo dmesg -T" command same log, with coloring added),
    "sudo journalctl --pager-end".

  10. Usually a GeoClue service is running.

    apt list | grep geoclue | grep installed
    systemctl status | grep geoclue | grep -v grep
    sudo systemctl status geoclue --full --lines 1000
    less /etc/geoclue/geoclue.conf
    sudo apt install geoclue-2-demo
    # Run first (may have to change libexec to lib) and leave running:
    # then in another terminal, run:

    If you remove Geoclue-2.0, you'll keep getting a boot-time error from "Redshift".

    Can't seem to wire it to show a fake location. I think there are two options: disable all the providers in the config file so it gives lat 0 long 0 all the time, or set Firefox allowed = false in the config file.

Install GNOME shell extensions

Installing a Server

From people on reddit:
  • VPN: Use this docker container

  • Use for a hostname. It's free for 3 dynamic hostnames. What it does is dns map your dynamic router ip to the hostname you choose so you can go to and it will go to your machine.

  • With your router you'll have to open up the port you use for the vpn. But that should be your only open port unless you run a webserver. Then you open just port 80 and 443 and the vpn. It means you don't expose your ssh port to the world, which is good.

  • Use "fail2ban" (or CrowdSec) and "rsakey ssh". Whatever you do, just don't expose your private keys.

  • A firewall won't really do much; if you're only exposing specific ports that you actually need to connect to, the most you might be able to do with a firewall is limit what IPs can connect to those ports.

Use "cockpit" as a web dashboard to manage your server.
Alan Formy-Duval's "How I use Cockpit for my home's Linux server management"

If you're going to allow incoming SSH: change the port it uses, set up key-based login instead of password login, set up two-factor authentication on it, disallow root logins, maybe use fail2ban (or CrowdSec) and ipset to restrict who/where can attempt to access it.
Rubaiat Hossain's "Everything You Need to Know about Linux OpenSSH Server"

Prutser's "How to securely self-host a website or web app"

Some alternative web servers: Apache, Nginx, node-http-server.

SK's "Install Apache, MariaDB, PHP (LAMP stack) in Ubuntu 18.04 LTS Server"
Linux4one's "How to Install Apache on Linux Mint 19"
Linux4one's "How to Install XAMPP on Linux Mint 19"
Bryan Kennedy's "My First 5 Minutes On A Server; Or, Essential Security for Linux Servers"
Ubuntu Geek's "Step By Step Ubuntu 18.04 (Bionic Beaver) LAMP Server Setup"
Megha Pandey's "10 steps to secure Linux Server for Production Environment"
imthenachoman / How-To-Secure-A-Linux-Server
trimstray / the-practical-linux-hardening-guide
Kris Wouk's "How to Secure a Linux Home Server"
Chandan Kumar's "Secure and Harden Your Apache Web Server"
Detectify's "Common Nginx misconfigurations that leave your web server open to attack"

Alex Kretzschmar's "Perfect Media Server"

Cloud server:
Tim Anderson article about spending limits

See "Self-hosting" section of my "VMs and Containers" page

Buying a new laptop to run Linux

Generic (not just Linux) points

Most statements in here are generalities. As with any recommendations, you will get someone saying "avoid X at all costs, it was a nightmare", followed by 10 people saying "I've used X all my life, never had a problem".

You can't just look at CPU generations to compare performance; they don't follow in sequence. Some i3's are faster than some i7's, some Ryzen 3's are faster than some Ryzen 7's, for example. And every character in a CPU's model number matters; search exactly.
PassMark - CPU Mark
Techrankup's "Laptop Processors Ranking"

I'm in Europe, so have to be careful about keyboards.
Switch and Click's "ANSI vs ISO: Explained"
I came from USA, so I'm used to US-English ANSI.

I want separate buttons for the mouse-clicks, not tap-to-click on the main touchpad. But separate buttons seems to be solely a "gaming laptop" feature these days.

Unless you're doing gaming, best to get integrated graphics instead of a dedicated graphics processor (NVIDIA, AMD). Consumes less space and battery, generates less heat.
article1, article2
Alan Diggs' "Is AMD Really The Golden Child Of Linux?"

SSD UserBenchmarks

Ubuntu's "Ubuntu Desktop certified hardware"
ThinkWiki - Linux ThinkPad Wiki
Liam on Linux's "... caveat emptor still applies"
Someone says "ThinkPad: stick to T or E series".

Dell sells high-end laptops with Ubuntu pre-installed, but don't expect their Support people to know anything about Linux. Lenovo announced Linux support 2020.

Easy Linux tips project's "Windows 10: how to prepare it for dual boot with Ubuntu or Linux Mint"
Ubuntu's "UEFI"
Adam Williamson's "UEFI boot: how does that actually work, then?"

