Any time you hear of an application you'd like to try, first go to Start menu and see if it's already installed in your system. If not, go to Software Manager / Store and see if it's available there. [But check to see if the version you get is seriously old.] If not, do "apt list | grep NAME" and see if it's in the repo. Also "snap search NAME" and "flatpak search NAME". If not, go to web site for the application and get it from there.

Make sure you have all repos enabled.

Applications that work well and I use have a green check-mark next to them. Your needs and opinions may differ from mine.


Important: After you install a browser, disconnect from the internet, launch the browser for the first time, turn off telemetry and other features you don't want, quit, connect to internet again, launch the browser again.

  • green check-mark  Firefox:
    Arnab Satapathi's "Speed up firefox with RAM cache and tmpfs in Linux"
    Firefox Support
    Firefox "about" special pages
    random neuron misfires' "Deploying Firefox and Thunderbird Policies"

    Madaidan's Insecurities' "Firefox and Chromium"

    Modifying the "chrome" of the browser:
    Dedoimedo article
    rafaelmardojai / firefox-gnome-theme

    Idea: I'd like to see a feature for displaying and controlling the extension hierarchy/stack:
    I'd like to see in what order my extensions and the cache and page Javascript get to see requests and responses as they go from user to network and back.

    For example, a request might go in this order:
    1. user
    2. Facebook Container extension
    3. Privacy Badger extension
    4. uBlock Origin extension
    5. cache
    6. network stack (including VPN)
    This would be useful to understand the "priority" of each extension, which gets first shot at each request/response, where a request was blocked or satisfied. That also might be important if one of the extensions was an encryption extension: which other extensions are seeing my traffic in plaintext, and thus have to be trusted ?

    Once we had the hierarchy, maybe then we could start to analyze and control it. "Tell me which layer blocked or satisfied this request." "Don't use this extension for this domain."

    It would be great if the hierarchy shown extended down into the network stack, to show if a VPN was active, for example.

    We might need a parallel hierarchy for DNS requests. A DNS request could be processed/modified in the browser (DOH), in a proxy or VPN browser extension, in a VPN layer in the network stack, in the OS DNS mechanism(s).

    9/2020: I changed from deb package of Firefox to snap version, on Ubuntu GNOME 20.04:
    There also is a flatpak available. All three packages were almost identical version numbers.

    Backed up old $HOME/.mozilla tree.
    "sudo apt remove firefox".
    "snap install firefox".

    Firefox no longer appears in the icons on the left side of the desktop; have to search for it in search bar to launch it.

    To copy profile across, in new browser I went to "about:profile", created a new profile NAME, set it to be default profile, quit browser, then copied contents from inside OLDPROFILE dir into new random.NAME directory, replacing/merging as it copied. Deb package keeps profiles under $HOME/.mozilla/firefox, snap package keeps profiles under $HOME/snap/firefox/common/.mozilla/firefox.

    In Preferences, you will see "Your browser is being managed by your organization", which I assume means "updates will be done by something outside the application (snap updater)".

    Bug: In Downloads list, clicking on folder icon to "open containing folder" does nothing. Filed

    Bug: In "Save Link As" dialog, download directory is strange, not remembered, and deleting a file does strange things. Filed

    Bug: "Save Page As" always results in download-failed.

    Bug: strange characters appear in buttons or text fields sometimes.

    Apparently FF snap uses a temp folder for downloads: $HOME/Downloads/firefox.tmp

    9/2020: I changed from snap version of Firefox to Flatpak version, on Ubuntu MATE 20.04:
    There were two choices of image in the middle of the install: a "BaseApp" and another. I chose the other. What's the difference ?

    In Flatseal, added some local directories I want FF to be able to use. Add one directory per line; the help-example is a bit misleading. And you can add ":ro" after a directory name to make it read-only.

    When FF starts, it's not the default browser, and nothing I do will make that Preferences / "Make default browser" button work. On CLI, did "xdg-settings set default-web-browser org.mozilla.firefox.desktop" and that worked to make FF the default browser. But in Preferences FF still thinks it's not the default browser.

    Bad design: I have permissions set to deny access to $HOME/Documents, yet I can save files into there. See Disappointed with Flatpak security model section of my VMs page.

    Bug: in download manager, click on "Open in enclosing folder" which should be $HOME/Documents, file manager opens in pathname "/run/...".

    And now clicking on a link in VSCode (which is a snap) results in launching a new instance of FF (which is a Flatpak), instead of opening a new tab in the existing instance of FF.

    To write less to disk/SSD: in about:config, set browser.cache.disk.enable = false, browser.cache.memory.capacity = 409600 (KB), browser.cache.memory.enable = true.

    To see a list of config values you've changed, go to "about:support" and scroll down to "Important Modified Preferences" section.

    To see a list of all categories of "about" commands, go to "about:about".

  • Chrome:

    Raj's "How To Install Google Chrome on Linux Mint 19 'Tara'"
    Profiles stored in $HOME/.config/google-chrome directory.
    Cache stored in ??? For Flatpaks, under $HOME/.var/app/*/cache
    Use "--disk-cache-dir" option to store cache on ramdisk ?
    Type Shift+Esc to open Chrome's task manager.
    Go to "chrome://about/" to see all special URLS.

  • Chromium:

    Profiles stored in $HOME/.config/chromium directory.

  • ungoogled-chromium:
    Repology's "Versions for ungoogled-chromium"
    Have to uninstall Chromium first, if it's installed.

    After installing from deb, it appears in app menus as "Chromium Web Browser" and on CLI as "chromium" (same names as normal Chromium browser), which I find confusing. Have to do "apt show ungoogled-chromium" to verify that right thing is installed. Also "chromium --help" mentions "ungoogled-chromium" about 8 lines down from the top.

    If you install from Flatpak, appears as "ungoogled-chromium" ?
    "flatpak run com.github.Eloston.UngoogledChromium --version"

    Profiles stored in $HOME/.config/chromium directory.

    Uninstalling and installing the two browsers (Chromium and ungoogled-chromium), I ended up in some "your profile is newer than this browser supports" situation. Tried to re-install and ended up in hang situations in Software Manager. Tried "sudo apt install ungoogled-chromium" and got "Package 'ungoogled-chromium' has no installation candidate".

    Went to Ubuntu Downloads page clicked on "18.04 (bionic) amd64", clicked top/newest version, clicked last deb link (one that didn't have some particular tag such as common, shell, driver, etc), downloaded it. Tried to install it, found you have to download and install the "common" package first.

    Has moved to common and main

    After installed, the only way to distinguish it from full Chromium is to do "apt list | grep ungoog".

    Upgrading to new version: download DEB files, then
    sudo apt remove ungoogled-chromium
    sudo apt remove ungoogled-chromium-common
    sudo dpkg -i ungoogled-chromium-common*.deb
    sudo dpkg -i ungoogled-chromium_*.deb
    rm ungoo*.deb

    Can't install extensions from Chrome Web Store directly:
    1. In ungoogled-chromium, go to three-dots / More Tools / Extensions and turn on Developer Mode.

    2. Go to Victor-Bonnelle / extension-downloader follow instructions to download extension-downloader.crx file.

    3. Drag-and-drop that file onto the Extensions page in ungoogled-chromium. The extension should be installed.

    4. Go to to Chrome Web Store and find extension you want. Or click on some other site's link to the extension you want, to get to the right page in the store.

    5. Click on blue download-icon in browser's address bar (icon for extension-downloader extension). The extension you want should be installed.

    To see status of GPU settings, go to "chrome://gpu".

  • Edge:

    Based on chromium engine. Can use Chrome extensions.
    I haven't heard that it has any particular features I want.
    One interesting feature: a link between Edge's Developer Mode and VSCode, so you can hop between the rendered page element and the editor holding the code. MS article

  • Iridium:

    Based on chromium engine; open-source; privacy enhancements.
    Iridium Browser
    bug tracker
    Seems to be a bit out of date; maybe few users.

  • Brave:
    +/- Based on chromium engine; open-source; privacy enhancements.
    Emphasis on blocking trackers.
    Optional "Brave Rewards" to earn frequent flier-like tokens for viewing privacy-respecting ads.
    Maybe use the beta version to get security updates more promptly.
    Brave Browser
    Brave Browser bug tracker
    On Ubuntu 20.04, not available in repos or snap store or flathub.
    On Kubuntu 20.10, available in snap store or flathub, but snap has directory-permission issues.

    Installing native: Installing Brave on Linux
    "brave-browser-beta --version"
    "man brave-browser-beta"

    In Settings/Appearance, I enabled "Hide Brave Rewards button", "Always show full URLs".
    In Settings/NewTabPage, I disabled "Sponsored images", "Brave Stats", "Brave Rewards", "Binance", "Gemini".
    In Settings/SocialMediaBlocking, I disabled everything.
    In Settings/Extensions, I disabled "Hangouts", "WebTorrent", "Widevine".
    In Settings/Advanced/PrivacyAndSecurity, I disabled "Send analytics to Brave", "Google Safe Browsing", "Allow sites to check for payment methods", went into "Clear browsing data" and set most to clear on exit, went into "Site and Shields Settings" and "Payment Handlers" and set to "do not allow".
    In Settings/Advanced/Autofill, I disabled everything.
    In Settings/HelpTips, I disabled "Show Wayback Machine prompt on 404 pages".
    In Settings/System, I disabled "Continue running background apps when Brave is closed".

    Check the settings again after updates; sometimes new sponsored sites are added, and enabled by default.

    Like most chromium browsers (I think), it shows downloads in a big bar at the bottom of the page which can't be suppressed. Very annoying. Install the extension "Download Shelf Autohide" and un-check "open enclosing folder when downloads finish".

    To see status of GPU settings, go to "brave://gpu".

  • Looking for a very minimal GUI browser:
    • GNOME Web (Epiphany):

      This one does have printing, history, bookmarking, homepage setting, downloader, search engines, incognito mode, ad-blocking, popup-blocking, dangerous-site-blocking, password storage, Firefox sync, spell-checker. Most of this can be turned off.

      Able to play mp4's, do Javascript, cookies, HTTPS, tabs. Has view-source and devtools.

