Installing a Desktop System



[My system has a Legacy BIOS.
In 8/2018 I installed Linux Mint 19.0 Cinnamon.
In 4/2020 I changed to Ubuntu GNOME 20.04.
In 9/2020 I changed to Ubuntu MATE 20.04.
In 11/2020 I changed to Kubuntu 20.10.
In 2/2021 I changed to a UEFI system running Kubuntu 20.10.
In 4/2021 I changed to Fedora 34 KDE.
In 10/2021 I changed to Manjaro 21 Xfce.
So the following is a mix of those situations.]



Things to know or decide first:

+/-
  • What kind of processor does your computer have ? Some distributions have different ISO files for different processor families (architectures).

    On Windows, go to desktop, right-click on "My PC", click on "Properties". Look at "Processor" field, and also note whether "System type" is 32-bit or 64-bit.

  • Does your computer have UEFI or "Legacy" BIOS ?
    For partition table: UEFI uses GPT, Legacy BIOS uses MBR.

    On Windows, do Windows-R, run "Msinfo32", look for "BIOS Mode" field.

  • How much free disk space do you have (assuming Windows installed already) ?

    You'll probably need at least 100 GB free if you want to dual-boot Windows and Linux.

    In Windows Explorer, find your main disk, right-click on it, click on "Properties".

  • Do you want to dual-boot Linux and Windows, or boot just Linux ?
    +/-
    I strongly recommend against dual-booting. Use one OS or the other. Or get a second PC, and have one OS on each. [I think the common misspelling "duel boot" has some truth to it.] Or put a second disk into your machine, and keep one OS on each disk.

    If you want to dual-boot, first you'll have to shrink the Windows partition to make room for Linux partition(s). Don't shrink the Windows partition so far that it has no free space left in it.

    If you're dual-booting, install Windows first. And whenever using or installing/upgrading Windows, disconnect the Linux disk if possible.

    Apparently, at least with Ubuntu 19.10: if you choose ZFS filesystem format instead of ext4, you can't dual-boot on same disk, ZFS needs to manage the whole disk. Choose ext4 unless you're feeling very adventurous.

    Andre Da Costa's "How to Dual Boot Windows 10 and Linux"
    Easy Linux tips project's "Windows 10: how to prepare it for dual boot with Ubuntu or Linux Mint"
    Easy Linux tips project's "How to create a dual boot when preserving Windows seems impossible"
    Chris Xiao's "#SwitchToLinux: How to Dual-boot"
    Arch Wiki's "Dual boot with Windows"
    Christian Cawley's "Windows Update Deleted Linux! What to Do and How to Prevent It"


  • Do you want to keep Linux system ("/") and /home in same partition or separate partitions ?
    +/-

    Two cases: static filesystem, or filesystem with sub-volumes:

    +/-
    • Using old static filesystems (such as ext4), each mount-point corresponds to a filesystem, which occupies a whole static-sized partition. So you have to decide up-front how big each will be.

      E.g.
      part 3 is 40 GB == root part == ext4 FS == mounts on /,
      part 4 is 210 GB == home part == ext4 FS == mounts on /home.

      So, if root ever grows to 40 GB, you're stuck, that's the limit.

    • Using new filesystems with sub-volumes (such as Btrfs and I think ZFS), each mount-point can correspond to a sub-volume of a filesystem, and the filesystem occupies a whole static-sized partition. You have to decide up-front how big the filesystem will be, but the multiple sub-volumes in it share the total space.

      E.g.
      part 3 is 250 GB == main part == Btrfs FS, and:
      subvolume @ mounts on /,
      sub-volume @home mounts on /home,
      sub-volume @snapshots mounts on /.snapshots.

      So, you're fine until total of root plus home plus snapshots grows to 250 GB. Root could grow to 100 GB as long as the others add up to 150 GB or less.



    If you choose to use static filesystems (such as ext4):

    +/-
    I strongly recommend a single partition for / and /home. That way you don't have to guess the right sizes, and you'll never run out of space on one partition while having plenty of extra space on the other.

    If instead you used separate partitions, later you could zap the / partition and install a new distro without affecting your /home files. But it's better to just copy the home directory files, install distro, and then restore home files into new system, so having separate partitions isn't much of an advantage.

    From Easy Linux tips project's "39 Frequently Asked Questions about Linux Mint: PART 2":
    +/-
    I advise against a separate home partition: it only makes things more complicated, while offering no extra safety at all.

    You always want an external backup of your documents, on an external device. A separate home partition is still part of the very same hard drive that all the other partitions are on. And they all die when the hard drive dies ...

    Plus you'll want to erase most of the old application settings anyway, before upgrading or re-installing. Because some of them may cause malfunctions in the new Mint version.

    The settings that you do want to keep, can easily be copied to an external device and then transferred back into a new installation.

    Furthermore, a separate home partition means a non-optimal allocation of disk space, sometimes causing space shortage on either the root partition or the home partition. This is of course especially problematic on small hard disks.

    Other people agree: separate partitions mean you're trying to guess the right sizes (so you don't exhaust one while having lots of free space on the other), and when re-installing it's probably best to blast all of home directory settings anyway (a lot of junk builds up in there).

    For Legacy BIOS system using MBR, reasonable sizes might be 200 MB for boot, size of RAM for swap, 25-30 GB for root, rest of disk for /home. If you're going to use a swap file instead of a swap partition, add another 1.5x the size of RAM to the size of root. If you're going to install huge applications, add more to root (for example, Docker version of OpenVAS takes about 6 GB).
    Archlinux's "Partitioning"



  • Given the decisions in the last two items, sketch out list of partitions and how big each one will be.
    +/-
    My info (after shrinking Windows main by 140 GB) would look like:
    PartitionSizeFree
    OEM0.1 GB0.1 GB
    boot0.2 GB
    swap4 GB
    root40 GB
    /home95 GB
    Windows main143 GB19 GB
    Windows Recovery14.65 GB6.38 GB

    My system, an MBR system (Legacy BIOS), can have only 4 primary partitions on a disk. But the Linux partitions are logical partitions, not primary partitions. And the bootloader maybe is not counted as a primary partition ?

    I could delete the OEM partition:
    AOMEI's "Simple Steps to Delete Dell OEM Partition Safely in Windows 7/8/10"
    EaseUS's "Free Delete OEM Partition in Windows 10/8/7/XP/Vista"

    I could have no Linux swap partition.
    Gary Newell's "Do You Need A Swap Partition?"
    Hayden James' "Linux Performance: Why You Should Almost Always Add Swap Space"
    Aaron Kili's "How To Create a Linux Swap File"
    Ryan Sechrest's "System running out of memory: create a swap file"
    [After I got a new laptop with 16 GB RAM and an SSD, I changed to using no swap.]

    I could make a Windows Recovery USB, and delete the Windows Recovery partition
    Josh Norem's "How to create a Windows 10 recovery USB drive"
    Gary Newell's "How to Delete a Windows Recovery Partition"

    So my info (after shrinking Windows main by 140 GB) would look like:
    PartitionSizeFree
    boot0.2 GB
    Linux /139 GB
    Windows main143 GB19 GB
    Windows Recovery14.65 GB6.38 GB

    From people on reddit:
    You can use an extended partition table to get around the MBR 4-partition limit. See AskUbuntu's "What does the term 'Extended Partition' mean? Is it safe to use this type of partition?".

    You can use a swap file instead of a swap partition in any case (though technically not required at all). Also keep in mind re-installation will be much easier if /home is separate.

    ...

    Within windows reduce your windows partition and create an extended partition using all of your free space. Then in that extended partition you can put / (root) and /home.

    Whether you have one single mint partition or you split your root and home is up to you, personally i prefer separate root and home, makes reinstalling, or recovering from chaos much easier. There's also the question of whether you want a data partition to share with windows.

    So potentially you could have up to three partitions inside that extended one.

    ...

    [I asked how to do it:]
    > So I don't have to do anything to create an extended
    > partition, I can just create a bunch of logical partitions ?

    Yes, basically if it allows you to do it, you're fine.
    Someone else says: "Legacy BIOS limited to 4 Primary partitions. One of the primaries can be an extended partition containing numerous logical partitions or as many as your disk can hold."
    But in my experience, most of this planning goes out the window when you get into the Linux installer. Unless you do full-custom partitioning, the installer will make choices without asking you.

  • Do you want to encrypt your whole Linux system disk (all Linux partitions), just /home, or both, or neither ?
    +/-
    Red Hat's "Encryption"
    Archlinux's "Data-at-rest encryption"
    cryptsetup FAQ
    Consensus seems to be that encryption imposes little performance penalty.

    +/-
    My opinion: Encrypt the whole (Linux) disk, because:

    • It is very easy for someone with physical access to your system or disk to change the passwords, by booting into Recovery or into a Live session, unless you have the whole disk encrypted.

    • Some of your private info may be outside of /home, in /swap, in system TMP files, in application local data, in system config files.

    • It defends against the (unlikely) possibility of someone physically grabbing your disk and installing a keylogger or something in the system.


    I wrote this up and got it confirmed by people online:
    +/-
    I want to dual-boot Linux and Windows, on my machine with Legacy BIOS. Machine already has Windows 10 installed on it.

    I'll have Linux partitions for boot, swap, root, and /home. And the main Windows partition, and the Windows recovery partition.

    • When I install Linux, installer creates boot partition and puts GRUB in it. Windows bootloader is in start of main Windows partition. At system boot time, the BIOS and MBR handle choosing between booting Linux or booting Windows, just by selecting which partition to load bootloader from.

    • When I install Linux, and choose "encrypt the whole disk", it encrypts the swap, root, and /home partitions. But not boot or the two Windows partitions.

    • The swap, root, and /home partitions each get encrypted separately, but with same password. Each has their own LUKS header, so if one gets corrupted, the others are not affected.

    • When I boot into Linux, I give the password once, and it gets applied to all three partitions (swap, root, and /home).

    From /u/suorce on reddit:
    You can use the BIOS to manually select to boot into the Linux or Windows OS, but usually your Linux bootloader will be able to find all the bootable OSes in the system. So just [set the BIOS to] boot into your Linux bootloader [by default], which can provide both the Linux and Windows options. You can set a timeout for that choice with a default OS set. The Windows bootloader will not offer you the choice to boot into your Linux partition.

    From someone on reddit:
    [First they said a dual-boot system can't have "full disk" encryption on Linux. I pushed back on that, saying the installers seem to allow it, lots of articles talk about it. And got this response:]

    With FDE, the installer creates an unencrypted boot partition and another encrypted partition to serve as a container for the rest of the system partitions. Since it is possible to encrypt individual partitions without erasing the disk, it is only a limitation of the installer if this configuration isn't possible during normal installation.
    Some corrections: Apparently in Mint 19 what gets encrypted is not the whole /home partition, but the user's home directory tree, such as /home/user1 and everything under it. And if you want "hibernate" to work, you need either a swap file or a swap partition, probably at least as big as RAM. In Ubuntu 20, different.

    In my experience, most of this planning goes out the window when you get into the Linux installer. Generally you'll get a one-button "encrypt or not" choice. Choose Yes.

  • Which Linux distribution ?

  • Do you want 32-bit version or 64-bit version ?

    64-bit for any modern system.
    If you have UEFI, you must use 64-bit ?

  • Do you want latest official/stable release, latest official/rolling/unstable release, or some unofficial release ? Is there an LTS (Long Term Support) release that is different from latest official release ?

  • You want a binary-only distribution, not source-only or binary-plus-source.

  • Which Desktop Environment do you want ?

  • What Linux filesystem format do you want ? Usually ext4.

  • What computer name and login username do you want to set ?

    Usually best to pick generic names such as "laptop1" and "user1" to avoid giving away information on networks or in bug reports. Best to use only lowercase characters and numbers ?

  • This transition is a good time to straighten out any problems in the way you organize your personal files. What directory-tree structure do you want under your home directory ?

    My structure (I'm not entirely happy with it):
    /home/user1		# home dir
    	campics			# transient photos from phone camera
    	Desktop			# created by OS
    	Documents		# created by OS; I don't use it
    	mywifesname		# data/pics about wife's family and her stuff
    	Downloads		# created by OS
    	Music			# created by OS
    	myinfo			# data scripts container etc to back up to cloud
    	myinfo.nocloudbackup	# sensitive stuff local-only, including pw mgr db
    	myweb			# my main web site
    	myweb2			# family tree stuff, used to be on web
    	pages			# transient docs and saved web pages to read
    	Pictures		# created by OS; transient photos to go elsewhere
    	projects		# programming/development projects
    	Public			# created by OS or Apache ?  I don't use it
    	reference		# eBooks, maps, desktop backgrounds, test viruses
    	snap			# created by OS
    	Templates		# created by OS
    	toread			# eBooks
    	Videos			# created by OS; videos, and audio podcasts
    	[dot-files]		# .profile, .config, .local, .mozilla, etc
    IDOCS		# mount of LUKS2 container that lives in MyInfo
    	config			# configs and credentials
    	Legal
    	medical
    	myweb			# configs and credentials
    	travel			# sensitive info about my life in Spain, mainly
    	ustaxes
    XNEW		# mount of LUKS2 container in MyInfo.NoCloudBackup
    BLACK/BLUE/ORANGE	# mounts of LUKS2-encrypted external backup disks
    # Note: IDOCS is mounted most of the time, others only when needed.
    
    A good rule of thumb: one page (about 20) of items in each folder, so you don't have to scroll, if the items mainly are folders.

    For use with CLI, best to avoid spaces, and use lowercase, in file/dir names.

Gary Newell's "15 Things Windows Users Need To Know Before Installing Linux"



Linux Installer idea:
+/-
I'd like to see a better installer for Linux, especially for users migrating from an existing system to Linux. The current installation process is confusing and complicated and the user sometimes is surprised at the results.