From Linux Mint Installation Guide:
"The [same] Linux Mint ISO can be booted both in EFI or BIOS mode."

From Linux Mint Installation Guide - Multi-boot:
"If you want to dual-boot or multi-boot with Windows, it is easier and recommended to install Windows first, before you install Linux Mint."

From Linux Mint Installation Guide - EFI:
"If after installing Linux Mint in EFI mode, you are unable to boot due to a Secure Boot Violation, you can try one of the following solutions:
- Re-install, and do not select 'Install third-party software for graphics and Wi-Fi hardware, Flash, MP3 and other media', or
- Disable SecureBoot in the BIOS settings."

From someone on reddit:
"Be aware that 'newly released' laptops are often the most problematic things to install linux on."
"Typically on my NVIDIA systems i use the following kernel boot options to try to get things sane, so i can install: nomodeset,nofb,nosplash,noquiet."

[Note: "modeset" would have graphics set to high-res mode by BIOS, and "nomodeset" means have that be done later by Linux user-space.]

OTOH: very old machines may no longer be getting firmware updates from the manufacturer.

Some people say avoid: NVIDIA graphics, Broadcom/Realtek/Mediatek/Qualcomm wireless. But plenty of people use those with no problems.

Not sure if this applies to all/most new machines:
To boot Linux on USB (before installing): In Setup, set UEFI mode, disable legacy mode, disable secure boot, set SATA mode AHCI, disable RAID, disable Intel RST. Reboot, enter your system's one-time boot menu, select the install USB device from the UEFI devices list, not the legacy devices list.

With UEFI, you want an EFI partition of 512 MB, and rest of disk as one partition for Linux ?

On some new laptops, in BIOS Disk Settings, change from RAID/RST/Optane/IntelVMD to AHCI/Off mode. On some machines, installer can't see any partitions until you do this.


I usually buy low-end machines, but it occurs to me that I've used my current laptop for 9+ years. So maybe if I pay an extra $250 or so for a better machine, I get a better experience for an extra $30/year. Plus I use the laptop at least 6 hours per day. Worth it. [Of course, that's a slippery slope, soon find yourself spending $2000 on a laptop.]

My current laptop has 8 GB of RAM; typically about 4 GB are in use. I'm using about 120 GB of disk (80 GB /home, 35 GB /). So 16 GB of RAM and 256 GB SSD should be fine for me.

I briefly considered buying a desktop instead of a laptop. Top CPU performance can be 4x on a desktop, and GPU probably tops out much higher too. RAM and SSD should be about the same as on laptop, I think. But I decided I needed the portability of a laptop.

Open-source laptops

Pinebook Pro
14" screen, limited memory, but $200

Slow CPU, slow RAM, very nice display.
Librem 15 with Intel i7-7500U (maybe 4500 CPU mark; can't find it in benchmarks) and 16 GB and 256 GB SSD about $1700 maybe plus Customs.

Linux-oriented laptops

I'm in Europe, so selection of vendors is different from USA.
I'm focused on 15" display, fast CPU, 16 GB RAM, 256 GB SSD, US-English-ANSI keyboard, don't want NVIDIA.

[Information as of 12/2020:]
  • Tuxedo Computers
    English ANSI keyboard available, but not on all models.
    Tuxedo makes their own "Premium BIOS", which is not UEFI and not coreboot. Coreboot is under development as of 8/2021. I'd rather have standard UEFI. But Coreboot might disable IME ?
    Easy maintenance access, including to replace fans (important to me). BUT: keyboard easy to replace in Aura, NOT easy in Pulse.
    A negative for me is: no mouse buttons.

    Aura 15 with Ryzen 7-4700U (13,800 CPU mark) and 16 GB and 256 GB SSD about €860 incl tax.
    Aura 15 with Ryzen 7-4700U (13,800 CPU mark) and 32 GB and good 500 GB SSD about €1000 incl tax.
    Pulse 15 AMD with AMD Ryzen 4800H (19,100 CPU mark) and 16 GB and best 250 GB SSD about €1040 incl tax.

    /r/tuxedocomputers (and Support is active there)
    12/2020: Large backlog of orders for Pulse 15, don't expect to get it any time soon.

  • Slimbook
    Made in Spain, where I live.
    No mouse buttons.
    UEFI firmware.
    Firmware on KDE Slimbook is InsydeH2O V2.
    Support says they have both ANSI and ISO US-English keyboards; I guess specify when you order. No numeric keypad, which is fine with me, and I think allows bigger keys. But the letters on the keycaps are grey-on-grey; hard to see (maybe see decals ?). Support says they can't print darker because then backlighting wouldn't work, but the contrast is fine anyway, no need. But then they said US-ANSI is the only keyboard with a contrast issue, they changed to their own font on all the other keyboard layouts to improve contrast !
    I wasn't able to find display specs. Support says "60 Hz panel with a brightness of 300 nits".
    Support says: All our laptops have Ethernet ports; no black chassis.
    Looks like Samsung SSD might be 35%-60% faster than Toshiba SSD; hard to tell what the Toshiba models are.