      No add-on mechanism (so can't do tab containers, VideoDownloadHelper, form history control, To Google Translate).
      No support for digital certificates.
      No support for nework configuration / proxy.
      No "clear all cookies when quit".
      New tab always starts with "most visited pages" icons, which I don't like. No way to clear that list, I think.
      Click on a link and new tab is created, but focus doesn't move to it.

      "sudo apt install epiphany-browser"
      "snap install epiphany"
      "flatpak install org.gnome.Epiphany"
      Project site
      Mailing list

      Used deb version for a while, then it crashed, and every time I launch it again, it opens the same state and instantly crashes again. Fixed with "rm $HOME/.local/share/epiphany/session_state*"

      But it continues to have fairly frequent problems: crashes, and unpredictable long delays in opening save-file dialog for one site (confirmed that it fetches image again when you do save-as).

      It does have devtools: ctrl+shift+I. Not shown in the menus.

      It has some undocumented key-shortcuts. Rightclick-T on a link to open it in a new tab. Rightclick-S on an image to do "Save image as".

      9/2020: installed Flatpak version.

    • Falkon (formerly QupZilla):

      Installed deb 3.1.0-0ubuntu2 on Ubuntu GNOME 20.04.

      Has incognito mode, bookmarks, ad-blocker, homepage setting, history, printing, download manager, devtools, search engines, "clear cache/storage/cookies when quit", extensions. Also "Sessions", profiles, password manager.

      No pop-up blocker. No support for digital certificates.

      Uses KDE-style Save dialog, not Ubuntu GNOME native style.

      If you expand size of SaveAs dialog, new size is not remembered for next time you do SaveAs.

    • Min:

      Have to download from

      Installed deb 1.14.1 on Ubuntu GNOME 20.04.

      Has bookmarks, ad-blocker, history, printing, devtools, search engines, password manager.

      No incognito mode, pop-up blocker, download manager, homepage setting, "clear cache/storage/cookies when quit", extensions. No support for digital certificates.

      Always (?) launches showing last-displayed page, no way to turn that off.
      Shows downloaded files in bottom status bar, no way to turn that off.
      When create new tab, doesn't switch to it immediately.

    • Cliqz:

      Installed snap 1.8.1 on Ubuntu GNOME 20.04.

      Has bookmarks, ad-blocker, tracking-blocker, pop-up blocker, anti-phishing, history, printing, extensions, incognito (forget) mode but it's selective (for adult sites only ?) not universal, devtools, homepage setting, search engines, digital certificates, (optional) integration with LastPass password manager.

      Unable to save images to a VeraCrypt volume, probably because of snap permissions. Tried "snap connect cliqz:removable-media :removable-media" and "snap connect cliqz:system-files :system-files" but neither worked.

      I'm told "Cliqz doesn't seem to be developed any longer. ... The Snap is a beta from 2017."

    • Dillo:

      Installed deb 3.0.5-6build1 on Ubuntu GNOME 20.04.
      Last updated in 2015.

      No Preferences dialog; use $HOME/.dillo/dillorc file.

      No support for frames or Javascript, which will break some pages.

      Save dialog doesn't scroll through sub-dirs as you type chars, and as soon as you change directory it forgets original filename.

      Has bookmarks, history, homepage setting, ad-blocker (use $HOME/.dillo/domainrc file), search engines (can disable), cookies (use $HOME/.dillo/cookiesrc file; disabled by default).

      No printing, devtools, digital certificates.

      Runs two server processes, dillo/dpi/file/file.dpi and dillo/dpi/bookmarks/bookmarks.dpi, and they stay running after you quit the browser.

    • Midori:

      Installed snap v8.0-31-gf6b3b1e on Ubuntu GNOME 20.04.

      Setting home page to a local file doesn't work ? Opens "Speed Dial" (bookmarks) tab instead. Every new tab starts with that title too.

      Save File always saves only to default Downloads directory.

      This one does have bookmarking, history, homepage setting, (very bad) ad-blocking, spell-checker, extensions. Most of this can be turned off.

      No incognito mode, popup-blocking, support for digital certificates.
      No "clear all cookies when quit".

    • Netsurf:

      Installed deb 3.6-3.2 on Ubuntu GNOME 20.04.

      Has bookmarks, pop-up blocker, ad-blocker, homepage setting, history.

      No incognito mode, support for digital certificates.
      No "clear all cookies when quit".

      Used View menu to hide menu bar, then couldn't find a way to get it back ! No way to get to any of the menus. But quitting and launching again made it re-appear.

      Did a simple Google search, clicked on a link, and the browser crashed. Can do it again and again, crashes every time.

      Even though preference "switch to new tab immediately" is set, it doesn't do it.

      No right-click-save-image; you can view an image alone in a tab and then ctrl-S to save it.

      Saving an image didn't work ! It always either creates a directory of that name, or fails silently.

      Tried to subscribe to their Users mailing list, to report bugs, and got a "their IP is blacklisted" failure from some German email daemon.

    • Grab source of ungoogled-chromium, remove features, and build it:


    • Servo:

      Not released yet.
      Servo, the Parallel Browser Engine Project

      Apparently can't be run unless
      glxinfo | grep 'compat profile'
      says at least 3.1; mine says 2.1.

    kweb: last updated in 2014. Not in Ubuntu repos.

    uzbl: last updated in 2016. Not in Ubuntu repos.

    arora: last updated in 2017. Have to build from source.

    luakit: just a blank window, I guess it requires some UI app.

    Conkeror: last updated in 2019 ? Not in Ubuntu repos.

    links2: "sudo apt install links2". Saves files only to file dir specified by "download_dir" in $HOME/.links2/links.cfg (default: home directory) unless you type more path manually. Can't copy/paste URLs, but you could edit $HOME/.links2/bookmarks.html file. No longer being developed.

    surf: Last updated in early 2019. "sudo apt install surf". Can't copy/paste URLs into GUI, but you can launch from CLI via "surf URL". Save fails with "execvp x-terminal-emulator failed: Permission denied". Various other errors in terminal window.

One quirk: when saving files to a VeraCrypt volume, Firefox will forget the proper setting of "last directory saved to". GNOME Web (Epiphany) doesn't have that problem.

It seems that when you're browsing/reading text pages, you want "open link in new tab" to automatically switch focus to the new tab. But if you're going to download a bunch of photos from a photo-gallery page, you don't want that, you want focus to stay on the original page.

Test your browser:
HTML5test (different score when using HTTP: HTML5test ?)
badssl (click on various links)
badssl dashboard
How's My SSL ?
Kephyr's "Pop-up killer test"
Martin Brinkmann's "The ultimate Online Privacy Test Resource List"

Email Client:

+/- Formats for locally-stored email:
Maildir (each message in separate file).
mbox (multiple messages in one file; dovecot mbox).
On Ubuntu*, it looks like local "mail" is using mbox format. "ls -l /var/mail"

Message-Transfer Agents (MTAs): Postfix, exim4.
Other possible MTA's include sendmail/proofpoint, qmail, exim, dma, dmd, nullmailer ?
Is movemail an MTA that only operates between local mailboxes ? ???

Mail Delivery Agent (MDA) is responsible for actually storing the message to disk.
uw-imap (on ArchWiki; but dead since 2007 or so ?)

From Dovecot Wiki:
"As an IMAP and POP3 server, Dovecot provides a way for Mail User Agents (MUAs) to access their mail. ... Note that Dovecot is NOT responsible for receiving mail from other servers. Dovecot only handles e-mail (a) messages coming out of the local message store, going out to IMAP and POP3 clients, and (b) messages which have already been received by the MTA and are to be stored into the local message store."

From exim Wiki:
"... things that you won't get with Exim: No POP, No IMAP. Exim is not a mailstore. It does not support IMAP or POP protocols, though it can deliver messages to mailstores that do ..."

Protocols: POP3 (read msgs from external server), IMAP (access msgs on external server), SMTP (send msgs to external server).

A client is a Mail User Agent (MUA).

Andriy Zapisotskyi's "The A-Z Of Email Development And Sending"
Email explained from first principles

  • Getting Linux local CLI mail working:
    +/- This will use the standard CLI "mail" command, and the postfix MTA.
    Other possible CLI commands (MUAs) include sendmail, mutt, maildir-utils / mu, mailx.


    s I think this is just using postfix to do aliases, transferring mail locally (or was movemail doing that ?):
    # see if postfix is installed
    apt list | grep ^postfix/
    apt show postfix
    less /etc/postfix/      # shouldn't need to change anything
    sudo dpkg-reconfigure postfix
    # if not installed:
    sudo apt install postfix
    sudo apt install mailutils
    # see if postfix is running
    sudo service postfix status
    # if not
    sudo service postfix restart
    cat /var/log/mail.log
    # forward all mail to root account to user1 account
    sudo cat /etc/aliases
    # sudo edit /etc/aliases to:
    postmaster:    root
    root:   user1
    # then
    sudo newaliases
    # then
    sudo touch /root/.forward
    # and sudo edit /root/.forward to contain
    # then
    sudo adduser user1 mail
    sudo service postfix restart
    # log out and back in
    # test when logged in as user1
    # note: mailbox won't exist until you send first message to it
    mail -s "subject1" root </etc/group
    mail -s "subject2" user1 <<< 'body of the message'

    Use postfix to send CLI mail to an external SMTP server (FAILED):
    # postfix: set as "internet"
    sudo dpkg-reconfigure postfix
    less /etc/postfix/
    less /usr/share/postfix/
    less /etc/postfix/
    cat /var/log/mail.log
    # I can see it trying to send to external server, but failing
    man postfix-tls
    man 5 postconf
    man 5 master
    # In /etc/postfix/, un-comment line:
    #submission inet n - n - - smtpd
    # and un-comment following -o lines,
    # EXCEPT for the lines containing "restrictions=$mua_",
    # leave those commented-out.
    # Got to point where mail was going out to SMTP server, and
    # being rejected because sender was not using a FQDN.
    # Support for SMTP server says: don't use SMTP, you'll
    # be fighting the spam filters.