There should be a two-part installer, where the first stage is a Windows/Mac/Linux program run on the old system, as a planner:
  1. Analyzes your existing PC and Windows/Mac/Linux setup, determines things such as UEFI vs BIOS, Secure Boot, SATA mode, 32-bit versus 64-bit, what disks you have (spinning, SSD, etc), what your partitions and existing OS's are, what the graphics and network interfaces are, how much RAM you have, etc.

  2. Interviews user to find out what they do with their computer and what they want to do under Linux, what hardware they attach, do they use Bluetooth and Wi-Fi etc.

  3. Records some basic system settings such as: what keyboard language is being used, system language, system time-zone, etc.

  4. Maybe offers to save a list of existing installed applications and drivers, so user can re-install them or install alternatives once they get into the new installation. Catches any problems where an exact replacement just does not exist, or a manufacturer just does not support Linux.

    Maybe go through list of applications in Windows and Linux, giving user opportunity to select Linux apps to be installed or not. Encourage use of backup, encryption and AV software.

  5. Interviews user to find out do they want encryption, dual-boot or single-boot or multi-boot, partition sizes, swap partition/file/none, separate / and /home partitions or just everything in / partition, etc.

    Really drills down on WHY do they want dual-boot: could they run a Windows VM or emulator under Linux instead ?

    Do they want a password on GRUB ? Tell them how many passwords they'll have to type to boot and log in, and what each one is protecting against.

  6. Warns about any potential problems such as unsupported language/keyboard, too little disk space, too little RAM.

  7. Shows a diagram of how the partitions will look, what types of encryption will be applied to each, whether whole disk will be encrypted, says how many passwords the user will have to type at boot time.

  8. Decides what drivers and settings must be used in Linux, for graphics and network etc.

  9. Reminds user to do backups, including backups of unusual items such as browser configuration.

  10. Suggests that user delete all cookies and then try using their usual web sites, to make sure they have all the login info saved somewhere.

  11. Suggests that user check if a BIOS update is available for their machine.

  12. Suggests that user run BIOS diagnostics on RAM and disk (good practice).

  13. Reports any BIOS settings user must change (Secure Boot, SATA mode, etc) before installing.

  14. Reports or performs any OS settings user must change (such as Windows "Fast Startup" setting in dual-boot situation) before installing.

  15. Records install-time useful info such as name/password for Wi-Fi.

  16. Downloads appropriate Linux ISO and helps write it to install medium (maybe offering buttons to launch Rufus, Etcher, dd, Disks, UNetbootin, etc), and creates an installer-directive file on the install medium.

  17. Suggests that user be on AC power and wired connection to internet during the install process.

Then user boots from the install medium, and the second-stage Linux installer (pretty similar to today's installer) runs:
  1. Reads the installer-directive file.

  2. Checks that directives file matches the hardware.

  3. Then does the install.

  4. User can override some choices during the install, but not too many (better that they re-run the first-stage program if they're going to mess with partitioning or something).



Relevant:
Wikipedia's "Preseed"
Debian's "Appendix B. Automating the installation using preseeding"
sedlav's "Unattended Debian installation"
Ubuntu's "Appendix B. Automating the installation using preseeding"
I see a bunch of users saying preseed doesn't work on Mint 18 and later.
Fedora Wiki's "Anaconda"
YaST and openSUSE's "AutoYaST Guide"
FOG Project (uses a server and does PXEboot boot over network)
GitHub topic "preseed"
Microsoft's "Windows Setup Automation Overview"
HashiCorp's Vagrant and Packer
Dedoimedo's "WUBI - Windows Ubuntu Installer"

In this, I see little support for a single user on single machine wanting to plan and execute a major change on that machine. There are server solutions, or solutions for using one machine to automate installation on another N machines, or hooks to use a text file to drive an installer. But no wizard to help plan the changes and create that text file.


Some app design details:
  • App has to be desktop, not a web site, and has to be portable.

  • Produce/edit/compare/print a JSON that represents the hardware and software of a system (existing or desired final system).

  • Display/print a set of instructions to change system from one state to another. Some instructions may be manual steps for user to do, others may be directives to an installer.


Started building it: OS-Installation-Planner but got stuck, mostly around questions of disk naming and partitioning.




Things to do before installing:

+/-
  1. Make a list of all the apps and extensions you use, so you can install same or equivalents later.

  2. Make sure your password manager is updated with all the login info you need.

  3. Do backups !

    And back up or note down things you usually don't back up, such as browser bookmarks, settings of "trained" browser add-ons (such as uBlock Origin, uMatrix, Privacy Badger, CanvasBlocker), contents of Downloads and other temp folders, digital certificates installed in browsers, PGP keys, settings of big apps such as source-code editors and email clients, VPN and firewall settings, etc.

    In Windows, note monitor sizes and resolutions and refresh rates.

  4. Record your Windows product ID.

  5. Maybe make a Windows restore/recovery disk.

  6. Is there anything on your current system that you can't lose ? Try clearing all cookies and then see if you still can log in to key accounts. If there's some problem or dependency, best to find it out before changing OS.

  7. Get distribution's ISO.
    If you wish, you can verify the image:
    Linux Mint Installation Guide's "Verify your ISO image"

  8. Get a writable CD or a flash drive (minimum 8 GB).

  9. Copy distribution's ISO onto a bootable CD or bootable flash drive.
    Universal USB Installer
    Etcher
    Rufus
    Create a bootable USB with N different ISOs on it: Ventoy (attach USB stick, umount USB, sudo sh Ventoy2Disk.sh -i /dev/sdX, sync, remove USB, attach USB, copy ISO to USB, remove USB, boot from USB)

  10. If your disk is small, or you plan to dual-boot, be aware that probably you need at least 20 GB of disk space for the Linux OS, plus more for your personal files.

  11. Boot into BIOS and make sure booting from USB and/or CD is allowed.

  12. Boot into BIOS and note what graphics and network hardware you have.

  13. Maybe a good time to boot into BIOS and do a low-level disk diagnostic.

  14. Maybe boot into Windows and turn off "Fast Startup" in Control Panel / Hardware and Sound / Power Options / System Settings. This will make Windows do a complete shutdown when you choose "Start / Shutdown". Not sure what would happen if you hibernated Windows, changed partition table in Linux, then booted the hibernated Windows image.

  15. A good time to update firmware/BIOS, if an update is available.




Installing:

+/-
  1. Remove or unplug any extra disks you don't want anything to touch.

  2. Best to have internet connection available while the installer is running. Definitely use wired ethernet if you have a choice between that and Wi-Fi. Have your Wi-Fi login information written down on paper.

  3. If a laptop, best to have AC power connected, and 100% charged battery, while the installer is running.

  4. If needed, boot into Windows and delete the OEM partition and/or Windows Recovery partition.

  5. If needed, boot into Windows and shrink the main Windows partition.
    +/-
    I think it's safer to do it in Windows rather than do it later in the Linux installer.

    You have done a backup already, right ?

    Don't shrink the Windows partition so far that it has no free space left in it.

    From /u/ss-stamper on reddit:
    1. Remove paging file on the drive in question through the System > Advanced area.
      [In Windows 10: Control Panel > Advanced System Settings > Performance > Settings > Advanced > Virtual Memory. Set to "no paging file".]
    2. Disable boot / error logging to the volume in question.
      [How to do this ?]
    3. Run defrag (such as Auslogics Disk Defrag).
      [Or Microsoft's "Defragment your Windows 10 PC"]
    4. Open up Disk Manager > right click volume > shrink.
    After you finish shrinking, reboot into Windows, make sure everything is okay. And check that you have unallocated space on disk of the size expected: open up Disk Manager.

    After you finish shrinking, I think turn on the paging file again ?

    Tim Fisher's "How to Open Disk Management"
    Microsoft's "Overview of Disk Management"


  6. Attach bootable USB device.

  7. Boot into BIOS, or to boot-device-selection menu, or straight onto USB device.

  8. Boot from that device. Now you're running Live session of Linux.

    If booting failed, maybe: you are trying to boot a UEFI image in a legacy-BIOS system, or vice-versa, or booting a 32-bit image in a 64-bit system, or vice-versa, or booting an ARM image in an AMD/Intel system, or vice-versa, or Secure Boot needs to be turned off, or "nomodeset" is wrong, or your USB-stick is bad, or the stick didn't get written properly ? If you have NVIDIA graphics, try a "safe mode" to boot in ?

  9. Connect to internet.

    [Depending on release version, you might be able to connect later, in the Linux installer, too. But might as well do it here.]

  10. Double-click "Install" icon to run installer.

  11. Choose language, keyboard type, location, date/time. Set user name and computer name. Not sure exactly where in the process these occurred.

  12. Depending on distro, you might get options to "Install third party software" and "do update while installing". Choose both of those.

  13. Installation Type.

    [Note about setting passwords: I want to end up with a good/long encryption password, and a bad/short user account password (because I'm going to type it 50 times/day into sudo). Sometimes while installing it's unclear which password you're setting, or how many places it will be used. When in doubt, set as the good/long password. You can always go in later and change the user account password to the bad/short value.]

    For Mint 19.0, I had:
    +/-
    Choice here, one of these two:

    • Choose "Install Linux Mint alongside Windows Boot Manager".

      I think this is a bad choice because partitioning and maybe resizing Windows partition will happen automatically.

      Can you also choose "Encrypt the new Linux Mint installation" ? Yes.

      If only one partition slot is empty on an MBR system (3 used out of 4), will installer be smart enough to have no swap partition ?

    • Choose "Something else" (create or resize partitions yourself).

      Can you also choose "Encrypt the new Linux Mint installation" ?
      Dell install instructions for Ubuntu say no, encryption available only if you choose automatic partitioning.

      Create root (logical, use as "ext4", "/" mount point),
      swap (logical, use as "swap"),
      and /home (logical, use as "ext4", "/home" mount point) partitions.
      Boot gets created automatically, or uses existing boot partition ?

      Set "Device for bootloader installation" to the device with the "type" set to "EFI".
      [True whether you have Legacy BIOS or UEFI ?]
      [Will this overwrite the Windows bootloader and put GRUB in there, even on an MBR system ? Or maybe Windows bootloader is in first blocks of Windows main partition, doesn't get overwritten.]

      If you don't create a partition for swap, you'll get a warning message, but just click "Continue without swap space".

    For Ubuntu GNOME 20.04:
    +/-
    I had two main choices: dual-boot or overwrite Windows.
    Then secondary choices:
    Click Advanced button, or not. Inside there, choose LVM encryption, or ZFS filesystem.
    Choose "custom partitioning tool" or not.

    I had various errors and false starts, but eventually I did "overwrite Windows, and LUKS encryption, no custom partitioning". It failed, and said something like "couldn't tell kernel about new partitioning, you should restart".

    Shut down, and you may have to power off hard.

    I booted and started the installer again, and this time it showed Windows and an existing Ubuntu system (which I think was vestigial, just a partition) on disk. I think I had four main choices: dual-boot, or overwrite Windows, or add new Ubuntu to existing Windows and Ubuntu systems (triple-boot), or overwrite existing Windows and Ubuntu systems and use whole disk.

    I chose "overwrite Windows and Ubuntu, use whole disk, LUKS encryption, no custom partitioning". And this time it worked.


  14. If GRUB install fails, go to BIOS and make sure secure boot is disabled, fast boot is disabled, you have OS image that matches your firmware type (e.g. both are EFI). Sometimes the installer will try to install GRUB on a too-small or inappropriate partition, and you have to do something manual. Maybe see this1 or this2 for ideas.

  15. When done, follow instructions: usually remove USB stick, shut down, power on.

  16. System should boot from hard disk, asking for various passwords (BIOS, disk, user) along the way.

Linux Mint Installation Guide's "Install Linux Mint"
Easy Linux tips project's "How to install Linux Mint 19.1 alongside Windows"
Dell's "How to Install Ubuntu Linux on your Dell PC"
Gary Newell's "How To Dual Boot Windows 8.1, Windows 10 And Linux Mint 18"
Tecmint's "How to Install Ubuntu 16.10/16.04 Alongside With Windows 10 or 8 in Dual-Boot"
Abhishek Prakash's "How To Install Ubuntu Along With Windows"
Jay LaCroix's "How to dual-boot Linux and Windows"

Easy Linux tips project's "Solutions for 27 bugs in Linux Mint 19.1"



8/2018, my experience installing Mint 19.0:

+/-
  1. Using Dell Inspiron N5010 laptop running Windows 10, with wired Ethernet, legacy BIOS, 3 GB RAM, 320 GB disk.

  2. Decided to wipe Windows completely and install only Linux Mint Tara Cinnamon 64-bit.

  3. Decided to allocate 35 GB to OS partition, use a swap file, and give rest of disk to /home.

  4. Decided to encrypt all partitions where it's supported (OS and /home, I think).

  5. Did backups to two external disk drives. Careful to back up things I don't usually include in the backups, such as my Dropbox files and browser bookmarks and downloaded files in temp folders.

  6. Can't find anywhere that shows what version of firmware is installed on the laptop. Obtained EXE for version A11. Ran the EXE, it says I have A10 and it will install A11. Started the installation, mouse stopped working, dialog shows progress. Then a Windows dialog saying "battery is low, plug into AC" popped up right across everything, covering the progress dialog, mostly. But I'm already plugged into AC power. Firmware installation finished, was able to close the battery dialog, clicked Restart, machine restarted okay through new firmware, into Windows.

  7. Took one last look for anything not backed up, then shut down Windows. Plugged in Linux Mint USB, powered on, hit F12 a bunch of times to get Boot Options, gave boot password, booted into Linux Mint USB.


  8. Double-clicked "Install Linux Mint" icon. Installer came up. Chose keyboard type.

  9. Next Window asked if I want to install custom/proprietary drivers for my hardware. Clicked "Yes", and it took almost 10 minutes.