    Essential 15 with Intel i7-1065G7 (9000 CPU mark) and 16 GB and 256 GB SSD about €760 incl VAT.
    KDE Slimbook 15 with AMD Ryzen 4800H (19,100 CPU mark) and 16 GB and default 250 GB SSD about €1030 incl VAT.
    Pro X 15 AMD with AMD Ryzen 4800H (19,100 CPU mark) and 32 GB and best 512 GB SSD about €1230 incl VAT.

    Slimbook's support forum
    Slimbook's tutorials
    Slimbook's tutorial for optimizing use of SSD

    Marcos Costales' "Review Slimbook Pro X"
    Nate Graham's "The superfast Ryzen-powered KDE Slimbook"
    Thom Holwerda's "KDE Slimbook: the best way to run KDE"
    The Linux Experiment's "KDE Slimbook Review" (video)
    "My MECHREVO Code01 (TongFang PF5NU1G) Review"
    KDE Slimbook 15 looks same as TongFang IDG

  • Another in Spain, but only Intel processors: VANT

  • Only Intel processors: SKIKK (Netherlands)

  • Clevo Center (Portugal)

    Clevo (Germany)
    Only English ISO keyboard.

    CLEVO NL51RU Ryzen 5 ULTRABOOK with AMD Ryzen 5 4500U (12,000 CPU mark) and 16 GB and 512 GB SSD about €782 incl VAT (Portugal)
    CLEVO NL51RU Ryzen 5 ULTRABOOK with AMD Ryzen 7 4700U (13,800 CPU mark) and 16 GB and 512 GB SSD about €870 incl VAT (Germany)

  • Schenker VIA 15 Pro

    Only English ISO keyboard.

    VIA 15 Pro with AMD Ryzen 4800H (19,100 CPU mark) and 16 GB and good 256 GB SSD about €1046 incl VAT.

  • Dell

    Only English ISO keyboard.

    Inspiron 15 5000 with Intel ii7-1165G7 (10,600 CPU mark) and 16 GB and 1 TB SSD about €1100 incl VAT.

  • System76

    Shipping to Europe would be expensive.

    Pangolin 15" with AMD Ryzen 7 4700U (13,800 CPU mark) and 16 GB and 256 GB SSD not available yet, no pricing.


    Site often doesn't give exact CPU models, never RAM speeds.

    UbuntuBook 15.6" Alloy with Intel i5-???? (???? CPU mark) and 16 GB and 512 GB SSD about €860 incl VAT.
    UbuntuBook 15.6" Metal Ice with Intel i7-10510U (7000 CPU mark) and 16 GB and 512 GB SSD about €1330 incl VAT.

  • Entroware

    Seems to have mouse-buttons.

    15" Proteus with Intel i7-10510U (7000 CPU mark) and 16 GB and 240 GB SSD about €1060 incl VAT.

  • Juno

    No mouse-buttons.

    Nyx 15" v2 with Intel i7-1065G7 (9000 CPU mark) and 16 GB and 256 GB SSD about €1140 incl VAT.

  • Laptop With Linux

    No mouse-buttons.

    Tongfang PF5NU1G 15.6 with AMD Ryzen 7 4800H (19,100 CPU mark) and 16 GB and 256 GB SSD about €???? incl VAT.

  • Lenovo Legion 5 Gaming Laptop ? Better display (144 Hz), but NVIDIA graphics. Can't get with AMD Ryzen 4800H in Europe ?

From someone on reddit 12/2019:
"System76, Slimbook, Tuxedo and many others are in fact rebranded Clevo laptops. The build quality of these is in general not very good for the price."

Abhishek Prakash's "13 Places Where You Can Buy Linux Computers"

After receiving a new machine

  1. If box is damaged at all, don't accept it from the shipper.

  2. Photo or video the un-boxing.

  3. Record serial numbers of system, motherboard, etc.

  4. Do firmware type and settings seem correct ? UEFI, legacy, Coreboot, or other ? Secure Boot, power management, boot device order, etc. Do you have a TPM and/or a management engine ? Are they enabled ? What is RAM speed ?

  5. See firmware versions (motherboard, SSD) and check for updates.

  6. Run commands to list system hardware ("sudo inxi -F", "lscpu", "lspci", "sudo hardinfo -r", "sudo dmidecode --type 17", "lshw", "hwinfo --short"). (But "dmidecode" info can't always be trusted: article) Did you get what you ordered ? Record the data. Correct keyboard ? Note display resolution and frequency.