    Use mailutils-imap4d to provide an IMAP interface to local CLI mail (mbox) of current user only:
    sudo apt install mailutils mailutils-imap4d mailutils-mda mailutils-doc
    systemctl status mailutils-imap4d
    # FAILED
    man imap4d
    imap4d --config-help | less
    ports TCP 143, TCP 220, UDP 220, TCP 993

    Use dovecot to provide an IMAP interface to local CLI mail (mbox):
    sudo apt install dovecot-core dovecot-imapd
    systemctl status dovecot
    # Edit /etc/dovecot/conf.d/10-mail.conf to say:
    /etc/init.d/dovecot restart
    # test that local mail works; may have to install Postfix
    # Set client to use port 993.
    # FAILED on Thunderbird; it wants a FQDN on email address
    cat /var/log/dovecot.log

  • green check-mark  Thunderbird:

    See "Thunderbird" section of my Secure Communication page

Password Manager:

+/- See "Password Manager" section of my "Authentication" page.


  • green check-mark  Windscribe:
    +/- Installed Windscribe VPN client (beta) by going to and choosing Ubuntu and doing the commands. It worked, finds no leaks. CLI only, no GUI app.

    I created file in my home directory, put "windscribe login" and "windscribe connect" in it, made a launcher on desktop that runs "bash /home/USERNAME/", works.

    There is no icon in the system tray, or any other indication that Windscribe is running. Have to run "windscribe status" in CLI to find out. Also "systemctl status windscribe.service".

    Windscribe modifies: iptables, ip6tables, /etc/hosts, kernel IP routing table (netstat -r), network devices list (ip -c addr), DNS list (systemd-resolve --status or journalctl -u systemd-resolved -f or resolvectl status).

    I didn't try strongSwan and IKEv2 to Windscribe:

  • ProtonVPN:

    Installed CLI and UDP and OpenVPN version, had to create OpenVPN/IKEv2 credentials on their site.

    Doesn't modify iptables like Windscribe does; I don't see any new rule with "tun0" or "tun+" in it.
    sudo protonvpn-cli -connect

    I didn't try strongSwan and IKEv2 to ProtonVPN:

  • WireGuard protocol:

    It's not in the Linux kernel yet, as of 5.3, I think. And even when it is available (in 5.6 ?), it won't be the full stack you need for a commercial individual-to-public-internet VPN. It will be what you need for "all traffic on LAN1 gets tunnelled to LAN2", I think.

  • VPN Look-Out Applet:

    Cinnamon-only and ProtonVPN-only, I think, as of 12/2018.

    VPN Look-Out Applet

See "VPN" section of my "Connection Security and Privacy" page.

GUI Text Editor:

  • Xed:

    Default editor on Mint.

  • Kate:

    Default editor on Kubuntu.
    Multiple languages, extensions.
    Refuses to run as root/sudo.

  • Gedit:

    Default editor on Ubuntu GNOME.
    IMO the "find" functionality is very bad, I don't like it.
    Doesn't have "sort all lines".
    Does have spell-checker.

  • green check-mark  Mousepad:

    Default editor on XFCE, I think.
    Doesn't have "sort all lines".

  • FeatherPad:

  • green check-mark  Pluma:

    Default editor on Ubuntu MATE.
    Doesn't have "sort all lines".
    Does have spell-checker.

To make some CLI commands launch your favorite editor instead of nano or something, set e.g. "export VISUAL=/usr/bin/xed" in your .profile.

CLI Text Editor:


Source Code Editor:

  • green check-mark  Visual Studio Code (VSCode):
    VSCode is a source code editor, not a full IDE like other Visual Studio editions.

    Tried snap version of VSCode, eventually gave up 11/2020. It mostly worked, but had some odd interactions with other apps. Re-installed deb using instructions in article.

    Easiest way to go to Settings is ctrl+comma.

    Stay in "User" tab unless you have a good reason to set a workspace-specific setting.

    Disable "minimap".
    Change Emmet to exclude it from working on HTML. Or disable Emmet completely via View / Extensions.
    Disable "hover", or set time to large.
    Disable "quick suggestions" (editor.quickSuggestions = false).
    Disable Editor: Selection Highlight.
    HTML: Format: Wrap Line Length set to 0.
    Editor: Match Brackets: off. Files: hotExit: off.

    By default, opening a file via single-click is just a "preview", and will be replaced by next file opened. To turn off this behavior, go to File / Preferences / Settings and uncheck "Workbench > Editor : Enable Preview".

    Possible: add "files.exclude":{ "**/*.jpg": true, "**/*.gif": true }

    Not sure what this thing called "Emmet" does; found "Emmet is a markup language for expanding CSS rules into HTML" in's "Emmet cheatsheet"
    Chris Coyier's "Editing HTML Like A Boss In VS Code"

    "HTMLHint" by Mike Kaufman.
    "CSS Peek" by Pranay Prakash (adds Peek sub-menu when right-click on CSS in HTML file).

    Can't find an HTML link-checker extension for VSC. Ended up building my own: "HTML / XML / RSS link checker" by Bill Dietrich

    Code Spell Checker by Street Side Software (got annoying, left it installed but disabled)
    Web Accessibility by Max van der Schee.
    VS Code Printing Free by PD Consulting.

    Once you have a lot of files open, Ctrl+p to get a drop-down that makes it easy to bring a file to the front.

    VSCode seems to be auto-saving to temp files in the background, which has saved me a number of times when my system froze due to hardware problems.

    Was struggling to get VSCode to remember and re-open files when quitting/relaunching and hopping between projects. Found the solution: do not do ANYTHING with Workspaces, just use "Open Folder" and "Save All" and "Close Folder". It remembers open editors on a folder basis, and opening/creating a workspace destroys that somehow. Don't use Workspaces at all.

    From /u/digicow on reddit 4/2020:
    In the simplest sense, a workspace is a domain of VSCode settings. The VSCode settings domains are hierarchical, starting with User, then Remote (if you're connected to a remote server using VSCode Remote Development extensions) per-server, then Workspace, then Folder.

    So at any level, you can override a VSCode setting from a higher level, with a more-specific one. This allows you to have settings that just apply to a folder, or across an entire server, etc.

    While the other layers are "natural" (they exist, regardless -- every file is in a Folder, so you can set Settings for that folder), Workspaces are "intentional". By creating a specific workspace, you now have the ability to set Settings for it separate from those other layers.

    Normally when you use VSCode, you open it up with a particular directory (e.g., a project). If you make Folder-specific settings in that directory, they'll be stored in a .vscode sub-directory.

    But with Workspaces, you can have multiple directories, which might be in completely unrelated places in your filesystem, as "multiple roots" of the VSCode window. Perhaps 2 different, but related projects, or an application project and a related library project. The associated settings for this are stored in a workspace file, which you can save anywhere.

    From someone else on reddit:
    > What is a vscode workspace?

    A workspace is an open folder, or a bunch of them, all in your VS Code window.

    For example, you open a folder from your terminal with the code command. That folder is now in the root of your workspace. Then you open another folder with the menu: File / Add Folder to Workspace... Now you have two folders open that are nowhere near each other on your hard drive, but they exist in the same workspace.

    If you're going to need those folders open pretty often, you can do: File / Save Workspace As... and give it a name. You can also set configuration options just for that workspace, and do things like save code snippets just for that workspace, and set debugging workflows just for that workspace.

    Bug reports: use Help / Report Issue menu item in VSCode app.
    reddit's /r/vscode/
    VSC extensions
    VSC "Native Crash Issues" (how to report VSC crashes)
    Burke Holland and Sarah Drasner's "VS Code can do that ?"
    Pandiyan Murugan's "VS Code useful Tips and Tricks"
    Espen's "Productivity in Visual Studio Code"
    VSC's "Emmet in Visual Studio Code"
    Matthew MacDonald's "Setting up JavaScript Debugging in Visual Studio Code"
    Matthew MacDonald's "Basic Debugging in Visual Studio Code"
    Sebastian Andil's "Tips to use VSCode more efficiently"
    Hariprasath's "10 Tricks Every Developer Should Know in Visual Studio Code"
    Saurabh Palatkar's "VS Code Extensions For Near IDE Experience"
    VSCodium (binaries minus MS telemetry; maybe can't get extensions from Marketplace)
    codeSTACKr's "Learn Git in 30 Minutes" (video) (git and VSCode)

    See the Building a VSCode Extension section of my Develop an Application page.

    Use git from inside VSCode:
    I have a project on disk with git already set up and working to connect to GitHub, using CLI commands. To connect to it through VSCode:
    1. Close current folder/project in VSCode (ctrl+k f).
    2. In the left-side panel, click icon to open the Source Control tab.
    3. Click "Open Folder".
    4. Open the project folder.
    5. See files in the folder. Those NOT included in the repo will have "U" (Untracked) next to the name.
    6. Edit a file.
    7. ???

  • Eclipse Theia:
    Open-source equivalent to VSCode, but split into front and back ends, and back end can run in the cloud.
    Theia 1.0 release announcement
    Supports use of VS Code extensions.

  • Atom:
    Install HtmlHint, and once it gets running, any file that has an error will have its name underlined in red in the project pane. Try putting "<<" in a file to test it.

    But Atom is a pain. Slow to launch. No easy way to open just HTML files in a folder. No easy way to move from one tab/pane to another. Always opens Project window that shows all files in folder, not just open files. Flatpak version doesn't support commands such as "atom" in CLI. Ended up uninstalling that version, and installing directly from site. Now "atom" command at CLI works.

    Flatpak version, with supporting framework, takes almost 6 GB of disk space !