  10. Somewhere in here, I had to set computer name, user name, password.

  11. Next Window asked about partitioning. At first I selected the three settings for "automatic, encrypt everything, use LVM". But after clicking "Continue", I realized that wouldn't give me /home and root in separate partitions. So backed up, clicked "Customize", and wrestled with partitioning. Not clear: I see some "mapper" partitions and then some "/dev/sdN" partitions, and most of the buttons/controls don't work on most of them. Probably should have read the install instructions, if there are any. Finally managed to create the partitions I want as "/dev/sdN" partitions: 1 GB for /boot, 36 GB for /, rest (about 280 GB) for /home. But then I got some dialogs popping up saying "restart now before continuing the install", so I restarted.

  12. Back into installer, this time "install custom/proprietary drivers for my hardware" went very quickly, into custom partitioning again. The mapper partitions have disappeared, but had to set "/dev/sdN" partitions again: 1 GB ext4 for /boot, 36 GB ext4 for /, rest (about 280 GB) ext4 for /home. Set check-box to format each of them. Clicked "Continue", got a dialog showing the partitions, and I checked "encrypt /home". clicked "Continue", install started. Took 10-15 minutes, I think. Restart at end.

  13. Removed USB drive, and system booted up into Linux Mint from hard disk. Success ! Disk partition sizes in File Explorer look right. I suspect only /home is encrypted, and LVM is not being used.


4/2020, installing Ubuntu GNOME 20.04, just as confusing:

+/-
  1. I have been running Mint 19.3, but want to change to Ubuntu 20.04. Laptop is a cheapo Dell Inspiron circa 2011, legacy BIOS, hard disk.
  2. Did loads of backups, everything I could think of. Still missed a few items, such as global settings in VSCode. I want to install all apps fresh, not copy my old home directory across.
  3. Booted FreeDOS and updated BIOS, no problems.
  4. Booted and installed Windows 10 to test my bluetooth hardware (which didn't work under Mint). It doesn't work under Win10 either, so the problem must be hardware. And installing Win10 is really nasty, Microsoft tries to get you to create or link to all kinds of cloud accounts.

  5. Booted USB stick with Ubuntu 20.04 image on it, no problems. Ran installer.
  6. Install choices seem to be "install Ubuntu alongside Windows" or "have Ubuntu use the whole disk, wipe out Windows". I want the latter, simple. I want one partition for everything (no swap partition, no /home partition).
  7. Kept getting "want to unmount /dev/sdb [the USB stick I booted from] ?". Neither yes nor no would make it stop asking.
  8. No choice or indication, under Advanced or anywhere else, of swap-partition vs swap-file vs no-swap.
  9. Under Advanced, choice to use LVM and encrypt whole disk, but no choice to just encrypt each home directory.
  10. Tried to install with LVM and encryption, got "An error occurred while confguring encrypted volumes. The configuration has been aborted".
  11. Went back and forth several times, tried "advanced partitioning tool", tried install, got "you haven't defined a boot partition".
  12. Got some partitioning to start, then a message "Error informing the kernel about modifications to partition /dev/sda5 - device or resource busy. This means you shouldn't mount it or use it in any way before rebooting". But no quit or restart button. I kept going, bad idea.
  13. Soon something (probably partitioner) crashed. Installer said "want to report the problem ?", and then started this standard UbuntuOne bug-reporting web page that required email and logging in etc. Who's going to have access to that info in the middle of installing ?
  14. Tried to shut down the system and it hung after failing to unmount a few things. Powered off.
  15. Booted again, and this time the installer is seeing an Ubuntu system already on the hard disk, and giving more choices (4 choices instead of the original 2 choices). Selecting "overwrite that Ubuntu system" worked.

  16. Running the new system from hard disk:
    "swapon --show" and "inxi -P" both say "swap /dev/dm-2 partition, size 976M, used 0B".
    There is no /swapfile.
    "lsblk -f" says /dev/sda6 is type "crypto_LUKS" and two levels inside that there is a "vgubuntu-swap_1" which has fstype "swap".



After installing and booting into Linux:

+/- Star Wars emperor let the Linux flow through you

[Following instructions assume Debian's "apt" package manager, but syntax is similar/same for Red Hat's "dnf". Exception: "apt show" == "dnf info".]

  1. Login as the username you picked.


  2. Adjust touchpad (I always turn off "tap to click" and "middle click to paste").

    See Touchpad section


  3. Special software for advanced features of the mouse ?

    See Mouse section


  4. If you're dual-booting and/or going to access the Windows filesystem from Linux, fix the clock.

    Do "timedatectl set-local-rtc 1".
    Or edit /etc/default/rcS and set "UTC=no".

    Mike Beach's "Windows, Linux dual-boot system time issues"


  5. If calendar / date format is wrong (often set to match location, not system language):

    "localectl status"
    "timedatectl"

    Some systems (Manjaro) don't run NTP by default.
    +/-
    There are two ways to run it: ntpd or systemd-timesyncd.

    
    # Check the status of both:
    
    systemctl status ntpd.service
    systemctl status systemd-timesyncd.service
    
    # You could disable ntpd.service and enable systemd-timesyncd.service:
    
    systemctl disable ntpd.service
    systemctl stop ntpd.service
    systemctl start systemd-timesyncd.service
    systemctl enable systemd-timesyncd.service
    systemctl status systemd-timesyncd.service
    timedatectl
    

    https://feeding.cloud.geek.nz/posts/time-synchronization-with-ntp-and-systemd/

    Look for some settings like Language / Regional or Locale.
    Or in dconf-editor, try "com.canonical.indicator.datetime.time-format", for time in system tray in Ubuntu MATE 20.04 at least.
    Some applications (Caja, calendars) contain their own settings for date/time format.


  6. Connect to internet.


  7. Set repositories.

    On Mint 19, I didn't do this, seems to be no need.
    Months later, I ran the Software Sources application and added the Firejail PPA, "ppa:deki/firejail", so I'd have the latest Firejail.

    Ubuntu's "Repositories/Ubuntu"
    Abhishek Prakash's "Things to do After Installing Ubuntu 18.04" (item 2)

    Ubuntu 20.04:
    In "Software & Updates" application, I turned on every repo except the source-code repos.
    How to add Debian repo: Ask Ubuntu's "How to remove snap completely without losing the Chromium browser?"

    On Arch, enable AUR.

    On Manjaro, enable AUR: run "Add/Remove Software", click on three-dots icon in upper-right, click on "Preferences", go to "Third Party" tab.

    On Manjaro, you could change to "Unstable" branch: Manjaro Wiki's "Switching Branches". Supposedly if you want to use things from AUR, they'd be more compatible with Unstable branch. "cat /etc/pacman.d/mirrorlist" to see what branch you're on. I stayed on Stable branch.

    On Fedora:
    +/-
    Edit /etc/dnf/dnf.conf to set:
    
    max_parallel_downloads=20
    fastest_mirror=true
    install_weak_deps=true
    deltarpm=true
    

    Install RPMFusion free and non-free repositories (instructions), reboot, then
    
    sudo dnf groupupdate sound-and-video
    sudo dnf install -y libdvdcss	# FAILED
    sudo dnf install -y gstreamer1-plugins-{bad-\*,good-\*,ugly-\*,base} gstreamer1-libav --exclude=gstreamer1-plugins-bad-free-devel ffmpeg gstreamer-ffmpeg
    sudo dnf install -y lame\* --exclude=lame-devel
    sudo dnf group upgrade --with-optional Multimedia
    sudo dnf config-manager --set-enabled fedora-cisco-openh264
    sudo dnf install -y gstreamer1-plugin-openh264 mozilla-openh264
    # Then in Firefox, enable OpenH264 plugin from Cisco.
    

    As needed for specific apps or projects, enable the copr repository for each.
    "sudo dnf copr enable OWNER/REPO" and then "sudo dnf install APPNAME"
    So a copr repository is like an Ubuntu PPA.

    There also is RPM Sphere but I haven't tried anything from it.



  8. Check what graphics hardware you have and what driver you're using ("inxi -G", "lspci | grep -i vga", "sudo dmesg | grep amdgpu").
    Lubos Rendek's "Install the Latest Nvidia Linux Driver"


  9. Update drivers ?

    If system seems to be running okay, I would not do this. You could cause trouble.

    On Mint, open Driver Manager, looked for "recommended" drivers.

    Note: UEFI "Secure Boot" can affect what drivers are used. If your system booted with SB on, but you have some graphics or Wi-Fi problems, maybe try turning off SB and updating drivers.

    Linux Mint Installation Guide's "Hardware drivers"


  10. Figure out if installer did what you wanted:
    +/-
    • Booting in UEFI or BIOS mode ?

      If UEFI, /sys/firmware/efi/efivars or (old) /sys/firmware/efi/vars exists and has files in it.

    • Secure Boot enabled ?

      
      sudo mokutil --sb-state
      sudo mokutil --list-enrolled
      dnf list --installed | grep shim
      for mod in `lsmod | cut -d' ' -f1`; do modinfo "$mod" | grep 'signer'; done
      


    • Are / and /home separate partitions, or do you have a / partition and /home is a directory in the / partition ?

      "sudo df -khT | grep /home" will show a /home partition (volume) if it exists. If it's on a real device, you have separate partitions. If it's Btrfs on a map device, it's on a Btrfs sub-volume. "df" will show both / and /home on same map device.

    • What got encrypted ? Check order and number of passwords you have to give when you boot:

      • If you don't have to type a BIOS password, then there is no password set in your BIOS. You probably should change that. Following steps assume you have a BIOS password.

      • If you have to type BIOS password, then another password before you see anything about Linux, you probably have hardware (in disk controller) or software (ZFS ?) full-disk encryption. Following steps assume you don't have this.

      • If you have to type BIOS password, maybe see GRUB menu, see prompt "Please unlock disk sdaN_crypt" with "Ubuntu" below it, then type disk password, see Linux user name, then type Linux user password, you have full-Linux-extended-partition (LVM) encryption.

        The boot partitions will be unencrypted ("sudo df -khT | grep boot" shows that).

        There is an LVM encrypted volume group (in "/dev/sda6" or "/dev/nvme0n1p3" on my systems), and your root, swap and other volumes/filesystems are inside that encrypted volume group ("lsblk -f /dev/sda" or "lsblk -f /dev/nvme0n1" shows that).

        This will use dm-crypt ("device mapper") to make mapped devices ("sudo df -khT | egrep '/dm|/mapper'" shows that). The encryption framework/header usually will be LUKS ("sudo cat /etc/crypttab" shows that), but also could be other (plain dm-crypt, loop-AES, TrueCrypt/VeraCrypt, BitLocker). To see if "luks" in there means LUKS1 or LUKS2, do "sudo cryptsetup luksDump /dev/sda6 | grep 'Version:'" or "sudo cryptsetup luksDump /dev/nvme0n1p3 | grep 'Version:'". Also see cryptsetup.

        But many different ciphers can be used within the LUKS framework, which just calls kernel encryption functions. To see the cipher used, do "sudo cryptsetup luksDump /dev/sda6 | grep cipher" or "sudo cryptsetup luksDump /dev/nvme0n1p3 | grep cipher". Probably it will be "aes-xts-plain64", which is AES-256 or equivalent. Run "cryptsetup benchmark" to see all algorithms available in your kernel ?

        Once you get through the mapping and encryption, the decrypted block device contains a standard filesystem such as "ext4" ("sudo df -khT | grep '/$'" shows that).

        Make a backup of your LUKS header: see LUKS encryption section of my "Linux Storage" page.

      • If you only have to type BIOS password, maybe see GRUB menu, see Linux user name, then type Linux user password, you have either:

        • User-home-directory encryption.

          "sudo df -khT | grep /home/" will show a /home/USERNAME/.Private volume with type "ecryptfs". Also do "ls /home/.ecryptfs" ?

          "ecryptfs" is a filesystem type with encryption built in. It actually stacks on top of a directory and replaces it with a filesystem, it doesn't handle a partition. ArchWiki's "eCryptfs"

          Make a backup record of your eCryptfs mount passphrase (which is derived from your password). "ecryptfs-unwrap-passphrase"

          See eCryptfs section of my "Linux Storage" page.

        • No encryption.

    • Is there any free (wasted, un-partitioned) space left on disk ?

      "sudo parted /dev/sda print" or "sudo parted /dev/nvme0n1 print".
      Maybe you will see a few small (less than 1 MB) interstitial free spaces needed to adjust alignment.

      "sudo fdisk --list /dev/sda" or "sudo fdisk --list /dev/nvme0n1"

      Maybe (do this carefully): "sudo parted /dev/sda" or "sudo parted /dev/nvme0n1" to get into interactive mode, "p" to list partitions, "align-check opt N" to check alignment for each partition, "q" to quit.

      Maybe (do this VERY carefully): "sudo fdisk /dev/sda" or "sudo fdisk /dev/nvme0n1" to get into interactive mode, "n" to try to create a new partition, see message saying "No free sectors available", "q" to quit without saving. On a GPT disk there probably WILL be free sectors below sector 2048.

      Scott McBrien's "Where did my disk space go?"


    • What kind of swap is implemented ?

      "swapon --show"

      • Swap file ("ls -l /swapfile").

      • Swap partition.

      • Compressed RAM (zram).

      • Compressed RAM cache in front of a swap device (zswap 1, zswap 2).

      • No swap.

      Also "free -h" and "cat /proc/swaps".

      You may see swap space used even when there is free RAM space: something could get swapped out when RAM is full, later does not come back in unless needed. Lengthy discussion of swap and swappiness: Chris Down's "In defence of swap: common misconceptions".
      Also see Linux ate my ram !.

      OOM-handlers: nohang, oomd, earlyoom, systemd-oomd.
      David Rientjes' article
      Add "vm.oom_kill_allocating_task = 0" to /etc/sysctl.conf ?



    If some of these are seriously wrong, now is the time to fix them or re-install.