  7. Does everything work ? Camera, microphone, speakers, headphones, all ports, SD card slot, charger, Wi-Fi, Ethernet, Bluetooth ?

  8. Any stuck pixels in the display ? Dead pixel test

  9. Set passwords for firmware, disk encryption, user login.

  10. Run RAM tests (in BIOS, boot manager, or OS).

  11. Check the health of your drives. Record the stats.

  12. If SSD, how is TRIM being done ("sudo systemctl status fstrim.service fstrim.timer --full --lines 1000"), is noatime set (look in "mount | column --table" or "findmnt -A"), are partitions aligned to 1 MB or 2 MB boundaries, is full nominal disk space used ? There are various other tweaks. See Solid-State Drive (SSD).

  13. Record typical operating temperatures.

  14. Run performance tests.

  15. If you plan to keep pre-installed OS, check settings, especially disk partitioning and /etc/fstab and mount settings and encryption, run anti-virus scan. What kind of filesystem is being used ? Separate / and /home partitions ? Swap ("swapon --show") ?

  16. If you wish, install fresh OS.

  17. Do all the checks and tweaks you'd do after switching to a new distro: After Installing

  18. Make any recovery or rescue partition or USB stick that you might need later.

  19. Buy a cable-lock to secure the machine ?

  20. Buy a UPS to protect the machine from power surges ?

  21. Buy a fan-tray to keep the machine cool ?

  22. Do any registration / warranty sign-up needed.

12/2020: I ordered a KDE Slimbook 15

[Confusing: in 2022, new machine but with same name. New machine has 5800U CPU, old machine has 4800H CPU. New part number is 15-5.]

€1118 for KDE Slimbook 15 with 16 GB of RAM and 250 GB SSD and US-English ANSI keyboard, shipping to Barcelona.

A virtual credit card didn't work for payment. Had to do a bank transfer instead. You place the order, then they give you details for their bank account, so you can transfer to it.

Stages that the order passes through are shown on the main login page, not the order page, and are: Pending, Paid, Confirmed, Assembling, Testing, Shipped, Invoiced.

[Heard Jim Salter say that Samsung EVO SSD has 8K sector size; I wonder if that will be reflected in laptop's filesystem format. Online I also see that they support hardware encryption.]

Received my KDE Slimbook 15

  1. Received 1 Feb 2021. Box is undamaged. Weight listed as 1 KG.

  2. Quick Start pamphlet says: F2 to enter BIOS. BIOS or Fn+F5 to control fans. Default OS login creds are slimbook/slimbook.

  3. When off, the laptop screen is so matte-black that my phone's camera has trouble focusing if much of the screen is in the picture. The deep black makes problems for the phone camera's auto-focus.

  4. The Ethernet socket is a type I haven't seen before, you have to press down a little door to open it wide enough to take a full-sized Ethernet (RJ45 ?) connector.

  5. Powered on and F2 into BIOS.
    Asks "use previous values ?" and I said no.
    Build date is 11 Dec 2020; probably date built in Taiwan or something.
    CPU type is right, CPU speed is 2900 MHz.
    RAM size and speed are right.
    Noted UUID, Ethernet MAC address.
    "OS Support" == "UEFI OS".
    "SATA Device" == "None".
    "NVMe Device and Controller" == "GIGABYTE GP-GSM2NE3256GNTD (256.0GB)"
    No administrator or user passwords; I set both.
    "Secure Boot" == "Not Active".
    "Launch CSM" == "Disabled".

  6. Tried to F2 into BIOS again, but too slow (I think you have to do F2 before BIOS password prompt), booted into KDE Neon setup. I do have Ethernet connected. Keyboard setup a little tricky; I have US-ANSI keyboard, right choice in list seems to be "English (US, alt. intl.)". Pictures of keyboard layouts don't show arrow keys, space-bar row, function keys row. Set names and login password. Soon was able to log in. Some minor OS updates are available; did them.

  7. Powered on and F2 into BIOS again.
    Along bottom of screen, says BIOS is AMI Aptio version 2.20.1275.
    Field "BIOS Version" is "N.1.07GRP03".
    "EC Version" (that's Embedded Controller firmware) == "".
    No way to do RAM or disk tests/diagnostics.
    Download "Aptio V AMI Firmware Update Utility", extract ZIP, cd into "AMI AFU for Aptio V", cd into "afu / afuefi / 64", extract ZIP, cd into AfuEfi64.
    "sudo cp /tmp/AMI*/afu/afuefi/64/AfuEfi64/AfuEfix64.efi /boot/efi/EFI/BOOT"
    Reboot, Esc to get to EFI menu, run AfuEfix64, do command "/S" to display system's ROMID, do "test1.fw /O" to save firmware to file, do "test1.fw /U" to display ROMID from file. HAVE TO DO GRUB MENU !!!