    Later, I read "Open Atom, then open command palette (Ctrl+Shift+p). Type "shell" and select "Window: Install Shell Commands" from the drop-down suggestions."

    reddit's /r/Atom/
    Atom Packages

    Building a new package for Atom:
    Nick Tikhonov's "Building your first Atom plugin"
    Jeremy Heleine's "How To Develop a Package for GitHub's Atom Code Editor"
    Atom's "Hacking Atom"
    Vincent Composieux's "Create your first Atom package"
    Atom's "atom-ide-ui (A collection of Atom UIs to support language services)"
    Atom IDE
    Atom's "bottom-dock package"
    Package to copy ? lettertwo / atom-narrow-provider-diagnostics

    Getting started:
    1. Install the non-Flatpak version of Atom, from the web site.
    2. On CLI, do "apm -v" to verify that apm is okay.
    3. On CLI, do "atom -v" to verify that atom CLI app is okay.
    4. In Atom, Ctrl+Shift+P to open Command Palette, then find "Package Generator: Generate Package" and run it.
    5. Type name/path of new package. It will be created and a new instance of Atom opened on it.
    6. For any Node.js packages you need, go to project directory in CLI and do "npm install --save PACKAGENAME" and "apm install". Package should appear in an entry in package.json. And node_modules directory tree will be created and/or populated.
    7. To build a package that uses IDE/language features, do "apm install atom-ide-ui".

    While developing:
    1. Change code.
    2. Open the Command Palette (Ctrl+Shift+P) and run the "Window: Reload" command.
    3. Navigate to Packages > YOURPACKAGENAME and do whatever commands it implements.
    4. Repeat.

    I tried to port my HTML link-checker extension from VSCode to Atom, and gave up. Couldn't understand basics, and there's no standard Diagnostics pane in Atom, and Facebook is dropping support of some key stuff they developed for Atom.

  • KDevelop:

    Wikipedia's "KDevelop"
    Runs on Linux, Mac, Windows.
    Looks like plug-ins are written in C++.

  • IntelliJ:

    Wikipedia's "IntelliJ IDEA"

    HTML support only in Ultimate edition.

  • Micro:


  • Brackets:

    Multiple languages, extensions.

  • Notepadqq:

  • Geany:


  • Sublime Text:

    Costs $80.
    Sublime Text

  • Vim:
    Been using vim for 2 years now, mostly because can't figure out how to exit
    vim-tiny (the compact edition) may be installed by default. You probably want to remove it and install full vim (which includes vimtutor). I also installed Vim-addon-manager.

    Type "vi" on CLI to run it.
    Run "vimtutor" to get a tutorial.
    Run "vim-addons" to manage addons (scripts).

    Vim's "Vim scripting cheatsheet"
    reddit's /r/vim

    Vim has same UI as the old Unix "vi", as far as I can tell. To get out, ":q" or ":wq".

Alistair Ross's "Howto: What is Git and Github? How do I use it and why should I care?"
See Using Git and GitHub section of my "Develop an Application" page

Markdown editors:
Add Markdown AllInOne + Markdown Preview Enhanced extensions to VSCode. Or:
voldyman / MarkMyWords

Microsoft's "Docs Markdown reference"
adam-p's "Markdown Cheatsheet"

PDF Viewer and Editor:

Adobe no longer supports Linux for PDF viewing and editing.

I think "annotating" a PDF is not the same as "doing form-filling". Neither is same as "editing". And there are two types of form-filling: "XFA" and "AcroForms". Then there is "signing".

Some PDF's contain an internal loader or something: they show "wait for file contents to load, if it doesn't load you need new PDF software", and then the real contents should appear. Mostly that kind of PDF doesn't work on Linux, in my experience.

  • Evince (AKA Mint's "Document Viewer" AKA xreader):

    "sudo apt install evince"
    Snap image fails to launch, throws error.
    Works fine for simple PDF files, but does not work for form-filling (XFA or AcroForms ?) documents (many tax forms).

  • Foxit Reader:

    Didn't work on my tax PDF; I think doesn't support form-filling.
    Foxit Reader

  • Master PDF Editor:

    "flatpak install net.codeindustry.MasterPDFEditor"
    Supports form-filling in free version, but very bad support, at least on the file I tried in 1/2021. In PDF file, check-box field values aren't saved, pull-down menus don't work, help buttons don't work, more. Free version adds a watermark to saved file ? CAN display much of XFA form file correctly, so not totally useless.
    Master PDF Editor

  • PDF Studio Viewer:

    PDF Studio Viewer

  • Okular:

    Opened a PDF that has XFA form fields, and Okular (1.11.2, 1/2021) said "XFA forms are unsupported".

  • Scribus:

    "sudo apt install scribus"
    Can export to several image formats.

  • Acrobat Reader DC:

    "snap install acrordrdc"
    Installs a snap of a deprecated version of WINE (!), gives scary warnings, I stopped the install.

  • green check-mark  Ampare PDF To Image:

    "snap install amparepdftoimage"
    Very plain GUI app to view PDF and save page to PNG format. Works.

  • pdftk:

    CLI only.
    "snap install pdftk" or "sudo apt install pdftk".
    Doesn't convert to other formats.

    From someone on reddit:
    I was not looking forward to today because I was under the impression that I was going to have to set up a cracked version of Windows on a VM so that I could use a free trial of Acrobat Pro to do a simple (but time-sensitive) PDF edit on my xubuntu machine.

    That was before I stumbled upon pdftk.

    The process was quite simple:
    sudo apt install pdftk
    pdftk PDF_File.pdf burst #This command strips out all of the pages and creates individual .pdf files
    #Sign the signature page with GIMP
    #Create a new page to add new text with LibreOffice 
    #Paste signature into new page and export as PDF
    ls *.pdf >> pdf-filenames.txt #Create a file of individual page names
    value=$(<pdf-filenames2.txt) #Assign pagenames to bash variable
    pdftk $value cat output Merged_Document.pdf #Merge the files back into one
    [There is also Python package to do stuff like this, PyPDF2.]

I ended up having to go to a Windows machine to do my PDF tax forms.

Edit PDF in LibreOffice Draw then export to PDF
poppler-utils (and "man pdfinfo") ? PDF Chain / pdfchain ?
quickfill add-on for Chromium ? There are other extensions in Chrome Store.
Xournal (does annotation, writing over top of a PDF that is used as the background image).

Useful online service: (doesn't display XFA forms) (doesn't display XFA forms)

qpdfview ?

Diagram And Flowchart Editors:

+/- Ankush Das's "Top 10 Microsoft Visio Alternatives for Linux"

Farm-Fresh web icons

Genealogy (family tree):

  • Gramps:

    Create a person, then click on Relationships tab, and add related people.
    Easier than adding all the people, then trying to link them together.

  • GeneoTree:


  • GeneWeb:


  • GenealogyJ:


Steve Emms' "8 Best Free Linux Family History Software"

Web Site Tools:

  • Sitemap generator:
    +/- I need to generate an HTML site-map for my web site.

    It's a hand-crafted site, so I can't just use a Wordpress plug-in or something. The directory structure is not the same as the hierarchy you get from following links, so I can't just use output from "ls" or "find".

    Did internet searches for products/projects. Found several that were dead links. Several that wanted to run as PHP on my web server (don't want to do that). won't handle a page bigger than 80KB (many of my pages).

    Gave up on generating HTML directly, will settle for XML. gave lousy output, no hierarchy, listed links to all kinds of non-HTML files. Same with gives some kind of HTTPS protocol version mismatch.

    Decided to reorganize my web site so the directory structure matches the logical organization, at least at the top level, and then I can use a "find" command to generate most of the site-map. Then changed my mind, decided to go the opposite direction, flatten the directory structure and hand-craft the site-map.

  • Link-checker:
    +/- Looked at wget, Klinkstatus, LinkLint.

    Found LinkChecker. Installed Linkchecker-gui; won't check external links by default, you have to uncomment "#checkextern=1" in config file. Works okay. But often it reports the same bad link in a file 2 or 10 times.

    Ended up building my own VSCode extension to do link-checking: linkcheckerhtml

    Page not found

  • HTMLHint:

    HTML syntax-checker used by Atom, VSCode, other editors.

    Official site
    Project home
    HTMLHint can be called from CLI and Javascript and maybe other languages.

    Connector from HTMLHint to VSCode: Microsoft / vscode-htmlhint

  • Open-source tool to generate static HTML site: Hugo

    I tried using Hugo, and it was a fiasco. See "Tried Hugo" section of my "Your Personal Web Site" web page.

Alistair Ross's "How to password protect web sites via .htaccess"
Alistair Ross's "Quick and dirty hacks: one line HTTP Server"

Downloading Videos and Images:

VLC has a "Record" function that's supposed to let you save any video VLC is playing, but Record totally sucks, don't use it.

For downloading videos, use browser add-on "Video DownloadHelper" by mig, and install the companion app that it uses.

Viewing streaming TV channels: Hypnotix.
angeloma's "Install Hypnotix - The Linux Mint IPTV client"
Divine's "Hypnotix: A New IPTV Streaming App for Watching Live TV, Movies and Series"

Recording Desktop Activity:

  • green check-mark  gnome-screenshot (screenshot):

    Printscreen key: screenshot of the entire screen.
    Shift+Printscreen: screenshot of a region selected by mouse.
    Alt+Printscreen: screenshot of current window.
    CLI: gnome-screenshot --help

  • In Firefox (screenshot):


  • Flameshot (screenshot):

    flameshot-org / flameshot

    UI confusing at first. Launch Flameshot, icon appears in system tray, click on it to start a screenshot. Get purple dialog that says "use mouse to select an area, or Enter for whole screen". But Enter copies whole screen to clipboard; instead use Ctrl+S to copy whole screen to file. If you use mouse to select an area, you can then do things, including Ctrl+S to save to file. Only saves in PNG format.

  • green check-mark  SimpleScreenRecorder (video):

    Produces video (with optional audio) but not stills; I guess you could grab frames out of the video if you want to make a slide-show.