    Raiders of the Lost Ark: you have chosen wisely


  11. If your installation has no swap, maybe create a swap file.

    "ls -l /swapfile"
    "swapon --show"
    Aaron Kili's "How To Create a Linux Swap File"
    Ryan Sechrest's "System running out of memory: create a swap file"


  12. With SSD, I like to do fsck at every boot.

    For / as ext4 filesystem on LUKS:
    "sudo tune2fs -c 1 /dev/mapper/vgkubuntu-root"

    Seems to be no equivalent for Btrfs filesystem.
    You could manually do a "btrfs-check --readonly --force", or create a systemd unit to do it at boot time.


  13. If SSD, how is TRIM being done ("sudo systemctl status fstrim.service fstrim.timer"), is noatime set (look in "mount | column --table" or "findmnt -A"), are partitions aligned to 1 MB or 2 MB boundaries, is full nominal disk space used ? There are various other tweaks. See Solid-State Drive (SSD).

    If the fstrim services are not running, do: "sudo systemctl enable fstrim.service fstrim.timer" and "sudo systemctl start fstrim.timer"


  14. Update software. There may be nothing to update at this point.


  15. Check power-management settings (if any).

    See "Battery / Power Management" section


  16. Turn off features you don't want: file-sharing, Telnet/SSH server, whatever.

    Run System Settings application and click through many of the icons.

    Maybe turn off file-search-indexing.

    Maybe turn off background repo updates.
    On Fedora:
    "sudo systemctl status dnf-makecache.timer"
    "sudo systemctl disable dnf-makecache.timer"
    On GNOME:
    "gsettings set org.gnome.software download-updates false"

    "sudo ss -lptu" to see what listeners are running.
    Probably don't want to see SSH or Telnet or RDP in there.

    "nmap localhost" to see what ports are open.
    Or from a smartphone or another computer, do a port-scan of this Linux system to see if any ports are open.

  17. Turn on security controls.

    Probably install firewall "gufw" and enable it, with Incoming set to "Deny".

    "sudo apt install openvpn NetworkManager-openvpn"
    See Tightening Security section of my "Linux Controls" page, especially about password store, VPN, and firewall. Also see macchanger section of my "Computer Security and Privacy" page. And I like to turn off IPv6.

    After doing any VPN or firewall stuff, reboot and make sure the VPN comes up automatically and the firewall settings are persistent.


  18. What accounts exist and what are their passwords ?

    
    sudo bash
    
    # To see accounts that can log in:
    sudo grep -v ':\*:' /etc/shadow | grep -v ':\!:' | grep -v ':\!\!:' | grep -v ':\!\*:'
    
    # To see accounts that can do "sudo":
    sudo egrep '^sudo|^wheel' /etc/group
    

    See Accounts section of my "Linux Controls" page.


  19. If you haven't already, deliberately shut down and then power on again, to make sure booting works okay.


  20. Kernel selection:

    Ubuntu automatically boots into the most recent Linux kernel. If you have Legacy BIOS (not UEFI), and want an option to choose a kernel, you could install GRUB Customizer (I haven't done this): do "sudo apt install grub-customizer", launch it, go to General Settings, change "Boot default entry after" to a value higher than 0 seconds, go to Advanced Settings, change GRUB_TIMEOUT_STYLE to 0. Save the configuration.


  21. Snaps on Ubuntu 20.04:
    +/-
    • I was planning to disable all snaps and flatpaks. But I decided to leave them in use, and see how well they functioned.

    • If you want to replace existing snaps with non-snaps:

      Maybe follow instructions in Kevin Custer's "Disabling Snaps in Ubuntu 20.04", or:
      
      snap list
      snap remove [packages]
      apt install [packages]
      
      And then to prevent re-installation of snap, create /etc/apt/preferences.d/99-Prohibit-Snapd :
      
      Package: snapd
      Pin: release a=*
      Pin-Priority: -10
      


    • Pratik's "How to Remove Snap From Ubuntu"
      Maybe some of:
      
      # remove Ubuntu's default store
      snap remove snap-store
      # install a store that can handle snaps, debs and flatpaks
      sudo apt install gnome-software
      
      # optional: show and install flatpaks in the software center.
      # Look first in the Store application to see if there is a way to turn on Flatpak.
      sudo apt install gnome-software-plugin-flatpak
      flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
      flatpak remote-add --if-not-exists flathubbeta https://flathub.org/beta-repo/flathub-beta.flatpakrepo
      # then reboot
      



    After 5 months of using snaps, I find a few have small IPC or directory-permission bugs, but most work fine.


  22. Ubuntu 20.04: install some useful stuff:

    Tweak these as you wish. Some apply only to certain DEs, some may be installed already.

    
    # Debian family:
    sudo apt install dconf-editor curl inxi traceroute smartmontools
    sudo apt install whois mtr net-tools p7zip-full most
    sudo apt install exfat-fuse exfat-utils btrfs-progs rename mlocate
    sudo apt install youtube-dl ping6
    
    # Needed in Ubuntu GNOME with Nautilus file-explorer:
    # Also for Thunar file-explorer in Xfce:
    touch ~/Templates/newfile.txt	# add "New Document" item to file-explorer
    
    # For man pages and terminal; bad if terminal has white background
    # add to end of .profile:
    export PAGER=most
    

    If you plan to do some development or compiling:
    
    # Debian family:
    sudo apt install git build-essential libtool intltool
    
    # Fedora:
    sudo dnf groupinstall "Development Tools"
    
    # Red Hat family:
    sudo yum groupinstall "Development Tools"
    
    # Manjaro:
    sudo pamac install base-devel
    
    # Arch family:
    sudo pacman -S base-devel
    
    # OpenSUSE:
    sudo zypper install -t pattern devel_C_C++
    

    If you want Snaps:
    
    sudo apt install snapd plasma-discover-snap-backend
    

    If you want Flatpak:
    
    sudo apt install flatpak plasma-discover-flatpak-backend
    flatpak remotes
    sudo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
    sudo flatpak remote-add --if-not-exists flathubbeta https://flathub.org/beta-repo/flathub-beta.flatpakrepo
    

    If you want Docker:
    
    sudo apt install docker docker-compose docker.io
    

    In Kubuntu, for VPNs:
    
    sudo apt install network-manager-openvpn network-manager-strongswan
    


  23. Install or update multimedia codecs.

    Linux Mint Installation Guide's "Multimedia codecs"
    On Ubuntu 20: "sudo apt install ubuntu-restricted-extras"
    On Kubuntu: "sudo apt install kubuntu-restricted-extras"


  24. Install applications.

    Launch the "Ubuntu Software Center" or similar application.
    On Fedora, also "sudo dnf group list -v".

    From Easy Linux tips project's "Avoid 10 Fatal Mistakes in Linux Mint and Ubuntu":
    "Never remove any application that's part of the default installation of Ubuntu or Linux Mint."
    [But I think removing clearly isolated applications such as GIMP or VSCode or Qbittorrent or vim would be fine.]


  25. Set Update frequency and do Updates.

    Launch the Ubuntu "Software Updater" or similar application.
    Dave Merritt's "Getting Started with Linux Mint? Focus on These Three Tools"
    Easy Linux tips project's "Update Manager: understand and optimize it"

    Note: "A manually installed application receives no updates from Mint!"


  26. Remove telemetry-type things:
    +/-
    Apparently there is a unique "machine ID" generated at installation or first boot:
    
    cat /etc/machine-id
    cat /var/lib/dbus/machine-id	# maybe just a link to /etc/machine-id
    man machine-id
    
    # you could change it to a generic value (the Whonix ID):
    #	b08dfa6083e7567a1921a715000001fb
    

    On Ubuntu 20:
    
    # apparently popularity-contest has been broken since 18.04 anyway
    sudo apt remove popularity-contest ubuntu-report
    sudo chmod a-x /etc/cron.daily/popularity-contest
    
    sudo sed -i "s/ENABLED=1/ENABLED=0/" /etc/default/motd-news
    sudo systemctl disable motd-news.timer
    sudo systemctl disable motd-news.service
    

    Apparently some other distros have similar stuff, such as a "census" on Zorin OS ?

    Debian had/has a popularity contest:
    
    sudo apt remove popcon python3-popcon
    

    Red Hat family, but unlikely to be installed in your system:
    
    sudo dnf remove collectd fedora-coreos-pinger
    

    A thing with a suspicious name, but it's not evil: Linux Uprising's "How To Completely Disable Tracker, GNOME's File Indexing And Search Tool". I wouldn't disable or remove it; just go into Settings / Search and dial it down.

    Karim Buzdar's "How to force Ubuntu to stop collecting your data from your PC"


    Network Manager's connectivity-checking every 5 minutes ?
    Justin Chapin's "How to prevent NetworkManager connectivity checking"

    Summertime Tech's "Distro Telemetry Watch"
    Summertime Tech's "Linux Telemetry"


  27. Test and adjust various things: display, touchpad, microphone, camera, using USB devices (external disk, camera, flash drive, Android phone), playing audio and video, etc.


  28. Test and adjust various applications: browser, word-processor, etc.

    4/2020, on Ubuntu 20.04, some quirks I found:
    +/-
    • Ubuntu Software - Installed is very slow when removing apps; wait for it to ask for sudo password, and it might take 15 seconds before asking, then more time to actually remove.

    • How to install GNOME shell extensions ?

      See install GNOME shell extensions.

      Install "GNOME Tweaks" application, which will give lots of controls (but not scrollbar width, apparently that's in theme) and will manage extensions once you get them installed.

    • Decided I can't live without Mint's Pix app. Installed it in Ubuntu; see Pix section of my Using Linux page.



    Needed to install "Gnome Software Center" to get apt/deb and flatpak versions of apps.
    
    sudo apt install gnome-software gnome-software-plugin-snap gnome-software-plugin-flatpak
    
    Now I have two apps with identical red-A icon: snap store is "Ubuntu Software" and all-formats store is "Software". In the all-formats store, for any particular app, check the "source" field to see what format it is.


  29. Install fonts ?
    +/-
    I'd say: don't mess with this until after you've used the system for a while, and maybe found you really don't like the fonts.

    Microsoft windows font pack ?
    Later followed instructions in SK's "Install Microsoft Windows Fonts In Ubuntu 18.04 LTS":
    
    sudo apt update
    sudo apt install ttf-mscorefonts-installer
    sudo fc-cache -f -v		# build font cache files
    

    Maybe Windows Vista fonts too ?
    See ZcomTech's "How to install Microsoft fonts in Linux office suites 2020":
    
    sudo apt install fontforge
    wget https://gist.github.com/maxwelleite/10774746/raw/ttf-vista-fonts-installer.sh
    chmod a+x ttf-vista-fonts-installer.sh
    sudo bash -c ./ttf-vista-fonts-installer.sh
    rm ttf-vista-fonts-installer.sh
    

    Run the "Fonts" or "Font Manager" GUI application.

    Some people say the Ubuntu fonts are superior to most, also the Noto fonts are good. Download an archive and extract into /usr/share/fonts. Then go to settings and change system font.

    On Fedora, "sudo dnf copr enable dawid/better_fonts" then "sudo dnf install fontconfig-enhanced-defaults fontconfig-font-replacements" then log out/in.

    If available, try changing "antialiasing" from "Standard/grayscale" to "Subpixel/LCD".

    Someone said "hinting=full , subpixel order=rgb, anti aliasing=enabled, backend=glx, bytecode interpreter=true".

    Fonts can look bad if monitor is set to wrong refresh rate (too low) ?

    ArchWiki's "Font configuration"
    Venam's "Did You Know Fonts Could Do All This?"


  30. Miscellaneous settings I like.

    Turn off any wallet or keyring functionality.
    Turn off Search inside files.
    Turn off multiple workspaces, desktops, activities.
    Add any helpers to file-manager, such as LUKS service menu to Dolphin.
    Disk-IO reduction for browsers: Browser profile caching.


  31. Install a printer.
    +/-
    Dell's "How to install and configure a Dell Printer using the Ubuntu Operating System"
    System default paper size: "cat /etc/papersize"

    Under Mint 19.0, I think I just plugged in the printer (HP Deskjet 3634) through USB and it worked.

    Under Ubuntu GNOME 20.04:
    TWO printers show up, one with address "localhost", other with address "Deskjet 3630 series [SERNUM]. ipp. tcp.local". And once or twice that second one disappeared from Settings / Printers, and then re-appeared (maybe I had a loose USB connection). Then when I tried to actually print something, nothing worked, just get "not connected" message.

    Eventually by power-cycling printer, enabling the check-box "share printer to network", and "start CUPS service" I got a page to come out, but by then I had FIVE printers appearing in the list ! Three of them say Model "HP 3630 series", which is correct, but two say Model "HP 3638 all-in-one", which is not. Two of them show Location "SYSTEMNAME", one shows Location empty, others show no Location field at all. A little later, I powered off the printer and disconnected it, and one of the five went away.

    A day later, using the printer as a scanner worked after a slight hiccup: two printers appear in list, and the one with a serial number in the name worked.

    A week later, I went to a Win10 machine and set up that HP 3634 printer to connect through Wi-Fi instead of USB. Went back to my Ubuntu machine, to Settings / Printers, deleted all 4 or 5 printers, and one of them popped up again. It was the HP 3634 on Wi-Fi. Printed to it, and it worked. Scanned from it, and it worked. Simple. [But later the printer keeps showing up as 4 or 5 devices.]

    Under Ubuntu MATE 20.04:
    Printer already has Wi-Fi enabled. Went to Settings / Printer app. Powered printer on. Icon for printer appeared in app. Right-clicked on it, set as system default printer.

    I'm hearing same from other people: using printer through Wi-Fi is the way to go.

    Later changed home Wi-Fi network. No way to get printer onto new Wi-Fi using Linux. Have to use a Windows machine. Even printing/scanning through USB isn't working most of the time.