  8. Powered on and into KDE Neon again.
    I think KDE version "5.20.5" flashed by.
    Kernel version is 5.6.

  9. Did "sudo apt install inxi" and "sudo inxi -F".
    KDE Neon version "20.04 5.20".
    Battery is shown as 91.6 Wh capacity.
    CPU is 8-core AMD Ryzen 7 4800H [found out later: Zen 2] with Radeon Graphics, L2 cache of 4 MB, CPU speed 1400/2900 MHz. But speeds are shown for 16 cores, not 8. AMD specs
    Graphics shown as "AMD Renoir", driver "amdgpu", resolution "1920x1080~60Hz".
    Network 1 is "Intel Wi-Fi 6 AX200" driver "iwlwifi".
    Network 2 is "Realtek RTL8111/8168/8411 PCIe gigabit", driver "r8169", speed 1000 Mbps.
    Local storage 238.46 GiB, 5 GiB used.
    One disk partition, format ext4. ("df -h" shows /boot/efi as 500 M, / as 234 G.)
    System temperatures: CPU 41C, CPU 34C.

  10. Looking for motherboard firmware information.
    Not sure if I have Aptio V or Aptio 4.
    Going to the AMI web site (on my old laptop, in Firefox) made the CPU temps soar; they must be doing some heavy video or Canvas or something on their site ?
    Don't see any updates on or

    Online, people say the system/motherboard is a Tongfang PF5NU1G.

  11. Looking for SSD firmware information.
    Interface is "PCI-Express 3.0 x4, NVMe 1.3".
    Sequential read up to 1700 MB/s, sequential write up to 1100 MB/sec.
    No mention of encryption, so I think not supported.
    "SSD Toolbox" utility is Windows-only.
    Operating temp 0C to 70C.
    TRIM and SMART are supported.
    5/2022: My SSD has firmware version EDFM00.5, but I hear there is EDFM00.7 available. 6/2022: Gigabyte Support says sorry, any firmware is available only through a Windows utility, they don't host the firmware binaries anywhere that they can be downloaded from !

  12. Check SSD:
    "sudo smartctl -i /dev/nvme0n1" gave firmware version "EDFM00.5", "Unallocated NVM Capacity" == 0, "Formatted LBA Size" == 512.
    "sudo smartctl -a /dev/nvme0n1 | less" gave okay info, but interesting: one "Supported LBA Size" == 4096, but it's not used. And four error log entries are shown. But "Media and Data Integrity Errors" == 0.
    [A year later, from combining "Percentage Used" and "Data Written" values, I see that rated lifetime is 200 TBW.]
    OS is set up to do TRIM once a week.

  13. See motherboard type:
    "sudo dmidecode | grep -A3 '^System Information' gives just "PROX15-AMD".
    "sudo dmidecode | less" shows BIOS firmware "N.1.07GRP03", BIOS Revision "5.16", Firmware Revision "1.4".
    Also shows a TPM: vendor ID "AMD", Specification Version "2.0", Firmware Revision "3.42".
    "lshw" shows a PSP (encryption controller) also from AMD.
    "hwinfo" mentions "FBM-PF5NU1G0073GOS" and "PF5NU1G", but that might be overall system.
    Support won't tell me motherboard mfr or model; it's a secret.

  14. SSD partitions are mounted with the "noatime" flag.

  15. I don't see any stuck pixels in the display.

  16. As I feared, the printing on the keycaps is light, but I'll probably get used to it. [No, I didn't, after 2 years still a pain in low-light conditions.]

  17. The keyboard seems to be in some European mode where typing for example "'S" gives a single key "Š" or something like that. I still have a lot of OS locale stuff set to Spain.

  18. Touchpad is slightly left-of-center, and since I'm right-handed I'd prefer it right-of-center. [After 2 years still a pain.]

  19. Did "sudo apt install hardinfo" and "sudo hardinfo -r >out.txt" and "more out.txt".
    Shows "first boot" on 24 Aug 2020 ! Maybe that was a boot of a test system to test the SSD.

  20. Disk setup: no LVM, no LUKS, no swap (neither partition nor swapfile).
    "sudo parted /dev/nvme0n1" and then "print free" shows only two small areas of free space, but it looks like partitions maybe not starting on 1 MB or 2 MB boundaries (fdisk says they are, parted says not, but maybe one is speaking KB and other is KiB).