  • Byzanz (video):

    CLI utility.
    FOSS Linux's "How to capture screenshot GIF, and Video with Audio, from command line"

  • Gnome screencast recorder (video):

    Ctrl+Shift+Alt+R to start, see red meatball in lower-right corner, creates "cinnamon-XXXXXXXXX.webm file in home directory. Supposed to stop automatically after 30 seconds, but on Mint it seems to go forever, no way to stop it except another Ctrl+Shift+Alt+R, which causes Cinnamon to crash, and you can choose to restart it.
    Tips on Ubuntu's "How to Record Your Gnome Desktop Instantly in Ubuntu 18.04"

Linux Uprising's "Display Keystrokes And Mouse Clicks In Screencasts Using KmCaster"

Recording CLI Activity:


Image Viewing and Editing:

  • green check-mark  Pix:

    Installed by default in Linux Mint. It's a fork of gThumb.
    Editing features include flip/rotate, crop, resize, more.
    Has plug-ins.
    Has file-rename (F2).
    Can't get it to start in full-screen mode; have to hit F11.
    Open-With context menu item so you can open image in a more-complex editing app.
    linuxmint / pix
    Some improvements I'd like to see: setting to open straight into full-screen mode, setting for Delete key mapped to Delete or Move to Trash menu item or nothing, Edit / Preferences / Extensions / "More Extensions..." just takes you to GitHub page for the whole app, turning off "General - Ask confirmation before delete" setting doesn't work (or requires restart ?).
    If in View mode files seem to be presented in a strange order, go to View / Sort By and change order.
    To prevent opening multiple instances of the app, go to Edit / Preferences / General and check "Reuse the active window to open files".
    To prevent extra step in every Save As, in lower-left corner of Save As dialog un-check "Show Format Options".

    You can add a script, by going to Hamburger icon pull-down and selecting Personalize. Filename in command is represented by "%F". Numeric key-pad shortcut-keys work only if NumLk is on.

    Install in systems other than Mint*:
    auroralinux's "The Guides to Install Linux Mint's X-Apps on Ubuntu"
    Go to and download and install in this order: xapps-common, pix-data, pix.
    You'll have to update them manually, every few months maybe.

    Settings for Pix are stored in gsettings; use dconf-editor to see org.x.pix tree; also "gsettings list-recursively org.x.pix".

  • Gwenview:

    Default in KDE.
    No way to do single-instance-only.
    Sort-order of files doesn't match that in Dolphin ?

  • Eye of GNOME (eog):

  • Xviewer:

    Installed by default in Linux Mint.
    The only editing features are flip/rotate.

  • XnViewMP:

    It lives in /opt/xnview.
    Its mostly a slide-show app; editing features are flip/rotate, crop. No resize.

  • IrfanView:

    No native version for Linux; have to use a Windows emulator such as WINE.

  • gThumb:

    Slide-show plus; editing features are flip/rotate, crop, resize, draw, color/focus.
    Has plug-ins.
    For me, it failed the most basic UI test of a viewer: arrow-keys don't work to move to previous/next image.
    Pix was developed by starting with the gThumb codebase.

  • nomacs:

  • Krita:

  • green check-mark  Pinta:

    Image editor and drawing.
    Seems to do everything I was using GIMP to do.
    But the text-tool is very weak.
    And trying to install add-ons fails; version mismatch problem.

  • Showfoto:

    Medium-level image editor.
    Didn't see any good way to view previous/next image in folder.

  • Nemo-image-converter extension to Nemo:

  • GIMP:

    Heavy-duty image editor. It "saves" to its native format xcf, and "exports" to something else such as jpg.

    The only features I use/need:
    - expand canvas size (add more blank area around image without changing size of image)
    - edit image that has a transparent background layer
    - select all pixels of a certain color, change to another color

    From someone on reddit:
    "In the main menu under 'Window' there is an option for 'single window mode'. That will help make GIMP more like Photoshop. Move and place the panes where you like them. I also use GIMP Paint Studio which is an addon with more brushes, palettes, patterns, gradients, tool presets and menus. There are many addon and plugins for GIMP."

  • Drawing:

    New default app in Mint 19.3, supposedly replaces GIMP.

CLI image manipulation:
  • ImageMagick:

    "sudo apt install imagemagick" "man ImageMagick"

    Useful commands:
    # this uses the Debian-style rename command; apparently the Red Hat version is different
    rename 's/ //g' *
    rename 's/.mp4.png/.png/' *.png
    for i in *.png ; do j=`basename "$i" .png` ; echo "$j" ; convert "$i" -quality 92 "$j".jpg ; done
    rename 's/png.jpg/.jpg/' *.jpg
    identify -verbose FILENAME

  • exiftool:
    sudo apt install libimage-exiftool-perl
    # display EXIF data using very short tag-names
    exiftool -veryShort FILENAME
    # remove all EXIF data from files
    exiftool -all= -progress FILENAMES
    rm *original
    # or
    exiftool -all= -progress FILENAMES | grep Error
    rm *original
    # or
    for i in *.jpg; do echo "Processing $i"; exiftool -all= "$i"; done
    # remove geotag EXIF data from files
    exiftool -geotag= -progress FILENAMES
    # maybe
    exiftool -gps:all= -progress FILENAMES

  • imgp:

    FOSS Linux's "How to Resize Images by Command line in Ubuntu"

KolourPaint, phatch, Photoscope

I briefly tried Inkscape, and found it very complex. Couldn't figure out how to draw arrows, no built-in shapes, etc.

Very simple viewer: feh

Online tool to change background color of a PNG to transparent: LunaPic

Kendra D. Mitchell's "How to Make GIF Background Transparent and Change Color" (OIE worked for me)
EraseBG (I haven't tried it)

Online tool to add a border around an image: Super Tool

Online tool to change contrast: InstaEditor

Online diagram-editor: (formerly

Serious online editor: Photopea

File-renamer: F2

Video Player:

  • green check-mark  Celluloid:

    Installed by default in Linux Mint. Formerly GNOME MPV.

    Editing features include:
    "s" to take a screenshot from the video (best, I think),
    "ctrl+s" to take a screenshot of what appears in the window,
    "p" to pause,
    left/right arrow to go back/forward 5 seconds,
    shift+left/right arrow to go back/forward 1 second,
    ","/"." to go back/forward 1 frame.

  • VLC:

  • SMPlayer:

    Set preferences to use MPV or MPlayer engine.

  • Dragon Player:

    Installed by default in Fedora KDE.

  • Celluloid:

Linux Uprising's "How To Enable Hardware Accelerated Video Decode In Browsers"

Video Editor:

For serious recording and streaming, the gold standard seems to be OBS.

Tried Kdenlive and Openshot-qt video editors, but way too complicated for me, all I want to do is cut segments out of existing videos.

For just cutting:
  • ffmpeg:
    ffmpeg -i INPUT.mp4 -c copy -ss [starting time in hh:mm:ss] -to [finish, in hh:mm:ss] OUTPUT.mp4
    [If you have NVIDIA hardware, ffmpeg can be recompiled to use GPU instead of CPU.]

  • Installed VidCutter. Unfortunately a couple of GB of stuff came with it; it uses KDE stuff and flatpak. But the app does what I want, without too much hassle. I think it's using ffmpeg on the back-end.

  • LosslessCut

I've heard: avoid Davinci Resolve; installation and distro support are horrible, and it's NVIDIA-oriented (crashes a bit on AMD ?).

FOSS Linux's "How to capture screenshot GIF, and Video with Audio, from command line"
Alistair Ross's "Screencast recording with Green Recorder"
Rotating videos with FFmpeg
SK's "20+ FFmpeg Commands For Beginners"


The gold standard for audio handling/editing is Audacity. But every operation rewrites the audio to disk, so be careful when editing, and expect heavy load on disk.

Check MP3 file:

sudo apt install libimage-exiftool-perl
exiftool -veryShort FILENAME
exiftool -veryShort -x IngredientsFilePath -x IngredientsToPart -x IngredientsFromPart -x IngredientsDocumentID -x IngredientsMaskMarkers -x IngredientsInstanceID -x Lyrics -x Lyrics-eng -x Comment -x Comment-eng -x Composer -x Album -x Artist -x Band -x Subtitle -x HistoryAction -x HistoryInstanceID -x HistoryWhen -x HistorySoftwareAgent FILENAME

# part of ffmpeg package
ffprobe FILENAME

sudo apt install mp3info
mp3info -x -f -F FILENAME

sudo apt install mp3diags

SoX Sound Exchange: Klaatu's "Convert audio files with this versatile Linux command"

Encryption etc:

Encryption of data at rest: see "Encryption of data at rest" section of my "Linux Storage" page

Encryption of data in motion:
  • green check-mark  Tor Browser:

    Installed Tor Browser by downloading an archive and extracting from it. But trying to put it in a location shared by all users (/usr/local/bin) caused a permission nightmare and it wouldn't run. Put it in my home directory and it works, but I don't see it in the GUI menu of applications.

    See Tor Browser section of my Connection Security page

See the "Messaging" section of My "Secure Communication" page.

See the "Linux Software" section of my "Backups" page.

Anti-Virus and Malware Scanners:

Two "modes" of anti-virus:
  • Real-time / constant scanning. Hooks into the OS and scans files as they are created or written. May also hook into browsers and email apps to scan attachments or screen links before they are opened.

  • Manual / on-demand scanning. User chooses to do a system scan every week or two.

For a moderately careful user, I think manual scanning is best. Real-time scanning imposes a performance penalty, may destabilize the system, can introduce vulnerabilities, and requires that you trust your AV software greatly.

For every product, you can find detractors. It slows down the system, increases the attack surface, runs at too high a privilege level, has a history of exploits, gives too many false positives, etc. Most of the criticisms apply more to the real-time mode rather than the manual mode.

Some say AV is not needed on Linux:
Some people say there is no risk of malware on Linux, but this is less true every year. Now that most of the world's web servers and most of the IoT devices are running some form of Unix/Linux, attacks and malware are becoming more and more common. Now that home users spend 90% of their time in a browser, browser and browser add-on exploits are a big risk. Attack surfaces such as code/macro engines inside "smart" documents such as MS Office and PDF documents, or inside email clients, are similar on Linux to those in any other OS. Java, Javascript, Python, Electron, Docker, etc, everything is trying to become cross-platform. A browser exploit probably doesn't care what underlying OS you're running.

From someone on reddit 3/2019:
Cybersecurity blue team here, in the wild we probably see more Linux payloads than we do Windows due to the high number of servers that run enterprise Linux. That being said, botnet attacks and scripted exploits normally drop and try to execute both Windows and Linux versions of the same payload which is super scary to see. Linux doesn't protect you from viruses at all. In fact, thinking you're more secure just for running Linux is deluded, new privilege escalations are released almost daily. If you stay on top of it, you could own someone's laptop pretty trivially with some help from exploit-db.