    Tried smartphone:
    Turn off VPN on phone.
    Install "HP Smart" by HP Inc app on smartphone.
    Run app.
    Power on printer.
    HP 3634 printer:
    By pressing "I" button on printer, it will print instructions.
    You DON'T want "Wi-Fi Direct"; that turns off normal Wi-Fi on your phone/laptop and makes a peer-to-peer connection.
    Click app's "Set up new printer" button.
    On printer, press and hold Wirelss and Cancel buttons for 3 seconds. Power light will blink for a few seconds.
    App should find printer.
    Give Wi-Fi password.
    Should connect.
    FAILS.

    Tried HP utils on Linux:
    sudo apt install hplip-utils
    Turn off VPN on laptop.
    Power on printer.
    Plug USB cable from printer into laptop.
    On printer, no lights on except Power.
    run HPLIP Toolbox (AKA "HP Device Manager") application.
    Remove any existing printers.
    Click "+"
    Select "Wireless (requires a temporary USB)"
    Finds printer.
    Connect through USB.
    FAILS.

    Successor to CUPS: OpenPrinting ?


  32. Install anything special you need.

    For me on Mint 19: install support for WD My Passport Ultra encrypted external hard drives. See Special Hardware section of my "Using Linux" page.


  33. Copy personal files from backup to Linux home directory.


  34. Try opening your files, especially various file types such as TXT, PDF, MP3, JPG, MP4, etc.


  35. Mount Windows filesystem under Linux:
    +/-
    If you turned it off before, you can boot into Windows and turn on "Fast Startup" in Control Panel / Hardware and Sound / Power Options / System Settings. Now that you're not going to mess with partitions any more, it should be safe to hibernate Windows.

    See Connecting Linux and Windows section of my "Linux Networking" page.


  36. Check the Startup Applications.

    Various ways to add a startup application or script if you want to: see if system has a "Startup Applications" application, create a systemd unit (how), create a .desktop file in /etc/xdg/autostart/, maybe add in GNOME Tweaks, add an entry to crontab.


  37. Set up system backups (maybe with Timeshift), and do an initial snapshot (may take an hour or more).

    Linux Mint Installation Guide's "System snapshots"


  38. Record system settings, for use if you ever need to do troubleshooting later.

    I run a script: SaveConfig.sh

Easy Linux tips project's "10 Things to Do First in Linux Mint 19.1 Cinnamon"
Easy Linux tips project's "10 Things to Do First in Linux Mint 19.1 Tessa"
Dell's "How to configure Ubuntu Linux after it's first installed on your Dell PC"
Mehedi Hasan's "Top 10 Best Things To Do After Installing Linux Mint 19 'Tara'"
Aquil Roshan's "Things To Do After Installing Linux Mint 18.3"
Willi Mutschler's "Installation guides"
Abhishek Prakash's "16 Things to do After Installing Ubuntu 20.04"
Abhishek Prakash's "Things to do After Installing Ubuntu 18.04"
Gary Newell's "38 Things to Do After Installing Ubuntu"
Mike Turcotte-McCusker's "5 Things to do after a fresh install of GNU/Linux"
Dedoimedo's "Fedora 33 essential post-install tweaks"
M.Hanny Sabbagh's "Things To Do After Installing Fedora 33"
DuckDuckGo Blog's "How to Protect Your Privacy on Linux"



My experience 8/2018 with Mint 19.0 (plus a few Ubuntu 20.04 things):

+/-
  1. USB flash drives:
    +/-
    I have a USB flash drive which may be corrupted. I see that doing "sudo touch /forcefsck" will force system (root) partition to be checked next time system boots. To check the USB drive, I unmounted it in Nemo. Hovering over the icon showed its device as "/dev/sdb1". In CLI, did "sudo fsck /dev/sdb1". Found some problems, fixed them, but drive still not correct.

    Installed GParted. Only shows one device at a time, have to use GParted/Devices menu item to switch from one to another. Formatted USB drive's partition. Device fixed. Did it to another USB also. They work.

    But Linux seems to handle these flash drives differently than Win10 does. You have to be very careful to software-eject them from Linux, and wait until you see a notification that it is safe to unplug the drive. Writes are buffered/cached, so unplugging a drive too soon can corrupt it. Ejecting using the System Tray icon doesn't give the notification; always eject using File Explorer.

    To turn off write-caching:
    "sudo hdparm -W 0 /dev/devicename"
    But this may result in more writes, which is bad on a flash drive.

    To reduce number of writes:
    Upon mount, set "noatime" (in /etc/fstab, change "defaults" to "defaults,noatime").
    But removable drives probably aren't permanently listed in fstab.



  2. Filesystem-checking:
    +/-
    "sudo touch /forcefsck" will force boot and system (root) partitions to be checked next time system boots. But note that Btrfs doesn't have fsck.

    Maybe edit "/etc/default/grub" to change:
      GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
    to:
      GRUB_CMDLINE_LINUX_DEFAULT="quiet splash fsck.mode=force fsck.repair=yes"
    and then do "sudo update-grub" (on Ubuntu*),
    "sudo update-grub2" is for Debian and SUSE;
    "sudo grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg" for Fedora;
    "sudo grub-mkconfig -o /boot/grub/grub.cfg" for Arch family ?

    Or run GUI app "grub-customizer", click on Advanced Settings, and do GRUB_CMDLINE_LINUX_DEFAULT changes.

    Dan Nanni's "How to boot into command line on Ubuntu or Debian"

    Press Esc key while booting to get into grub menu.

    In grub menu, highlight first item "Linux Mint 19 Cinnamon" and press "e" key to edit the script for that menu item. Find line something like "linux ... ro quiet ..." and add a "fsck.mode=force" after the "ro quiet". Hit F10 to boot. After OS starts, a csd_housekeeping process will check disk, taking a couple of minutes. Results where ? Change to the boot script is not persistent; it will be gone next time you restart.

    After doing all this, someone told me to do "e2fsck -n -f /dev/sdaN" at CLI (after booting), and it tells me my root filesystem has all kinds of problems: orphan inodes, inode bitmap problems, free block count wrong, directories count wrong, etc. Same for /home filesystem. But someone else says: "If you run fsck on a mounted file system, you'll see errors all over the place because the system often defers writing data or 'tidying up' information already on the disk, especially for open and locked files associated with running processes. The only way to fsck the system partition sensibly is at boot time, when it can be temporarily unmounted by the booting process and before anything reliant on the disk loads, or better, booting with a separate device / partition entirely, e.g. a boot disk or USB."

    Log from boot process is /var/log/boot.log It says it checked both root and /home. It shows some details from checking root, but no details for checking /home. No errors reported, but it also doesn't explicitly say "no errors found".

    To check results of fsck:
    "journalctl --since=today | grep systemd-fsck\\["



  3. Firewall and VPN:

    I went down a bit of a rabbit hole for a while, tweaking iptables a lot, then shutting down some listeners, and doing some testing. Also, new releases of Windscribe VPN client changed its effect on iptables a bit.

    To see what incoming ports are open and/or have listeners, do "sudo netstat -tulpn" or "sudo netstat -tulp". (Also "sudo ss -lptu") For all ports, do "sudo netstat -tuap".

    To see what iptables looks like, do "sudo iptables -L -v".

    Ran a couple of net-testing apps on my phone (which is on my LAN), targeting my PC, and they show all ports blocked, no response to ping, no services offered.

    See Tightening Security section of my "Linux Controls" page.


  4. Scrollbars are too narrow for my taste (other people have complained too) in both Mint 19 Cinnamon and Ubuntu GNOME 20.04.

    • Mint 19 Cinnamon:

      Edited various CSS files under /usr/share/themes/, but the changes didn't do anything.

      Installed Gnome Color Chooser, but the scrollbar width setting only affected the Start button menu, not Nemo or other apps. Looks like GCC effectively edited ~/.gtkrc-2.0 to add
      "style "gnome-color-chooser-scrollbar" { GtkScrollbar::slider_width = 45 }
      widget_class "*Scrollbar" style "gnome-color-chooser-scrollbar" " to it. Maybe it made changes elsewhere, too.

      I read that some apps (LibreOffice Writer, Calc) are GTK2.0, others (Nemo) are GTK3.0.

      Created and edited ~/.config/gtk-3.0/gtk.css and put
      ".scrollbar.vertical slider, scrollbar.vertical slider { min-width: 20px; }"
      in it, and that worked for Nemo and Firefox and Xed.

      [Later, after updating to Mint 19.2: System Settings / Appearance / Themes / Settings / Scrollbar behavior / Override ...]

    • Ubuntu GNOME 20.04:

      No setting for scrollbar width in GNOME Tweaks; apparently it's in theme.

      "gedit ~/.config/gtk-3.0/gtk.css" to add ".scrollbar.vertical slider, scrollbar.vertical slider { min-width: 16px; }" Used by Firefox, Thunderbird, Terminal, Settings, Nautilus, Variety, GNOME Web, not VSCode, not KeePassXC, not Liferea, not snap-store, not Tor Browser.

      /etc/gtk-3.0/settings.ini or /etc/gtk-3.0/gtk.css to affect all users ?

      Edit ~/.gtkrc-2.0 to add:
      
      style "scrollbar-style"
      {
         slider-width = 9 # for example
      }
      class "GtkScrollbar"   style "scrollbar-style"
      class "GtkVScrollbar"  style "scrollbar-style"
      class "GtkHScrollbar"  style "scrollbar-style"
      

      /etc/gtk-2.0/gtkrc to affect all users ?
      /etc/X11/app-defaults/* to affect all users ?

      sudo apt install qt5ct

    • Ubuntu MATE 20.04:

      Scrollbar widths are reasonable.


  5. On Ubuntu GNOME 20.04: GNOME desktop issues:

    Default Desktop Icons extension is very limited and can't be removed, and even if you turn it off I think it keeps running.

    To create icons on GNOME desktop:
    e.g. "ln --symbolic -t ~/Desktop /opt/thunderbird/thunderbird".

    Appearances and labels of applications in the left-hand bar can be controlled by editing .desktop files in /usr/share/applications. There also is ~/.local/share/applications, maybe that's for desktop icons ?

    See install GNOME shell extensions.


  6. On Mint 19: Wanted to test that my /home is encrypted, and that I can access it from a bootable USB if needed. Booted into a Live session from the same USB I used to install onto hard disk 2 months ago. Opened Nemo, went to hard disk, my /home/user1 dir just has two files in it, "Access-Your-Private-Data.desktop" and "Readme.txt". If I run "Access-Your-Private-Data.desktop", I get an error "cannot execute commands from a remote site". Following instructions in "Readme.txt", if on CLI I run "ecryptfs_mount_private" or "sudo ecryptfs_mount_private", I get an error "encrypted private directory is not setup properly".

    How it's supposed to work, see comment in superuser's "eCryptfs encrypted home - explanation".

    If you use an encrypted home directory, you should keep a backup copy of your mount passphrase ? Run "ecryptfs-unwrap-passphrase" to get it.
    Chris Hoffman's "How to Recover an Encrypted Home Directory on Ubuntu".

    Got script from superuser's "eCryptFS: How to mount a backup of an encrypted home dir?". Had to modify it to work, ended up with MountEncryptedHome.sh which works on Linux Mint 19 Cinnamon run from USB as of 10/2018.


  7. Key-shortcuts to do things in normal operation:

    Run Keyboard application and click on Shortcuts tab to see them.


  8. Magic key-sequences if stuff goes wrong:

    See Magic key-sequences section of my "Using Linux" page.


  9. You should routinely check a couple of logs to see if anything unusual is happening in your system:
    "cat /var/log/kern.log"
    ("sudo dmesg -T" command same log, with coloring added),
    "sudo journalctl --pager-end".


  10. An update came out, installing "freedesktop". In the log files next morning, I saw that now a GeoClue service is running.
    
    apt list | grep geoclue | grep installed
    systemctl status | grep geoclue | grep -v grep
    systemctl status geoclue
    
    Don't want that. You can remove Geoclue-2.0. Removed it, but kept getting a boot-time error from "Redshift". Re-installed Geoclue-2.0. Tried to wire it to show a fake location, but it's always returning zeros for lat/long. My release is 2.4.7-1ubuntu1; newest is 2.5.1. Did "sudo apt install geoclue-2.0", but it says I have the latest (from the repositories my system points to). Guess I'll wait until an update comes down.


Installed Kubuntu 20.10 in 12/2020:

+/-
Installer UI a bit weird around setting LUKS password; empty boxes with no labels.

Installer created a UEFI ESP partition even though I have legacy BIOS.

No way in Discover store to disable Snaps or enable flatpaks (but you can do it through CLI). No way to say "show only FOSS".

VSCode only available as snap.

Network Manager connector for OpenVPN not found; "sudo apt install network-manager-openvpn network-manager-strongswan".

Some commands (df, docker) that didn't require sudo on MATE 20.04 require sudo on Kubuntu 20.10.

Dolphin file-manager doesn't handle LUKS containers.
In Dolphin: Settings / Configure Dolphin / Services.
Creating Dolphin Service Menus
I created a new "Service Menu" to do it: lukscontainerfile.

Add new application: right-click on Launch button in lower-left corner of desktop, select Edit Applications.

Auto-rotate backgrounds: right-click on desktop, select Configure Desktop / Wallpaper / Wallpaper Type == Slide Show.

KRunner: search field that appears at top of screen.

Surprisingly, no clear setting for 24-hour clock. Had to set date/time format to UK-English to get it.

Installed Fedora 34 KDE in 4/2021:

+/-
This was a big move, across distro-families (from Kubuntu), and also from X to Wayland, from ext4 to Btrfs on system disk, PulseAudio to PipeWire, and jumped from kernel 5.8 to 5.11.

Installer a bit weird in disk partitioning area: had to "reclaim" space from current disk, at least under "automatic" there was no indication of what filesystem type would be installed, nothing about swap, strange item "enable adding more space" ?