  21. When booting, I counted 7-8 seconds after BIOS password to prompt for login password.

  22. Ran performance tests.
    Got "The 'powersave' CPU scaling governor is in use; use the 'performance' governor."
    See CPU section
    [Later in BIOS changed "performance profile" from "Silent" to "Balanced". No change, still got message.]
    CPU speed is about 8x that of CPU in my 10-year-old laptop.
    RAM speed is about 40% faster (expected better: 3200 versus 1066).
    Disk write throughput is about 2x, but random-read is 1/4 the speed of old laptop with HDD !
    Disk sequential throughput is about 23x the speed of old laptop.
    Internet access through Ethernet is maybe 3x faster, but I thought we had 100 mpbs service, and I'm getting much higher than that. Maybe ISP set us back up to 600 mbps service ?

  23. Two of the USB ports (the ones with "SS" in the symbol) are USB 3.1, other rectangular one is USB 2.0.

  24. The SD card slot is for microSD.

  25. To test RAM: see "RAM stuff" section

Sent questions to Support
I received my KDE Slimbook 15, and it's working well. Some questions or issues:

1- I have the US-English ANSI keyboard, but in KDE Neon setup it's a little unclear what keyboard to select. I chose "English (US, alt. intl.)". Is that right ?
[Support answers: "select Standard International US".]
[But KDE Neon lists no such keyboard layout.]

2- Across bottom of BIOS screen, it says something like "AMI Aptio version 2.20.1275". Is that Aptio 4 or Aptio V ? Where (in the future) can I check for firmware updates ? On your site, or an AMI site, or where ?
[Support answers: "only update from the Slimbook user download area".]
Later found

3- Does the SSD contain updatable firmware ? Where can I check for that ?
[Support answers: "only update from the Slimbook user download area".]

4- SSD (in smartctl) says "Formatted LBA Size" == 512 but also there is a "Supported LBA Size" == 4096 which seems to be unused. Has the SSD been set up correctly ? Would there be a speed increase by changing to 4K block size ?
[Support answers: "You may gain a small performance boost by doing so at the cost of a loss of disk space. Specially with Linux filesystems that tend to be crammed with small configuration files.".]
[Later I saw this referred to as "Advanced Format 512 emulation (512e)" versus "Advanced Format 4K Native (4Kn)".]

5- Disk partitions are not starting on 1 MB or 2 MB boundaries. [I may be wrong: fdisk says they are, parted says not, but maybe one is speaking KB and other is KiB.] Aren't they supposed to be starting on those boundaries for best performance ?
[Support answers: "The gains from doing this are negligible and not all OS installers take advantage of this.".]

6- Disk performance tests (Phoronix pts/leveldb sub-tests 1,5,7) give strange results. Compared to my old slow laptop with HDD, the sequential fill is about 2x (23 MB/s versus 12 MB/s) but the random read and hot read are about 1/4 (7 usec/op versus 1.7 usec/op). Are these results expected ? I guess I'll test sequential read; the SSD should be much faster, right ? [Yes, it's about 23x the speed of the old system.]
[Support answers: "You can always try to correct that by doing the partition alignment in gparted.".]

7- As I feared, the printing on the keycaps is MUCH too light for easy visibility. You really should fix this somehow. Maybe offer a version with high-contrast printing but no backlighting. I may try buying decals to put on the keycaps.
[Support answers: "Sorry but there is nothing that we can do about that.".]
[Except they could do what I suggested.]

  1. UEFI firmware: to boot into GRUB, after typing BIOS password, press Esc once. Get "Select Operating System" menu.

    Selecting "UEFI Firmware Settings" just takes you to normal BIOS.

    "Advanced Options" just shows possible kernels. BUT: you can select a kernel and press "e" to edit parameters for that kernel.

    Press Esc or "c" for GRUB.
    Get "grub> " prompt.

    See "Using GRUB menu" section

    Xiao Guoan's "Use Linux efibootmgr Command to Manage UEFI Boot Menu"

    To add memtest to the menu, see "Add memtest to GRUB" section

    Thrash some locations in RAM, to see if freq/voltage are okay: Prime95

  2. In System Settings / Fonts: I see "Anti-Aliasing" enabled, "Sub-pixel rendering" set to "RGB", "Hinting" set to "Slight".

  3. In BIOS, do NOT enable "Launch CSM". You will be unable to boot anything until you use F2 to get into BIOS and disable it again.

  4. Tried to boot from USB to install new OS, and got a Secure Boot violation. I didn't think Secure Boot was on. Went into BIOS and turned it off.

  5. Unable to find any keys that affect the boot sequence other than F2 and Esc.

  6. Before wiping OS, tried installing ReFind boot manager, just to try it. "sudo add-apt-repository ppa:rodsmith/refind" and "sudo apt update" and "sudo apt install refind" and "sudo cp -r /usr/share/refind/refind/drivers_x64 /boot/efi/EFI/refind/". But system still has GRUB.