From /u/longm0de on reddit 2/2020:
I have an experimental Win10 laptop that I keep up to date with Defender disabled through WinRE with no other anti-malware, and I haven't had a single malware enter my system in years, I've even purposefully downloaded malware. I've even run it knowing its limitations by limiting it to a single user and without administrator privileges without my system ever being screwed. Linux users will claim similar things such as not having malware ever since switching over. The commonality here? Both of our points are anecdotal as there is always the right tool for a job, and anti-malware software works great for protecting users.


Linux is multi-user so it is more secure ? Windows is multi-user as well. Win 1x,2x,3x,95/98/ME are from a different lineage of Windows. Windows NT was launched in 1993 and used the kernel which Windows still uses (of course, upgraded) today, which is rooted in OpenVMS and inherits a lot of the stability, robustness, multi-user features, and security that it had. It's not built from DOS in any way shape or form. Windows is a secure multi-user operating system. Many "consumer friendly" distributions such as Ubuntu give you access to read/write to other user directories without root access. This will NEVER happen by default on "Windoze".

Easy Linux tips project's "Security in Linux Mint: an explanation and some tips" strongly advises NOT installing anti-virus software, and gives reasons.

Also see:
Wikipedia's "Linux malware"
Catalin Cimpanu's "ESET discovers 21 new Linux malware families"
Paolo Rovelli's "Don't believe these four myths about Linux security"

Moe Long's "The 7 Best Free Linux Anti-Virus Programs"
Tecmint's "The 8 Best Free Anti-Virus Programs for Linux"
Wikipedia's "Linux malware"

  • Sophos:
    +/- Sophos
    Installing the standalone version of SAV for Linux/UNIX
    FOSS Linux's "How to install Sophos Antivirus for Linux in Ubuntu"
    Gets slightly-better-than-average ratings in some AV comparisons.
    reddit's /r/sophos
    Support is on Twitter "@SophosHome", but I don't know if that includes Linux support.

    9/2020: Support says "the Free Sophos Antivirus for Linux has been deprecated". No more free version.

    Have to download from the Sophos web site, or Docker does have images "jc19930401/sophos", "maxpowa/sophos-av", "sschmiedleitner/sophos-av", "neilai/sophos". It's unclear which is best to use. To see DockerHub page for an image, go to "".

    I downloaded from the Sophos web site and installed ("sudo sh ./") with "on-access scanning" turned off. Chose "s" for "update from Sophos". Chose "free edition" and "no proxy".

    Sophos is CLI-only.
    Do "/opt/sophos-av/bin/savdstatus" to see on-access scanning status.
    Do "/opt/sophos-av/bin/savdctl enable" and "/etc/init.d/sav-protect start" to enable on-access scanning.
    Do "sudo savscan /" to do an on-demand scan.

    "/opt/sophos-av/bin/savdstatus" says "Sophos Anti-Virus is active" even though I chose "don't do on-access scanning".
    Do "ps -fax | grep sav" to look for Sophos processes.
    Did "sudo /etc/init.d/sav-protect stop".
    Also "sudo /opt/sophos-av/bin/savconfig set EnableOnStart false".
    "sudo /opt/sophos-av/bin/savdctl disable" fails.
    systemctl status sav-protect
    cat /etc/systemd/system/
    systemctl cat sav-protect

    "man savscan" gives lots of info, but doesn't say what the default settings are. Also see "man savd".

    I found Sophos to be much faster than clamtk. Sophos caught all the viruses I had deliberately saved, and reported EICAR signature in .com files. Reported one Javascript file that turned out to be a known recently-discovered trojan, in flatmap-stream. About 285K files scanned in about 90 minutes, on my slow but mostly-idle laptop.

    2/2020 found they have a version 9 instead of the 5.63 I was running.
    Downloaded it (sav-linux-free-9.tgz)
    tar -xzvf sav-linux-free-9.tgz

    # get rid of old version
    sudo rm /usr/bin/savscan
    sudo rm /usr/local/bin/savscan
    sudo rm -fr /opt/sophos-av
    sudo rm -fr /usr/local/etc/sav
    sudo deluser --remove-home sophosav
    sudo delgroup --only-if-empty sophosav

    sudo ./sophos-av/
    # get message "Warning: There is another installation of Sophos Anti-Virus on this computer."
    # and installation aborts. Refers to KBA133542.
    # Apparently Mint 19.3 is based on a non-LTS version of Ubuntu,
    # and at the moment Sophos only supports LTS versions ?
    # But I think the real problem was that something installed by Sophos 5 was still present.

    When prompted for the type of auto-update you want, select Sophos.
    When prompted for the version you want, select Free.

    By default, it updates virus definitions every 60 minutes.
    To update Sophos Anti-Virus immediately: sudo /opt/sophos-av/bin/savupdate

    By default, Sophos Live Protection is turned on.
    To stop on-access scanning: sudo /opt/sophos-av/bin/savdctl disable

    To scan the computer: sudo savscan /
    Better: sudo savscan -s --skip-special -ndi -all -rec -nremove --backtrack-protection /
    (that took 2+ hours to scan 680K files on my machine)
    To scan a filesystem, specify its name. For example, type: sudo savscan /home
    To scan the boot sector of all logical drives: sudo savscan -bs
    To scan the master boot record of all fixed physical drives: sudo savscan -mbr

  • ClamTk / Clamav:
    +/- Someone said this is more intended for servers, to scan mail going through email server, etc.

    ClamTk is a Linux-only front-end for Clamav.
    dave_m / clamtk
    Aviva Zacks' "ClamAV vs ClamWin vs ClamTK"

    Cisco-Talos / clamav
    Bug reports etc: ClamavNet Mailing Lists
    Gets very bad ratings (low detection rate) in some AV comparisons.
    "sudo apt install clamav"

    To see update activity, "sudo journalctl | grep [Cc]lam".

    I want to do manual scans only. Do "sudo freshclam -c 1" to update database, and limit update checks to 1/day (default is 24/day !). There is a constantly-running process "/usr/bin/freshclam -d --foreground=true" which is launched by /etc/init.d/clamav-freshclam.

    In my home dir, did "sudo clamscan --infected --recursive ." It ran for over 6 hours (250K files), and threw some internal errors, maybe on big RAR files. But it finished, and found the malware test files I had.

    Did "sudo clamscan --infected --recursive --exclude=/home --exclude=/dev --exclude=/sys --exclude=/timeshift /" It ran for over 2 hours (300K files) and found the EICAR test files I had.

    9/2020: Did "flatpak install ClamTk". GUI app only, no CLI or man page. Start by updating signatures. Ran a scan, it found my test viruses, but also some false positives on other files. UI is a bit awkward: dialogs are small and can't be resized. Tried to use it again later and it didn't work. Removed flatpak and installed deb, which worked. Found lots of false-positives: it considers any JavaScript in a PDF and any LibreOffice macro to be "potentially unwanted".

  • chkrootkit:
    +/- chkrootkit Run "sudo chkrootkit".

    It probably will say some system command is infected, but I think if all checks for specific rootkits come up negative, the system is fine. Also, someone said any time you have an executable file in /tmp it will report possible "Linux/Xor.DDoS" infection.

    Run "sudo chkrootkit -r DIRNAME" to have it run as if DIRNAME is /, for testing purposes. But it only looks at specific places for specific rootkits, so you'd have to place each test rootkit in the appropriate place in that tree.

  • rkhunter:
    +/- Edit /etc/rkhunter.conf to change value of WEB_CMD from "/bin/false" (with quotes) to "curl" (without quotes).
    Also set "UPDATE_MIRRORS=1" and "MIRRORS_MODE=0".
    Delete the default mirrors file, /var/lib/rkhunter/db/mirrors.dat.
    Run "sudo rkhunter -C" to re-read config file.
    Run "sudo rkhunter --update". It should fetch a new copy of mirrors.dat.
    If problems, look in /var/log/rkhunter.log.
    If can't fetch update files, see if browser can get

    To do a check, run "sudo rkhunter -c". It probably will say some system commands are infected, and warn about other things, but I think if all checks for specific rootkits come up negative, the system is fine.

    No way to check for rootkits in a particular directory tree; it only looks at specific places for specific rootkits. So it's hard to download a rootkit and test that rkhunter detects it. You'd have to create a simulated filesystem, copy rkhunter and some support apps and test rootkits to it in appropriate places, chroot to it, and run.


  • checksecurity:
    sudo apt install checksecurity
    # It installed the "logcheck" package, and created a new user "logcheck".
    # Installed cron jobs to check for new setuid files, listeners, etc.
    egrep 'logcheck|checksecurity' /etc/crontab /etc/cron.*/* /etc/anacrontab /var/spool/cron/crontabs/*
    sudo edit /etc/checksecurity.conf
    sudo less /etc/logcheck/logcheck.conf
    # I think the first time you run it, it reports everything.
    # On following runs, it only reports changes from previous state.
    time sudo checksecurity
    # Soon getting flooded with lots of email.  Change
    # /etc/checksecurity.conf to check only passwords daily, rest weekly.
    # But that didn't work, email is coming from logcheck.
    sudo bash
    sudo edit /etc/cron.d/logcheck
    # commented out reboot line
    # changed "2 *" to "0 11"; run once a day instead of once an hour
    # Lots of UFW audit stuff being reported by logcheck.
    # Ran "Firewall Configuration" and changed logging from medium to low.

  • Comodo:
    +/- Comodo

    Downloaded .deb file from web site and opened it. Got an error that dependency on libssl0.9.8 (>= 0.9.8m-1) is not satisfiable. Tried "sudo apt install libssl1.0.0" and got "libssl1.0.0 is already the newest version (1.0.2n-1ubuntu5.2)". Searching, I see lots of people have had this error or other errors over the years.

    Downloaded a file from Ubuntu universe and installed it.

    Went to /opt/COMODO and ran "sudo ./". When it tried to build and install a new kernel module for real-time protection, it failed horribly (fine with me, I don't want that), then the script ended with "success".