On cold boot, OS finds no mouse or touchpad. On restart, it finds them. Eventually someone gave me a simple way to recover from this condition: "sudo rmmod i2c_hid && sudo modprobe i2c_hid". Added some info to an existing bug report that seemed related to it. Next time it happens, after recovering, try "sudo journalctl --since=today | grep i2c" to get more info. Actual error is "HID over i2c has not been provided an Int IRQ". Seems to be fixed with 5.11.9 kernel, I think (I might have the number wrong).

550 MB system update available after booting. Applied it. Didn't fix mouse/touchpad issue.

By default, single-click opens file or folder. System Settings / Workspace Behavior / General Behavior to change that.

Date/time format is set by country, not format, and couldn't find Britain/England in the list. Format example shows a time less than noon, so I can't confirm it's using a 24-hour clock.

Default text editor is KWrite; Kubuntu used Kate.

Dolphin doesn't understand LUKS container files; added the service I wrote.

One Btrfs partition, zstd:1 compression, two sub-volumes root and home. Added noatime directives to both of them in /etc/fstab. Later added compression for my Btrfs removable drives and container files.

KWrite refuses to run if you've sudo'd.

Discover is having major problems: starts up and says "unable to load applications; check internet connection" (but connection works in Firefox); unable to remove "Flatpak - testing" repo; Installed button just shows a few libraries/packages, not all the apps. Can't remove or install any apps. Problems are due to settings of Flatpak repos. Filed bug report.

Snap command is not installed at all. "flatpak list" shows no Flatpaks installed. Fine with me; I want to stay native on this distro.

Shutdown very slow; something in it (maybe sddm shutdown ?) is hanging for 60 seconds. [Problem went away when I stopped using Wayland.]

Can't find VSCode in native repos. Added it via a private repo. Same for Brave browser, and for ungoogled-chromium browser.

Can't find Zoom in native repos. Had to download an RPM and install it.

In KeePassXC, auto-type doesn't work, I'm sure because of Wayland. Paste into KP fails sometimes too. There have been open bug reports for years, in KP and in Wayland. https://community.kde.org/Plasma/Wayland_Showstoppers

It's using firewall-config, which is much more complicated than gufw that I'm used to. Scan from smartphone found no open ports.

I see it has 8 GB of zram for swap.

SFTP seems different from the one on the last couple of Ubuntu* distros I've used.

Updates (all updates as far as I can tell) behave in a Windows-like way: you have to reboot, updates are applied as system starts, then system will restart again.

After a few days, switched from Wayland to X11, and KeePassXC works well now.

Touchpad-middle-button was driving me crazy, pasting when I didn't want to. Used xinput to disable it.

After two weeks, noticed that "sestatus" says SELinux is enabled / enforcing / targeted. Interesting.

Lots of apps and games installed that show up in the GUI app search/launcher, but not in Discover's Installed list, or in the package manager (under any reasonable name). For example KPatience, Elisa.

Installed Manjaro 21 Xfce stable in 10/2021:

+/-
Had been planning to install Cinnamon DE, but at last minute realized it is a community spin, not a directly supported DE, and may have some build issues that cause occasional breakage. So did Xfce instead.

Installer very nice, easily selected Btrfs and LUKS encryption and no swap.

Btrfs was mounted with autodefrag flag; I removed that. No discard flag; I enabled weekly TRIM service.

By default, AUR, Snaps, and Flatpaks were turned off. I turned on AUR.

For installs via CLI, I used pamac package manager.

Apparently some things are not available as binaries in the repos: ungoogled-chromium, Tor browser. Building browsers from source is very painful. Turned on Flatpaks as a software source, but then I don't see Flatpak images appear in the GUI "Add Software" app. Installed those apps through Flatpak CLI. Zoom and Skype also Flatpaks, I think they're never available as native packages.

OpenSnitch package in AUR installs the GUI but not the daemon. Building OpenSnitch through pamac fails.

VSCode's name on disk has changed from Code to Code-OSS or various spellings of that. Icon has changed too. This is a special "Open Source build" in the Manjaro repo.

The display-brightness settings in Power Management and my laptop's function keys seem to be fighting each other. Plug into AC power, brightness goes to 10% or something.

Default simple-image-editor Viewnior was horrible for editing; switched to Pix.

Key-combination to lock the screen is Ctrl-Alt-Del !

After using Timeshift to make a backup, pamac can no longer install things, timeshift-autosnap fails. So I removed Timeshift. Another workaround: "sudo SKIP_AUTOSNAP=1 pacman ...". Not sure if it works for pamac.

Thunar file-explorer doesn't auto-mount LUKS volumes.

If Ethernet cable is not connected at boot time, and then I plug it in, have to reboot to get the connection to establish.

No printer manager app installed. I installed printer-manager, and it can see USB-connected printer, but not Wi-Fi printer. Maybe I should have done "sudo gpasswd -a USERNAME sys" and then "sudo pamac install manjaro-printer". But second command said "nothing to do". Same with "pamac install hplip". Did "sudo pacman -S system-config-printer".

Desktop wallpaper rotation doesn't work; selecting folder of images is wonky.



Install GNOME shell extensions:

+/-
I did this on Ubuntu 20.04.

GNOME Shell integration Installation Guide

  1. Install Firefox extension

  2. 
    sudo apt install chrome-gnome-shell
    gnome-shell --version
    


  3. Click on GNOME browser extension's icon in browser toolbar, web site will open. Search for shell extension you want, click on it. Slide switch in upper-right of web page to On. See a confirmation dialog from the browser extension. Do NOT use the download link near the bottom of the page.

  4. Log out of Linux and log back in.

Default system extensions:
  • Desktop Icons by rastersoft (can't be replaced)

  • Ubuntu AppIndicators by didrocks (entry on web site is placeholder)

  • Ubuntu Dock by didrocks (entry on web site is placeholder)

I added:
  • OpenWeather by jens (easily get city coordinates by adding new location, not editing existing location)

  • Hide Top Bar by tuxor1337 (very nice; definitely install this one)

  • I looked at about 200 other entries, didn't find any other that was appropriate for my system, interesting to me, AND would install successfully.

pling / Gnome-look.org







Installing a Server



From people on reddit:
+/-
  • VPN: Use this docker container https://hub.docker.com/r/kylemanna/openvpn/

  • Use https://www.noip.com for a hostname. It's free for 3 dynamic hostnames. What it does is dns map your dynamic router ip to the hostname you choose so you can go to www.yourdomain.noip.net and it will go to your machine.

  • With your router you'll have to open up the port you use for the vpn. But that should be your only open port unless you run a webserver. Then you open just port 80 and 443 and the vpn. It means you don't expose your ssh port to the world, which is good.

  • Use "fail2ban" (or CrowdSec) and "rsakey ssh". Whatever you do, just don't expose your private keys.

  • A firewall won't really do much; if you're only exposing specific ports that you actually need to connect to, the most you might be able to do with a firewall is limit what IPs can connect to those ports.




Use "cockpit" as a web dashboard to manage your server.
Alan Formy-Duval's "How I use Cockpit for my home's Linux server management"



If you're going to allow incoming SSH: change the port it uses, set up key-based login instead of password login, set up two-factor authentication on it, disallow root logins, maybe use fail2ban (or CrowdSec) and ipset to restrict who/where can attempt to access it.
Rubaiat Hossain's "Everything You Need to Know about Linux OpenSSH Server"
ssh-audit



Prutser's "How to securely self-host a website or web app"



Some alternative web servers: Apache, Nginx, node-http-server.

SK's "Install Apache, MariaDB, PHP (LAMP stack) in Ubuntu 18.04 LTS Server"
Linux4one's "How to Install Apache on Linux Mint 19"
Linux4one's "How to Install XAMPP on Linux Mint 19"
Bryan Kennedy's "My First 5 Minutes On A Server; Or, Essential Security for Linux Servers"
Ubuntu Geek's "Step By Step Ubuntu 18.04 (Bionic Beaver) LAMP Server Setup"
Megha Pandey's "10 steps to secure Linux Server for Production Environment"
imthenachoman / How-To-Secure-A-Linux-Server
trimstray / the-practical-linux-hardening-guide
Kris Wouk's "How to Secure a Linux Home Server"
Chandan Kumar's "Secure and Harden Your Apache Web Server"
Detectify's "Common Nginx misconfigurations that leave your web server open to attack"



Alex Kretzschmar's "Perfect Media Server"



Cloud server:
/r/linuxupskillchallenge
Tim Anderson article about spending limits



See "Self-hosting" section of my "VMs and Containers" page





Buying a new laptop to run Linux



Generic (not just Linux) points

+/-
Most statements in here are generalities. As with any recommendations, you will get someone saying "avoid X at all costs, it was a nightmare", followed by 10 people saying "I've used X all my life, never had a problem".

You can't just look at CPU generations to compare performance; they don't follow in sequence. Some i3's are faster than some i7's, some Ryzen 3's are faster than some Ryzen 7's, for example. And every character in a CPU's model number matters; search exactly.
PassMark - CPU Mark
Techrankup's "Laptop Processors Ranking"

I'm in Europe, so have to be careful about keyboards.
Switch and Click's "ANSI vs ISO: Explained"
I came from USA, so I'm used to US-English ANSI.

I want separate buttons for the mouse-clicks, not tap-to-click on the main touchpad. But separate buttons seems to be solely a "gaming laptop" feature these days.

Unless you're doing gaming, best to get integrated graphics instead of a dedicated graphics processor (NVIDIA, AMD). Consumes less space and battery, generates less heat.
article1, article2
Alan Diggs' "Is AMD Really The Golden Child Of Linux?"

SSD UserBenchmarks



Ubuntu's "Ubuntu Desktop certified hardware"
ThinkWiki - Linux ThinkPad Wiki
Someone says "ThinkPad: stick to T or E series".

Dell sells high-end laptops with Ubuntu pre-installed, but don't expect their Support people to know anything about Linux. Lenovo announced Linux support 2020.

Easy Linux tips project's "Windows 10: how to prepare it for dual boot with Ubuntu or Linux Mint"
Ubuntu's "UEFI"
Adam Williamson's "UEFI boot: how does that actually work, then?"

From Linux Mint Installation Guide:
"The [same] Linux Mint ISO can be booted both in EFI or BIOS mode."

From Linux Mint Installation Guide - Multi-boot:
"If you want to dual-boot or multi-boot with Windows, it is easier and recommended to install Windows first, before you install Linux Mint."

From Linux Mint Installation Guide - EFI:
"If after installing Linux Mint in EFI mode, you are unable to boot due to a Secure Boot Violation, you can try one of the following solutions:
- Re-install, and do not select 'Install third-party software for graphics and Wi-Fi hardware, Flash, MP3 and other media', or
- Disable SecureBoot in the BIOS settings."

From someone on reddit:
"Be aware that 'newly released' laptops are often the most problematic things to install linux on."
and
"Typically on my NVIDIA systems i use the following kernel boot options to try to get things sane, so i can install: nomodeset,nofb,nosplash,noquiet."

[Note: "modeset" would have graphics set to high-res mode by BIOS, and "nomodeset" means have that be done later by Linux user-space.]

OTOH: very old machines may no longer be getting firmware updates from the manufacturer.

Some people say avoid: NVIDIA, Broadcom/Realtek wireless. But plenty of people use those with no problems.

Not sure if this applies to all/most new machines:
To boot Linux on USB (before installing): In Setup, set UEFI mode, disable legacy mode, disable secure boot, set SATA mode AHCI, disable RAID, disable Intel RST. Reboot, enter your system's one-time boot menu, select the install USB device from the UEFI devices list, not the legacy devices list.

With UEFI, you want an EFI partition of 512 MB, and rest of disk as one partition for Linux ?

On some new laptops, in BIOS Disk Settings, change from RAID to AHCI mode. On some machines, installer can't see any partitions until you do this.

/r/SuggestALaptop



I usually buy low-end machines, but it occurs to me that I've used my current laptop for 9+ years. So maybe if I pay an extra $250 or so for a better machine, I get a better experience for an extra $30/year. Plus I use the laptop at least 6 hours per day. Worth it. [Of course, that's a slippery slope, soon find yourself spending $2000 on a laptop.]

My current laptop has 8 GB of RAM; typically about 4 GB are in use. I'm using about 120 GB of disk (80 GB /home, 35 GB /). So 16 GB of RAM and 256 GB SSD should be fine for me.

I briefly considered buying a desktop instead of a laptop. Top CPU performance can be 4x on a desktop, and GPU probably tops out much higher too. RAM and SSD should be about the same as on laptop, I think. But I decided I needed the portability of a laptop.



Open-source laptops

+/-
Pinebook Pro
14" screen, limited memory, but $200

Purism
Slow CPU, slow RAM, very nice display.
Librem 15 with Intel i7-7500U (maybe 4500 CPU mark; can't find it in benchmarks) and 16 GB and 256 GB SSD about $1700 maybe plus Customs.



Linux-oriented laptops

+/-
I'm in Europe, so selection of vendors is different from USA.
I'm focused on 15" display, fast CPU, 16 GB RAM, 256 GB SSD, US-English-ANSI keyboard, don't want NVIDIA.

[Information as of 12/2020:]
  • Tuxedo Computers
    +/-
    English ANSI keyboard available, but not on all models.
    Tuxedo makes their own "Premium BIOS", which is not UEFI and not coreboot. Coreboot is under development as of 8/2021. I'd rather have standard UEFI. But Coreboot might disable IME ?
    Easy maintenance access, including to replace fans (important to me). BUT: keyboard easy to replace in Aura, NOT easy in Pulse.
    A negative for me is: no mouse buttons.

    Aura 15 with Ryzen 7-4700U (13,800 CPU mark) and 16 GB and 256 GB SSD about €860 incl tax.
    Aura 15 with Ryzen 7-4700U (13,800 CPU mark) and 32 GB and good 500 GB SSD about €1000 incl tax.
    Pulse 15 AMD with AMD Ryzen 4800H (19,100 CPU mark) and 16 GB and best 250 GB SSD about €1040 incl tax.