  7. I find that I miss having a "drive activity" light. It's useful for seeing that the system actually is busy doing something.

  8. Put Ventoy and KDE Neon installer on USB stick and booted from it. First boot failed in char-mode at some point after passing squashfs checks, showed ACPI errors etc. Second boot, same way, succeeded in getting into KDE Neon.

    Selected Keyboard "English (US)" and "Generic 101-key PC" and "Default".

    Default partitioning would create 16 GB swap partition, which I don't want.

    Manual partitioning:
    300 MB boot, format it, fat32, mount on /boot/efi, flags=boot.
    243897 MB root, format it, btrfs, encrypt, mount on /, flags=root.
    Warning that boot partition is not encrypted, but I chose not to.

    Install went quickly, reboot onto hard disk (prompt for LUKS password is not very nice), OS came up. Display is in 800x600 and 75 Hz mode. Lots of OS updates. Can't get out of 800x600 mode. And every 10 minutes it asks me if I want to configure my external monitor setup.

    On the positive side, keyboard works fine.

    [Later, Support said: "Upgrade your kernel to the OEM 5.6 based kernel with "sudo apt install linux-oem-20.04" That should add support for your Vega GPU." Someone else said install "linux-generic-hwe-20.04-edge".]

  9. Put Ventoy and Kubuntu 20.10 installer on USB stick and booted from it.

    Installer is running with full screen resolution, a good sign.

    Selected Keyboard "English (US)" and "English (US)".

    Partitioning: selected "Guided - entire disk and encrypted LVM". Then changed my mind, tried "Manual", couldn't figure out how to edit partitions, no option for Btrfs. Tried to go back to "Guided", and installer just kept failing. Powered off and started again.

    Partitioning: selected "Guided - entire disk and encrypted LVM". It's going to be ext4 and a small swap partition, like my old laptop. I'd rather have Btrfs and no swap partition.

    Install went okay, reboot onto hard disk, OS came up. Display is in 1920x1080 and 60 Hz mode (correct; also could check with "xrandr"). Newer kernel (5.8) than with KDE Neon (5.6, and I think the installer was running 5.4). Keyboard works okay, no funny Euro-character stuff. Still no memtest in GRUB. 976M swap partition, inside LVM volume. Fdisk and parted say everything is 512-byte sectors; I think "udevadm info -a -n /dev/nvme0n1p2" is saying same.

  10. TPM 2:

    See TPM section

  11. AMD's PSP and CCP:

    See AMD's PSP and CCP section

    My CCP is not enabled, probably need newer BIOS. Went around in circles about it with Support; they seem to think it's an SSD-only thing, but I think it's a general-purpose processor that can process any block data.

  12. Decided to turn off swap.
    "swapon --show"
    "sudo swapoff -a"
    Also had to comment out swap line in /etc/fstab.

  13. About 6 days after I got it, my new laptop had a solid-freeze just like my old laptop does. Was doing stuff in the GUI when suddenly the whole system froze, mouse wouldn't move, no reaction to special key-sequences such as Ctrl+Alt+F2. Had to power off.

    I know my old laptop has overheating and RAM problems. But this freeze seems to indicate there is an OS problem too: both systems are running Kubuntu 20.10.

  14. Belatedly did a real dead pixel test, and found stuck-black pixels in lower-left area: a single pixel, and a cluster of two (I think).

  15. Belatedly realized I ordered a Samsung SSD, but received a Gigabyte SSD.
    Contacted Support, they confirmed it, and gave me choice of switching or refunding the difference. I took refund.

  16. After a couple of months, installed Fedora 34 KDE. No problems. Later Manjaro 21 Xfce, a few small problems with display brightness control.

  17. Ran on battery for a day, just to test that. Looks like it's good for about 13-14 hours under normal use (no compiling or videos).

  18. Later saw Support telling someone that access to an "Advanced" tab in the BIOS is disabled, deliberately.

  19. Much later, found that some Linux repos (AUR) have some packages for slimbook. I haven't tried them. "pamac search slimbook"

  20. 5/2022: Found Gigabyte support site and submitted questions about motherboard and SSD. They say the motherboard is not a Gigabyte motherboard.

Switching from one distro to another

Pick a time when it won't be terrible if you're unable to use your computer for a couple of days, or unable to print or something.

Maybe have a spare working computer available, in case the new system is unusable, or you have to look up some answer on the internet.

Saving settings, for backup or in advance of a re-install:
If you're just re-installing the same distro each time, you could make a script or something to automate the process. But I'm deliberately moving to a new, often-incompatible distro and/or DE each time.

Possible configuration management tool to use: Chef ?