    In /opt/COMODO, did "sudo ./cav", got GUI app. Updated database, but progress went to 89% and then whole OS froze. Rebooted, went to Comodo, it didn't want to run. Finally did again, that seemed to fix it. Updated database and did a scan. GUI app opened a progress dialog that stayed on top of all other windows; annoying. Eventually I noticed a check-box right in the dialog to make that stop. It scanned 803K "objects" in 2 hours, then I stopped it. It found all the viruses and the EICAR files.

    Later deleted it, but there's no uninstaller ? Services left running. Did:
    sudo systemctl disable --now cmdavd.service
    sudo systemctl disable --now cmdmgd.service

    Tried it again 3/2020:
    They list Mint as a specific choice, but in small print mention "Mint 13" !
    Got a deb file. Double-clicked, and it says "same version is already installed, reinstall package", maybe it sees remnants of old install ? It says "after install, run /opt/COMODO/". But installation failed with apt-daemon error. I saw some other install fail that way, maybe there's a problem in my system.

  • F-PROT: End-of-lifed 8/2020.

  • LMD (Linux Malware Detection):
    +/- rfxn / linux-malware-detect
    Jahid Onik's "How to Install and Configure Linux Malware Detect (LMD)"

    Installed by downloading it from GitHub, then "sudo ./". Then "sudo maldet --update-ver" and then "sudo maldet --update", both of which failed because "" is down. Then "sudo maldet -a /", which failed because apparently there is no signature file at all. A week later, "" still down. But then I found out it isn't down, somehow it's been mapped to localhost on my system, when Windscribe VPN is on. Turned off the VPN and was able to update. Found out that Windscribe VPN is blocking that domain; when it blocks something, it does it by mapping to localhost. Filed a Support ticket asking for it to be whitelisted.

    Ran it on root, and it took 40 minutes just to make a file list of 310K files. Said it was going to use ClamAV's engine. I killed it and uninstalled it.

  • ESET NOD32 ($40/year, but search online for discount deals):
    +/- ESET's "Antivirus for Linux desktop"
    Gets near-top ratings in some AV comparisons.

  • Bitdefender ($80/year):
    +/- I think to do Linux, you have to do "Bitdefender GravityZone Business Security".

  • Microsoft Defender ATP:
    +/- An enterprise product that collects lots of behavioral data on a real-time basis from many apps, and looks for threats and threat patterns. Paid subscription.

  • Microsoft Project Freta:
    +/- Upload a VM image, or a snapshot of your system in RAM, to a web site for analysis for rootkits and malware etc. Free.
    Robert Jefferson's "Microsoft has launched a Free Memory Forensics and Rootkit Detection Service for Linux"

See the "Testing your defenses" section of my "Computer Security and Privacy" page.

File Integrity Checkers:
Scan system files and report any changes, which might be due to malware.

  • AIDE:
    +/- AIDE
    Takes a snapshot of your files and directories at a supposedly "good" state and then checks for any later changes.

    Software Manager lists a "static" version and a "dynamic" version. No explanation of the difference. I installed the "dynamic" version. Nothing happened, no app called "aide" visible anywhere. Thought of installing the "static" version, and it says it will uninstall the "dynamic" version. Finally found it under "man aide".

    Did "sudo aide --init", got "Couldn't open file /var/lib/aide/please-dont-call-aide-without-parameters/ for writing". "sudo aide --config-check" gives nothing. "aide --version" says 'CONFIG_FILE = "/dev/null"'.

    Read some threads online, tried "sudo apt install aide aide-common". It said it's removing aide-dynamic. Was asked to select email type; chose "no configuration". Then it configured a LOT of stuff. Ended and I'm not sure what to do. Tried "aide --check" and "aide --init", got same error message as before.

    Tried "sudo aide.wrapper --init" per a thread, got various configuration-file errors.

    Also saw in a thread "The explanation can be found in /usr/share/doc/aide-common/README.Debian.gz" which seems unpromising. Looked in there, it says aide is intended to be run as a daily cron job, so if you run from CLI you have to supply your own config file, it wants to send email to root, etc. Gave up on it at this point. Did "sudo apt remove aide-common aide" to get rid of it.

  • Open Source Tripwire:
    +/- tripwire-open-source
    Michael Kwaku Aboagye's "Securing the Linux filesystem with Tripwire"
    Takes a snapshot of your files and directories at a supposedly "good" state and then checks for any later changes.

    Installed it through Software Manager. Let it create passphrases etc. Ran "sudo tripwire --init --verbose", and it asks for my "local passphrase", which I don't know. Eventually hit on "nothing" (Enter), and that worked. It started checking lots of files, but ended up in the "/proc" territory and died with "Software interrupt forced exit: Segmentation Fault [1] 6004 segmentation fault". Went into Software Manager and removed it.

  • Samhain:
    +/- Samhain
    Takes a snapshot of your files and directories at a supposedly "good" state and then checks for any later changes. Also log file monitoring and analysis, rootkit detection, port monitoring, more.

    Installed it through Software Manager. But installation failed with
    "Job for samhain.service failed because a timeout was exceeded.
    See "systemctl status samhain.service" and "journalctl -xe" for details.
    invoke-rc.d: initscript samhain, action "start" failed."

    Then tried "sudo apt samhain" and that threw an error.
    Did "sudo samhain -t update" and that threw errors.

    But then my disk was pegged, 100% usage, and stayed that way for 2+ hours, with no sign of stopping. Rebooted, it continued. Uninstalled samhain, and it stopped.

  • Incron:

  • Monit:

  • Afick:

  • debsums:
    +/- Checks the md5-sums of your system-files against the hashes in the respective repos.
    sudo apt install debsums
    sudo debsums -ac

  • SysConfCollect (SCC):
    +/- Checks for changes in files and config settings and much more.

    System Configuration Collector
    SCC Home

    Linux desktop README and modules I created: BillDietrich / SCC-Additions-for-Desktop-Linux

    Later updated SCC by downloading a .src.tar.gz from Extract files from it, cd into it, read the README, do "sudo ./scc-install"

    Added to .profile:
    export MANPATH="/opt/scc/man:$MANPATH"

For info about iptables, firewalls, Firejail, Apparmor, SELinux, and more, see my Linux Network and Security Controls page.

CLI Shell:

  • Bash:

    LeCoupa /
    Greg's (GreyCat's) Wiki
    SK's "How To Customize Bash Prompt In Linux"
    Mendel Cooper's "Advanced Bash-Scripting Guide"

    Useful things to set in $HOME/.bashrc:
    # When shell exits, append to history file instead of overwriting it
    shopt -s histappend

    Useful interactive commands:
    # at an empty command-line:
    sudo !!   # run previous command with sudo in front
    Up-arrow  # reuse previous commands
    Ctrl+r    # search command history
    history | grep PATTERN    # see all times you used PATTERN
    for i in $(cat FILENAME.txt); do CMDNAME $i; done
    # in middle of a command:
    Alt+Tab   # filename completion
    Alt+.     # reuse previous command arguments

  • Zsh:

    If you want to use ZSH:
    1. Check to see if it's installed already: try running command "zsh".
    2. If not found, install through Software Manager, or on CLI do "sudo apt install zsh" and "sudo apt install zsh-completions".
    3. Also install oh-my-zsh
    4. Do "sudo usermod -s /bin/zsh [user name]".
    5. Log out of that user and log in again ?
    6. Maybe copy some lines from "$HOME/.bashrc" to "$HOME/.zshrc" (aliases), and from "$HOME/.bash_profile" to "$HOME/.zprofile" (code that starts the X Window System) ?

    Neal Parikh's "Customizing your shell prompt"
    Anthony Heddings' "What is ZSH, and Why Should You Use It Instead of Bash?"

    I used zsh and oh-my-zsh for a while and found I was using none of their features, couldn't be bothered to learn them, too many other things I wanted to do instead. Went back to bash.

    To uninstall later:
    1. "$HOME/.oh-my-zsh/tools/"
    2. Do "sudo usermod -s /bin/bash [user name]".
    3. Log out of that user and log in again ?

  • Fish:

    Scripting syntax differs from that of bash.

There are lots of other alternatives: dash, ksh, oksh, csh, tcsh, loksh, mksh, yash, etc.

Useful things to set in $HOME/.profile (affect all shells):

export PAGER="most"

Terminal/shell shortcuts: Sakib Hossain's "Useful Linux Terminal Shortcuts"

See "Linux Shell Script" section of my "Develop an Application" page.

Useful CLI snippets:


# delete 4th line from a file, changing file:
sed -i '4d' FILENAME

# delete blank lines from a file, changing file:
sed -i '/^$/d' FILENAME

# delete lines that start with a certain word, changing file:
sed -i '/^WORD/d' FILENAME

# edit lines, changing file:
sed -i 's/OLD/NEW/' FILENAME

# change block of text across newline, not changing file:

# get lines that do NOT match pattern, and output to stdout:

# process a group of whole lines, and output to stdout:

# make lots of files:
seq 1 100 | xargs --verbose touch

# basic shell loop:
for file in *; do wc -l "$file"; done

Useful for converting among various file formats such as CSV and JSON: miller

Vivek Gite's "How to use htmlq to extract content from HTML files"



  • LibreOffice:
    Easy Linux tips project's "LibreOffice: configure it right"
    See item "Libre Office: improving Macro Security" in Easy Linux tips project's "Security in Linux Mint: an explanation and some tips"
    Easy Linux tips project's "Problems with Libre Office? Install a newer Libre Office"
    Dedoimedo's "LibreOffice 7.0"
    Dedoimedo's "LibreOffice 7.1"
    Dedoimedo's "LibreOffice 7.2"
    Supports newer XML-formats: .docx, .xlsx, etc.

    My installation got stuck in some loop where, upon launch, it would say "recovering file" or something, then fail and say it again, forever. Uninstalled all of LO. Had to do it one component at a time; just uninstalling the meta-package didn't do it. And there were about 15 components. Rebooted, and installed just Libreoffice-writer and Libreoffice-impress.