    /r/tuxedocomputers (and Support is active there)
    12/2020: Large backlog of orders for Pulse 15, don't expect to get it any time soon.


  • Slimbook
    +/-
    Made in Spain, where I live.
    No mouse buttons.
    UEFI firmware.
    Firmware on KDE Slimbook is InsydeH2O V2.
    Support says they have both ANSI and ISO US-English keyboards; I guess specify when you order. No numeric keypad, which is fine with me, and I think allows bigger keys. But the letters on the keycaps are grey-on-grey; hard to see (maybe see decals ?). Support says they can't print darker because then backlighting wouldn't work, but the contrast is fine anyway, no need. But then they said US-ANSI is the only keyboard with a contrast issue, they changed to their own font on all the other keyboard layouts to improve contrast !
    I wasn't able to find display specs. Support says "60 Hz panel with a brightness of 300 nits".
    Support says: All our laptops have Ethernet ports; no black chassis.
    Looks like Samsung SSD might be 35%-60% faster than Toshiba SSD; hard to tell what the Toshiba models are.

    Essential 15 with Intel i7-1065G7 (9000 CPU mark) and 16 GB and 256 GB SSD about €760 incl VAT.
    KDE Slimbook 15 with AMD Ryzen 4800H (19,100 CPU mark) and 16 GB and default 250 GB SSD about €1030 incl VAT.
    Pro X 15 AMD with AMD Ryzen 4800H (19,100 CPU mark) and 32 GB and best 512 GB SSD about €1230 incl VAT.

    Slimbook's support forum
    Slimbook's tutorials
    /r/slimbook
    Slimbook's tutorial for optimizing use of SSD

    Marcos Costales' "Review Slimbook Pro X"
    Nate Graham's "The superfast Ryzen-powered KDE Slimbook"
    Thom Holwerda's "KDE Slimbook: the best way to run KDE"
    "My MECHREVO Code01 (TongFang PF5NU1G) Review"
    KDE Slimbook 15 looks same as TongFang IDG



  • Clevo Center (Portugal)

    Clevo (Germany)
    Only English ISO keyboard.

    CLEVO NL51RU Ryzen 5 ULTRABOOK with AMD Ryzen 5 4500U (12,000 CPU mark) and 16 GB and 512 GB SSD about €782 incl VAT (Portugal)
    CLEVO NL51RU Ryzen 5 ULTRABOOK with AMD Ryzen 7 4700U (13,800 CPU mark) and 16 GB and 512 GB SSD about €870 incl VAT (Germany)


  • Schenker VIA 15 Pro

    Only English ISO keyboard.

    VIA 15 Pro with AMD Ryzen 4800H (19,100 CPU mark) and 16 GB and good 256 GB SSD about €1046 incl VAT.


  • Dell

    Only English ISO keyboard.

    Inspiron 15 5000 with Intel ii7-1165G7 (10,600 CPU mark) and 16 GB and 1 TB SSD about €1100 incl VAT.


  • System76

    Shipping to Europe would be expensive.

    Pangolin 15" with AMD Ryzen 7 4700U (13,800 CPU mark) and 16 GB and 256 GB SSD not available yet, no pricing.


  • Ubuntushop.eu

    Site often doesn't give exact CPU models, never RAM speeds.

    UbuntuBook 15.6" Alloy with Intel i5-???? (???? CPU mark) and 16 GB and 512 GB SSD about €860 incl VAT.
    UbuntuBook 15.6" Metal Ice with Intel i7-10510U (7000 CPU mark) and 16 GB and 512 GB SSD about €1330 incl VAT.


  • Entroware

    Seems to have mouse-buttons.

    15" Proteus with Intel i7-10510U (7000 CPU mark) and 16 GB and 240 GB SSD about €1060 incl VAT.


  • Juno

    No mouse-buttons.

    Nyx 15" v2 with Intel i7-1065G7 (9000 CPU mark) and 16 GB and 256 GB SSD about €1140 incl VAT.


  • Laptop With Linux

    No mouse-buttons.

    Tongfang PF5NU1G 15.6 with AMD Ryzen 7 4800H (19,100 CPU mark) and 16 GB and 256 GB SSD about €???? incl VAT.


  • Lenovo Legion 5 Gaming Laptop ? Better display (144 Hz), but NVIDIA graphics. Can't get with AMD Ryzen 4800H in Europe ?

From someone on reddit 12/2019:
"System76, Slimbook, Tuxedo and many others are in fact rebranded Clevo laptops. The build quality of these is in general not very good for the price."

Abhishek Prakash's "13 Places Where You Can Buy Linux Computers"



After receiving a new machine

+/-
  1. If box is damaged at all, don't accept it from the shipper.

  2. Photo or video the un-boxing.

  3. Record serial numbers of system, motherboard, etc.

  4. Do firmware type and settings seem correct ? UEFI, legacy, Coreboot, or other ? Secure Boot, power management, boot device order, etc. Do you have a TPM and/or a management engine ? Are they enabled ? What is RAM speed ?

  5. See firmware versions (motherboard, SSD) and check for updates.

  6. Run commands to list system hardware ("sudo inxi -F", "lscpu", "lspci", "sudo hardinfo -r", "sudo dmidecode --type 17", "lshw", "hwinfo --short"). (But "dmidecode" info can't always be trusted: article) Did you get what you ordered ? Record the data. Correct keyboard ? Note display resolution and frequency.

  7. Does everything work ? Camera, microphone, speakers, headphones, all ports, SD card slot, charger, Wi-Fi, Ethernet, Bluetooth ?

  8. Any stuck pixels in the display ? Dead pixel test

  9. Set passwords for firmware, disk encryption, user login.

  10. Run RAM tests (in BIOS, boot manager, or OS).

  11. Check the health of your drives. Record the stats.

  12. If SSD, how is TRIM being done ("sudo systemctl status fstrim.service fstrim.timer"), is noatime set (look in "mount | column --table" or "findmnt -A"), are partitions aligned to 1 MB or 2 MB boundaries, is full nominal disk space used ? There are various other tweaks. See Solid-State Drive (SSD).

  13. Record typical operating temperatures.

  14. Run performance tests.

  15. If you plan to keep pre-installed OS, check settings, especially disk partitioning and /etc/fstab and mount settings and encryption, run anti-virus scan. What kind of filesystem is being used ? Separate / and /home partitions ? Swap ("swapon --show") ?

  16. If you wish, install fresh OS.

  17. Do all the checks and tweaks you'd do after switching to a new distro: After Installing

  18. Make any recovery or rescue partition or USB stick that you might need later.

  19. Buy a cable-lock to secure the machine ?

  20. Buy a UPS to protect the machine from power surges ?

  21. Buy a fan-tray to keep the machine cool ?

  22. Do any registration / warranty sign-up needed.




12/2020: I ordered a KDE Slimbook 15

+/-
€1118 for KDE Slimbook 15 with 16 GB of RAM and 250 GB SSD and US-English ANSI keyboard, shipping to Barcelona.

A privacy.com virtual credit card didn't work for payment. Had to do a bank transfer instead. You place the order, then they give you details for their bank account, so you can transfer to it.

Stages that the order passes through are shown on the main login page, not the order page, and are: Pending, Paid, Confirmed, Assembling, Testing, Shipped, Invoiced.

[Heard Jim Salter say that Samsung EVO SSD has 8K sector size; I wonder if that will be reflected in laptop's filesystem format. Online I also see that they support hardware encryption.]

Received my KDE Slimbook 15

+/-
Pics
  1. Received 1 Feb 2021. Box is undamaged. Weight listed as 1 KG.

  2. Quick Start pamphlet says: F2 to enter BIOS. BIOS or Fn+F5 to control fans. Default OS login creds are slimbook/slimbook.

  3. When off, the laptop screen is so matte-black that my phone's camera has trouble focusing if much of the screen is in the picture. The deep black makes problems for the phone camera's auto-focus.

  4. The Ethernet socket is a type I haven't seen before, you have to press down a little door to open it wide enough to take a full-sized Ethernet (RJ45 ?) connector.

  5. Powered on and F2 into BIOS.
    Asks "use previous values ?" and I said no.
    Build date is 11 Dec 2020; probably date built in Taiwan or something.
    CPU type is right, CPU speed is 2900 MHz.
    RAM size and speed are right.
    Noted UUID, Ethernet MAC address.
    "OS Support" == "UEFI OS".
    "SATA Device" == "None".
    "NVMe Device and Controller" == "GIGABYTE GP-GSM2NE3256GNTD (256.0GB)"
    No administrator or user passwords; I set both.
    "Secure Boot" == "Not Active".
    "Launch CSM" == "Disabled".

  6. Tried to F2 into BIOS again, but too slow (I think you have to do F2 before BIOS password prompt), booted into KDE Neon setup. I do have Ethernet connected. Keyboard setup a little tricky; I have US-ANSI keyboard, right choice in list seems to be "English (US, alt. intl.)". Pictures of keyboard layouts don't show arrow keys, space-bar row, function keys row. Set names and login password. Soon was able to log in. Some minor OS updates are available; did them.

  7. Powered on and F2 into BIOS again.
    Along bottom of screen, says BIOS is AMI Aptio version 2.20.1275.
    Field "BIOS Version" is "N.1.07GRP03".
    "EC Version" (that's Embedded Controller firmware) == "1.04.00.00".
    No way to do RAM or disk tests/diagnostics.

    https://www.ami.com/products/bios-uefi-firmware/aptio-v/
    https://www.ami.com/products/firmware-tools-and-utilities/bios-uefi-utilities/
    Download "Aptio V AMI Firmware Update Utility", extract ZIP, cd into "AMI AFU for Aptio V", cd into "afu / afuefi / 64", extract ZIP, cd into AfuEfi64.
    "sudo cp /tmp/AMI*/afu/afuefi/64/AfuEfi64/AfuEfix64.efi /boot/efi/EFI/BOOT"
    Reboot, Esc to get to EFI menu, run AfuEfix64, do command "/S" to display system's ROMID, do "test1.fw /O" to save firmware to file, do "test1.fw /U" to display ROMID from file. HAVE TO DO GRUB MENU !!! https://www.wimsbios.com/aminumbers.jsp http://www.users.on.net/~fzabkar/M571/M571_ID.htm

  8. Powered on and into KDE Neon again.
    I think KDE version "5.20.5" flashed by.
    Kernel version is 5.6.

  9. Did "sudo apt install inxi" and "sudo inxi -F".
    KDE Neon version "20.04 5.20".
    Battery is shown as 91.6 Wh capacity.
    CPU is 8-core AMD Ryzen 7 4800H with Radeon Graphics, L2 cache of 4 MB, CPU speed 1400/2900 MHz. But speeds are shown for 16 cores, not 8.
    Graphics shown as "AMD Renoir", driver "amdgpu", resolution "1920x1080~60Hz".
    Network 1 is "Intel Wi-Fi 6 AX200" driver "iwlwifi".
    Network 2 is "Realtek RTL8111/8168/8411 PCIe gigabit", driver "r8169", speed 1000 Mbps.
    Local storage 238.46 GiB, 5 GiB used.
    One disk partition, format ext4. ("df -h" shows /boot/efi as 500 M, / as 234 G.)
    System temperatures: CPU 41C, CPU 34C.

  10. Looking for motherboard firmware information.
    https://ami.com/products/firmware-tools-and-utilities/bios-uefi-utilities/
    Not sure if I have Aptio V or Aptio 4.
    Going to the AMI web site (on my old laptop, in Firefox) made the CPU temps soar; they must be doing some heavy video or Canvas or something on their site ?
    Don't see any updates on https://slimbook.es/en/bios/category or https://slimbook.es/component/tags/tag/71-bios

    Online, people say the system/motherboard is a Tongfang PF5NU1G.

  11. Looking for SSD firmware information.
    https://www.gigabyte.com/Solid-State-Drive/GIGABYTE-NVMe-SSD-256GB#kf
    Interface is "PCI-Express 3.0 x4, NVMe 1.3".
    Sequential read up t0 1700 MB/s, sequential write up to 1100 MB/sec.
    No mention of encryption, so I think not supported.
    "SSD Toolbox" utility is Windows-only.
    Operating temp 0C to 70C.
    TRIM and SMART are supported.

  12. Check SSD:
    "sudo smartctl -i /dev/nvme0n1p2" gave firmware version "EDFM00.5", "Unallocated NVM Capacity" == 0, "Formatted LBA Size" == 512.
    "sudo smartctl -a /dev/nvme0n1p2 | less" gave okay info, but interesting: one "Supported LBA Size" == 4096, but it's not used. And four error log entries are shown. But "Media and Data Integrity Errors" == 0.
    OS is set up to do TRIM once a week.

  13. See motherboard type:
    "sudo dmidecode | grep -A3 '^System Information' gives just "PROX15-AMD".
    "sudo dmidecode | less" shows BIOS firmware "N.1.07GRP03", BIOS Revision "5.16", Firmware Revision "1.4".
    Also shows a TPM: vendor ID "AMD", Specification Version "2.0", Firmware Revision "3.42". "lshw" shows a PSP (encryption controller) also from AMD.
    Support won't tell me motherboard mfr or model; it's a secret.

  14. SSD partitions are mounted with the "noatime" flag.

  15. I don't see any stuck pixels in the display.

  16. As I feared, the printing on the keycaps is light, but I'll probably get used to it.

  17. The keyboard seems to be in some European mode where typing for example "'S" gives a single key "Š" or something like that. I still have a lot of OS locale stuff set to Spain.

  18. Did "sudo apt install hardinfo" and "sudo hardinfo -r >out.txt" and "more out.txt".
    Shows "first boot" on 24 Aug 2020 ! Maybe that was a boot of a test system to test the SSD.