Make list of packages manually installed through apt:

# This includes a fair number that I did NOT install manually:
apt-mark showmanual >tmp-manually-installed.txt

# Find time of last package automatically installed in OS install:
# This file seems to be a reasonable benchmark.
# ls -l /var/lib/dpkg/info/xserver-common.list
# stat --format=%z /var/lib/dpkg/info/xserver-common.list

# Find those with times after last package automatically installed in OS install:
find /var/lib/dpkg/info -name '*.list' -newer /var/lib/dpkg/info/xserver-common.list \
    -printf '%f\n' | sed 's/.list//' | sort >tmp-after-start.txt

# Make list of packages installed after system install AND installed manually:
cat tmp-after-start.txt tmp-manually-installed.txt | sort >tmp-joined-sorted.txt
uniq --repeated tmp-joined-sorted.txt >manually-installed-after-start.txt
rm tmp-*.txt
less manually-installed-after-start.txt
# List won't be perfect, but should be pretty close.

From someone on reddit:
apt-clone will create a working list of installed apps which you can backup and then integrate into a new system. Personal configs should come with your /home backup. Get your /home backup in first, then apt-clone your programs. The configs should drop back in nicely. Not perfect, but it's a tidy way of doing things.

To see why a particular package was installed: "aptitude why PKGNAME".

For Red Hat family: "dnf history userinstalled >packagelist.txt"

For Manjaro: "pamac list --explicitly-installed >packagelist.txt"

For Arch family: "pacman --query --explicit >packagelist.txt"

[In Debian family] there doesn't seem to be a good way to get a list of just the non-standard installed applications (e.g. VS Code, Riot, VeraCrypt, etc). Most methods give you names of all packages, which includes tons of libraries, system infrastructure, standard packages and apps. Maybe a better approach is to list what's in /usr/local/bin, /opt, more ?

Then of course there are add-ons and settings and certificates inside applications: browsers, email client, VPN, editors, RSS reader. Any cron jobs or services you've added. Any themes or wallpapers you've added.

Next time I'm going to copy across dot-directories for some major apps with lots of settings: Firefox, Thunderbird, VS Code. But do a fresh install of all other apps.

When I switched from Mint 19.3 to Ubuntu GNOME 20.04 in 5/2020:
+/- I backed up and noted down everything I could: list of apps and extensions for each, settings, updated my password manager database, etc.

Then I installed Ubuntu and installed all apps fresh, and installed their extensions and settings manually. It was a lot of work, and I'd forgotten to note down my VS Code settings. I lost the "state" in my RSS feed reader, although I'd backed up the list of feeds. Maybe next time I will try copying across the ".SOMETHING" information from old system to new, at least for browser and email client and RSS reader.

When I switched from Ubuntu GNOME 20.04 to Ubuntu MATE 20.04 in 9/2020:
+/- Did a lot better. Copied across the ".SOMETHING" settings from old system to new, for half a dozen major apps such as browser and email client and RSS reader and IDE. A few glitches in my backup scripts resulted in many file timestamps being set to current time, which is going to be painful next time I do more backups.

Configs of snap apps should be under ~/snap. Configs of flatpak apps should be under ~/.var/app.


Doing a major-version upgrade

Make sure you have enough space on /boot. Maybe remove old kernels.

Copying your system to a USB drive or another PC

[From someone on reddit 1/2021:]
For legacy BIOS, not UEFI.
For a single-partition Linux system.
  1. In Timeshift, run wizard to select hard drive to store backup. For the home directories, select "Include All" for each one.

  2. Do the Timeshift backup.

  3. Plug in USB stick.

  4. Run Disks app.

  5. Select USB drive.

  6. Double-check that it is correct drive, then delete all partitions.

  7. Format drive to ext4.

  8. Start Timeshift.

  9. Select the backup you created.

  10. Click on Restore.
    1. For /, select the USB drive.
    2. For /boot, select "Keep on Root Device".
    3. For /home, select "Keep on Root Device".
    4. Click on "Bootloader Options (Advanced)" and make sure all options are selected, and the USB drive is selected (below "(Re)install GRUB2 on"), click Close.

  11. Do the Restore.

  12. After booting from destination drive, check entries in /etc/fstab, may need to change UUID.

Make a complete live ISO image of the current system:
AntiX ISO Snapshot tool.
MX Snapshot tool. article
PCLinuxOS's mylivecd.
Could do image backup with Clonezilla or Rescuezilla, if destination disk is same size or larger.
Karim Buzdar's "How to Create an ISO from Current Installation in Ubuntu" (someone said only "systemback" still is supported)

Tiny systems

There are two classes:
  • Microcomputer (usually capable of running Linux):

    Raspberry Pi, Beagleboard, Odroid, Asus Tinkerboard, RockPI, more.

  • Microcontroller (usually can't run Linux):

    Arduino, ESP32 compatible stuff,, Sparkfun's Thing, Teensy, more.