  19. Disk setup: no LVM, no LUKS, no swap (neither partition nor swapfile).
    "sudo parted /dev/nvme0n1" and then "print free" shows only two small areas of free space, but it looks like partitions maybe not starting on 1 MB or 2 MB boundaries (fdisk says they are, parted says not, but maybe one is speaking KB and other is KiB).

  20. When booting, I counted 7-8 seconds after BIOS password to prompt for login password.

  21. Ran performance tests.
    Got "The 'powersave' CPU scaling governor is in use; use the 'performance' governor."
    See CPU section
    [Later in BIOS changed "performance profile" from "Silent" to "Balanced". No change, still got message.]
    CPU speed is about 8x that of CPU in my 10-year-old laptop.
    RAM speed is about 40% faster (expected better: 3200 versus 1066).
    Disk write throughput is about 2x, but random-read is 1/4 the speed of old laptop with HDD !
    Disk sequential throughput is about 23x the speed of old laptop.
    Internet access through Ethernet is maybe 3x faster, but I thought we had 100 mpbs service, and I'm getting much higher than that. Maybe ISP set us back up to 600 mbps service ?

  22. Two of the USB ports (the ones with "SS" in the symbol) are USB 3.1, other rectangular one is USB 2.0.

  23. The SD card slot is for microSD.

  24. To test RAM from OS: "sudo memtester 14G"

Sent questions to Support

+/-
I received my KDE Slimbook 15, and it's working well. Some questions or issues:

1- I have the US-English ANSI keyboard, but in KDE Neon setup it's a little unclear what keyboard to select. I chose "English (US, alt. intl.)". Is that right ?
[Support answers: "select Standard International US".]
[But KDE Neon lists no such keyboard layout.]

2- Across bottom of BIOS screen, it says something like "AMI Aptio version 2.20.1275". Is that Aptio 4 or Aptio V ? Where (in the future) can I check for firmware updates ? On your site, or an AMI site, or where ?
[Support answers: "only update from the Slimbook user download area".]
Later found https://forum.gigabyte.us/board/12/amd-motherboards

3- Does the SSD contain updatable firmware ? Where can I check for that ?
[Support answers: "only update from the Slimbook user download area".]

4- SSD (in smartctl) says "Formatted LBA Size" == 512 but also there is a "Supported LBA Size" == 4096 which seems to be unused. Has the SSD been set up correctly ? Would there be a speed increase by changing to 4K block size ?
[Support answers: "You may gain a small performance boost by doing so at the cost of a loss of disk space. Specially with Linux filesystems that tend to be crammed with small configuration files.".]
[Later I saw this referred to as "Advanced Format 512 emulation (512e)" versus "Advanced Format 4K Native (4Kn)".]

5- Disk partitions are not starting on 1 MB or 2 MB boundaries. [I may be wrong: fdisk says they are, parted says not, but maybe one is speaking KB and other is KiB.] Aren't they supposed to be starting on those boundaries for best performance ?
[Support answers: "The gains from doing this are negligible and not all OS installers take advantage of this.".]

6- Disk performance tests (Phoronix pts/leveldb sub-tests 1,5,7) give strange results. Compared to my old slow laptop with HDD, the sequential fill is about 2x (23 MB/s versus 12 MB/s) but the random read and hot read are about 1/4 (7 usec/op versus 1.7 usec/op). Are these results expected ? I guess I'll test sequential read; the SSD should be much faster, right ? [Yes, it's about 23x the speed of the old system.]
[Support answers: "You can always try to correct that by doing the partition alignment in gparted.".]

7- As I feared, the printing on the keycaps is MUCH too light for easy visibility. You really should fix this somehow. Maybe offer a version with high-contrast printing but no backlighting. I may try buying decals to put on the keycaps.
[Support answers: "Sorry but there is nothing that we can do about that.".]
[Except they could do what I suggested.]

  1. UEFI firmware: to boot into GRUB, after typing BIOS password, press Esc once. Get "Select Operating System" menu.

    Selecting "UEFI Firmware Settings" just takes you to normal BIOS.

    "Advanced Options" just shows possible kernels. BUT: you can select a kernel and press "e" to edit parameters for that kernel.

    Press Esc or "c" for GRUB.
    Get "grub> " prompt.

    See "Using GRUB menu" section

    Xiao Guoan's "Use Linux efibootmgr Command to Manage UEFI Boot Menu"

    To add memtest to the menu, see "Add memtest" section

    Thrash some locations in RAM, to see if freq/voltage are okay: Prime95

  2. In System Settings / Fonts: I see "Anti-Aliasing" enabled, "Sub-pixel rendering" set to "RGB", "Hinting" set to "Slight".

  3. In BIOS, do NOT enable "Launch CSM". You will be unable to boot anything until you use F2 to get into BIOS and disable it again.

  4. Tried to boot from USB to install new OS, and got a Secure Boot violation. I didn't think Secure Boot was on. Went into BIOS and turned it off.

  5. Unable to find any keys that affect the boot sequence other than F2 and Esc.

  6. Before wiping OS, tried installing ReFind boot manager, just to try it. "sudo add-apt-repository ppa:rodsmith/refind" and "sudo apt update" and "sudo apt install refind" and "sudo cp -r /usr/share/refind/refind/drivers_x64 /boot/efi/EFI/refind/". But system still has GRUB.

  7. I find that I miss having a "drive activity" light. It's useful for seeing that the system actually is busy doing something.

  8. Put Ventoy and KDE Neon installer on USB stick and booted from it. First boot failed in char-mode at some point after passing squashfs checks, showed ACPI errors etc. Second boot, same way, succeeded in getting into KDE Neon.

    Selected Keyboard "English (US)" and "Generic 101-key PC" and "Default".

    Default partitioning would create 16 GB swap partition, which I don't want.

    Manual partitioning:
    300 MB boot, format it, fat32, mount on /boot/efi, flags=boot.
    243897 MB root, format it, btrfs, encrypt, mount on /, flags=root.
    Warning that boot partition is not encrypted, but I chose not to.

    Install went quickly, reboot onto hard disk (prompt for LUKS password is not very nice), OS came up. Display is in 800x600 and 75 Hz mode. Lots of OS updates. Can't get out of 800x600 mode. And every 10 minutes it asks me if I want to configure my external monitor setup.

    On the positive side, keyboard works fine.

    [Later, Support said: "Upgrade your kernel to the OEM 5.6 based kernel with "sudo apt install linux-oem-20.04" That should add support for your Vega GPU." Someone else said install "linux-generic-hwe-20.04-edge".]

  9. Put Ventoy and Kubuntu 20.10 installer on USB stick and booted from it.

    Installer is running with full screen resolution, a good sign.

    Selected Keyboard "English (US)" and "English (US)".

    Partitioning: selected "Guided - entire disk and encrypted LVM". Then changed my mind, tried "Manual", couldn't figure out how to edit partitions, no option for Btrfs. Tried to go back to "Guided", and installer just kept failing. Powered off and started again.

    Partitioning: selected "Guided - entire disk and encrypted LVM". It's going to be ext4 and a small swap partition, like my old laptop. I'd rather have Btrfs and no swap partition.

    Install went okay, reboot onto hard disk, OS came up. Display is in 1920x1080 and 60 Hz mode (correct; also could check with "xrandr"). Newer kernel (5.8) than with KDE Neon (5.6, and I think the installer was running 5.4). Keyboard works okay, no funny Euro-character stuff. Still no memtest in GRUB. 976M swap partition, inside LVM volume. Fdisk and parted say everything is 512-byte sectors; I think "udevadm info -a -n /dev/nvme0n1p2" is saying same.

  10. TPM 2:

    See TPM section

  11. AMD's PSP and CCP:

    See AMD's PSP and CCP section

    My CCP is not enabled, probably need newer BIOS. Went around in circles about it with Support; they seem to think it's an SSD-only thing, but I think it's a general-purpose processor that can process any block data.

  12. Decided to turn off swap.
    "swapon --show"
    "sudo swapoff -a"
    Also had to comment out swap line in /etc/fstab.

  13. About 6 days after I got it, my new laptop had a solid-freeze just like my old laptop does. Was doing stuff in the GUI when suddenly the whole system froze, mouse wouldn't move, no reaction to special key-sequences such as Ctrl+Alt+F2. Had to power off.

    I know my old laptop has overheating and RAM problems. But this freeze seems to indicate there is an OS problem too: both systems are running Kubuntu 20.10.

  14. Belatedly did a real dead pixel test, and found stuck-black pixels in lower-left area: a single pixel, and a cluster of two (I think).

  15. Belatedly realized I ordered a Samsung SSD, but received a Gigabyte SSD.
    Contacted Support, they confirmed it, and gave me choice of switching or refunding the difference. I took refund.

  16. After a couple of months, installed Fedora 34 KDE. No problems.

  17. Ran on battery for a day, just to test that. Looks like it's good for about 13-14 hours under normal use (no compiling or videos).

  18. Later saw Support telling someone that access to an "Advanced" tab in the BIOS is disabled, deliberately.







Switching from one distro to another



Pick a time when it won't be terrible if you're unable to use your computer for a couple of days, or unable to print or something.

Maybe have a spare working computer available, in case the new sysem is unusable, or you have to look up some answer on the internet.



Saving settings, for backup or in advance of a re-install:
+/-
If you're just re-installing the same distro each time, you could make a script or something to automate the process. But I'm deliberately moving to a new, often-incompatible distro and/or DE each time.

Possible configuration management tool to use: Chef ?

Make list of packages manually installed through apt:

# This includes a fair number that I did NOT install manually:
apt-mark showmanual >tmp-manually-installed.txt

# Find time of last package automatically installed in OS install:
# This file seems to be a reasonable benchmark.
# ls -l /var/lib/dpkg/info/xserver-common.list
# stat --format=%z /var/lib/dpkg/info/xserver-common.list

# Find those with times after last package automatically installed in OS install:
find /var/lib/dpkg/info -name '*.list' -newer /var/lib/dpkg/info/xserver-common.list \
	-printf '%f\n' | sed 's/.list//' | sort >tmp-after-start.txt

# Make list of packages installed after system install AND installed manually:
cat tmp-after-start.txt tmp-manually-installed.txt | sort >tmp-joined-sorted.txt
uniq --repeated tmp-joined-sorted.txt >manually-installed-after-start.txt
rm tmp-*.txt
less manually-installed-after-start.txt
# List won't be perfect, but should be pretty close.

From someone on reddit:
apt-clone will create a working list of installed apps which you can backup and then integrate into a new system. Personal configs should come with your /home backup. Get your /home backup in first, then apt-clone your programs. The configs should drop back in nicely. Not perfect, but it's a tidy way of doing things.

To see why a particular package was installed: "aptitude why PKGNAME".

For Red Hat family: "dnf history userinstalled >packagelist.txt"

For Manjaro: "pamac list --explicitly-installed >packagelist.txt"

For Arch family: "pacman --query --explicit >packagelist.txt"

[In Debian family] there doesn't seem to be a good way to get a list of just the non-standard installed applications (e.g. VSCode, Riot, VeraCrypt, etc). Most methods give you names of all packages, which includes tons of libraries, system infrastructure, standard packages and apps. Maybe a better approach is to list what's in /usr/local/bin, /opt, more ?

Then of course there are add-ons and settings and certificates inside applications: browsers, email client, VPN, editors, RSS reader. Any cron jobs or services you've added. Any themes or wallpapers you've added.

Next time I'm going to copy across dot-directories for some major apps with lots of settings: Firefox, Thunderbird, VSCode. But do a fresh install of all other apps.

When I switched from Mint 19.3 to Ubuntu GNOME 20.04 in 5/2020:
+/- I backed up and noted down everything I could: list of apps and extensions for each, settings, updated my password manager database, etc.

Then I installed Ubuntu and installed all apps fresh, and installed their extensions and settings manually. It was a lot of work, and I'd forgotten to note down my VSCode settings. I lost the "state" in my RSS feed reader, although I'd backed up the list of feeds. Maybe next time I will try copying across the ".SOMETHING" information from old system to new, at least for browser and email client and RSS reader.

When I switched from Ubuntu GNOME 20.04 to Ubuntu MATE 20.04 in 9/2020:
+/- Did a lot better. Copied across the ".SOMETHING" settings from old system to new, for half a dozen major apps such as browser and email client and RSS reader and IDE. A few glitches in my backup scripts resulted in many file timestamps being set to current time, which is going to be painful next time I do more backups.

Configs of snap apps should be under ~/snap. Configs of flatpak apps should be under ~/.var/app.






Miscellaneous



Copying your system to a USB drive or another PC:

+/-
[From someone on reddit 1/2021:]

For legacy BIOS, not UEFI.
For a single-partition Linux system.
  1. In Timeshift, run wizard to select hard drive to store backup. For the home directories, select "Include All" for each one.

  2. Do the Timeshift backup.

  3. Plug in USB stick.

  4. Run Disks app.

  5. Select USB drive.

  6. Double-check that it is correct drive, then delete all partitions.

  7. Format drive to ext4.

  8. Start Timeshift.

  9. Select the backup you created.

  10. Click on Restore.
    1. For /, select the USB drive.
    2. For /boot, select "Keep on Root Device".
    3. For /home, select "Keep on Root Device".
    4. Click on "Bootloader Options (Advanced)" and make sure all options are selected, and the USB drive is selected (below "(Re)install GRUB2 on"), click Close.

  11. Do the Restore.

  12. After booting from destination drive, check entries in /etc/fstab, may need to change UUID.




Tiny systems:

+/-
There are two classes:
  • Microcomputer (usually capable of running Linux):

    Raspberry Pi, Beagleboard, Odroid, Asus Tinkerboard, RockPI, more.

  • Microcontroller (usually can't run Linux):

    Arduino, ESP32 compatible stuff, Particle.io, Sparkfun's Thing, Teensy, more.