    From someone on reddit 7/2019:
    [For small-business use:]
    Libreoffice is a great piece of software if you will be delivering PDFs as the final output, but if you will be sending a Word or Excel document back and forth, you should use WPS Office, Microsoft Office 365 Web Apps, or Google Docs.

    From someone on reddit 9/2020:
    LibreOffice can save some documents that are CLOSE to Office format. Macros, scripts, templates all get fracked up. Many Uni's OUTRIGHT say it's MS Office or you don't get credit for ANY submitted work. Check with your Uni.

    From someone on reddit 9/2020:
    Libreoffice is trash for anyone who needs to do a lot of work in spreadsheets.

    One very easy example is eliminating duplicates. In Excel, you click the column letter, and then click "remove duplicates", and you're done. This is very common in spreadsheet work.

    In Calc, you do a special search, and then you have to select the entire range you want to search (so if I have 1500 rows with some blanks, I have to click A1, then CTRL+downarrow a bunch of times), then you select something to HIDE duplicates, then you copy the visible rows to a new sheet or to some area that is not filtered, and then you delete the old data. That's f*cking absurd for a function that's done ALL the f*cking time in spreadsheets.

    MS Office understands why people use these applications, and it puts all the most commonly used things right there on the Home tab. LibreOffice vs O365 is like me vs Usain Bolt in a 100M sprint. It's so bad that I've considered going back to Windows for my workstation, but I'm generally not responsible for creating or maintaining spreadsheets right now, so Excel online is workable.

    Install "mscorefonts".
    "LibreOffice macros and MS macros are partially compatible".

    Business-model: Some problems

  • Microsoft Office 365:

    But then you're sharing your documents with Microsoft.
    Microsoft Office 365
    Excel macros not supported ?

  • OnlyOffice:

    Doesn't support newer XML-formats: .docx, .xlsx, etc.

  • WPS Office:

    WPS Office for Linux
    I'm told the UI is a fairly straight copy of MS Office's UI, so a user would be comfortable moving between the two.

  • FreeOffice:


  • Abiword:

  • Google's "Office Editing for Docs, Sheets & Slides":

    Extension for Chrome browser.
    Installed it into Chromium browser, it installed okay but didn't work.

Word Online: can be used for free by anyone with an or Hotmail account.

Office 365 is a home and business subscription service. Some subscription plans offer desktop Office but others don't. Some plans include web services like business email and Azure AD but others don't.

From someone on reddit 7/2019:
[For small-business use:]
Honestly, Linux Desktop isn't really business-ready at the moment. It's getting close but it's not there.

For office work you need Microsoft Office, be it Word, Powerpoint, Visio, or Excel.

Some will say you can use LibreOffice, or other open-source. But the main problems are the same tasks are not always possible (try setting sequential formulas in an excel sheet with the Ctrl + Enter on Libre), and when you create documents in these alternatives, they don't look the same when opened with Microsoft Office (i.e. vendors or clients you deal with will see this as unprofessional).

From someone on reddit 8/2020:
I have hundreds of existing PPTs which I use at work, and unfortunately these don't show well on Mint or any other Linux distro I've tried, whether on Libre, or any other Office replacement. The layout is all wrong, elements spill out of the slides, so much so that the slides are unusable without spending hours rearranging everything, so I stick to Win10 for work.

The same issue happens on Office online, with the additional problem that it doesn't have all the features of the desktop apps.

If you need to create new files, Libre etc. are a good alternative, but if you need to use existing files, unfortunately MS is still the way to go.

An issue I see, as a home user, is that the printer drivers don't properly shrink an oversize document. Maybe it's a bug in my distro (Mint 19) or apps or the driver for my printer (HP 363x series), or because I'm in Europe using A4 paper and an A4-sized printer. But a document with content right up to the edges, and slight bigger than the paper size, has the edges cut off instead of being shrunk to fit. Happens with xed and xreader at least. And there're no margin settings in their print dialogs. [Edit: not a problem with same printer with Ubuntu 20.04 and gedit app.]

Mohammed Abubakar's "Microsoft Office On Linux Is Now A Thing, Thanks To WinApps"

Robert Zak's "How to Open a docx File without Microsoft Office"
Convert Word documents to Clean HTML

For info about Docker, flatpak, appimage, and more, see my VMs and Containers/Bundles page.


See what you have installed already; don't remove it:
"apt list | grep mysql | grep installed"
"apt list | grep maria | grep installed"

Remote Access (Remote Desktop) to Linux machine:

Heard on a podcast, don't know if true:
Some remote control (x2go) requires an open port for SSH, some (TeamViewer) doesn't.
X-based (x2go) is fast, VNC slow.

Protocols: RFB/VNC (ports 5500, 5900), RDP (port 3389), NX (uses SSH ?), XDMCP (port 177), SPICE (???), EXEC (???), SSH (port 22), TeamViewer (various; can HTTP tunnel ?).

Recommended: X2Go (uses SSH, so secure from the start; article)

TeamViewer (installs a version of Wine, daemon runs as root, not a lot of features).


VNC ? ("sudo apt install x11vnc", then in GUI run x11vnc, accept incoming connections and apply, "sudo netstat -tulp | grep vnc", on Windows machine install VNC Viewer, run it, connect and login, get full GUI desktop access)

noVNC ?

Remmina ?

Mehedi Hasan's "Fast and Secure Remote Desktop Clients for Linux"
Bobby Borisov's "Remote Desktop with Linux"
Wikipedia's "Comparison of remote desktop software"

Remote Access (SSH) to another Linux machine:


Single-session SSH clients:
OpenSSH, PuTTY, Butterfly, kitty, more.

You could run one of these multiplexing session managers, then run a single-session SSH client in one of their sessions:
OpenSSH client info is in /etc/ssh/ssh_config file.
OpenSSH server info is under /etc/ssh/ssh_config.d directory.
Any time you change server config, do "sudo systemctl restart sshd.service"
Create a new SSH key-pair (and password for it) for this user, on client: "ssh-keygen -t rsa"
Copy public key for this user to login as USERNAME to server: "ssh-copy-id USERNAME@SERVERADDR"
To login as USERNAME to server: "ssh USERNAME@SERVERADDR", get asked for password of key-pair on client.


Ankush Das's "Top 31 Best Linux Games You Can Play for FREE"
Nick Congleton's "The 10 Best Free Linux Games"
Steve Emms' "42 of the Best Free Linux Games"
Derrik Diener's "5 best free Linux FPS shooters to checkout"

System76's "The System76 Guide to Gaming on Pop!_OS"
Dedoimedo's "Steam Play, Proton - How be things in 2021?"

Dota 2:
Install Steam first, from Software Manager.
VPN not allowed while installing.
Dota 2 installs 24 GB under $HOME/.steam
Try to run game, get "Unable to start game - Failed to create an OpenGL context - Your graphics card must support at least OpenGL v3.1".
I'm using Mint 19.3, kernel 5.3.0-46-generic, Intel integrated i915, X.Org 1.19.6, "OpenGL: renderer: Mesa DRI Intel Ironlake Mobile v: 2.1 Mesa 19.2.8".
Set Dota 2 launch options in Steam to include "LIBGL_ALWAYS_SOFTWARE=1": Launch Steam, right-click on Dota 2, click on Properties, click on Set Launch Options, set field to "LIBGL_ALWAYS_SOFTWARE=1 %command%".
ArchWiki's "Steam"
While running, Steam and Dota 2 together will take more than 1.5 GB of RAM.
Performance is atrocious, unplayable on my slow laptop with no special GPU.

Finding apps:
ArchWiki's "List of applications"
One Thing Well blog
kimcuong060498 / awesome-linux-apps

Some applications are written to work only in a specific GUI framework, such as KDE or Gnome. Others are written to work inside a cross-platform framework, such as Electron or Node.js or Ruby Rails, that then has versions which run inside various lower frameworks, such as KDE or Gnome.

There are some application-deployment frameworks, such as Docker and Ansible (article1, article2).

Note: CLI tools "apt" and "apt-get / apt-clone / apt-config" give identical functionality but differ in emphasis:
"apt" is intended for interactive use, and may change slightly over time.
The others are intended for scripting / back-end use, and try to stay constant over time.
Someone said the two groups use separate caches.

Easy Linux tips project's "Firefox: optimize its settings"
Easy Linux tips project's "Google Chrome and Chromium: improve their settings"

Alistair Ross's "Review: Download Managers for Linux"

App Outlet (finding and downloading newest versions of packages)

Lilite: A Linux Autoinstaller

ArchLinux's "Font configuration"
"apt-cache search ^fonts-" and "apt search ^fonts-"
Install fontconfig-infinality.
cryzed /

Munif Tanjim's "How To Install Google Earth on Ubuntu Linux"
But it's available through Software Manager too.
If all searches go to equator, edit /opt/google/earth/free/googleearth (or /opt/google/earth/pro/googleearth ?) to add a line "export LC_NUMERIC=en_US.UTF-8" before line that starts with "LD_LIBRARY_PATH".

cboxdoerfer / fsearch (fast file search utility)
Joey Sneddon's "Linux File Search Tool 'Catfish' Just Got Even Faster"

Check hash of a file you downloaded:
Alexandru Andrei's "How to Verify Authenticity of Linux Software with Digital Signatures"
drewblay / Compare-File-To-Hash

US taxes:

My "Develop a Desktop Application" page

Things To Do

Clippy want me to help you with Linux ?
Work your way through some basic tutorials:
Linux Journey
Linux Survival
Ubuntu's "Using The Terminal"
Linux command line for you and me
Ryans Tutorials' "Linux Tutorial"
Julia's Drawings

Chris Hoffman's "The Linux Directory Structure, Explained"
[At CLI do "man hier" (canonical hierarchy) and "man file-hierarchy" (extensions in systemd systems ?).]
Debian's "Device Names in Linux"

Far more in-depth:
Sven Vermeulen's "Linux Sea" [BROKEN LINK]
David A Rusling's "The Linux Kernel" (circa 1999)
The Linux Kernel documentation

For info about tightening and testing security and privacy, and more, see my Linux Network and Security Controls page.


  • Update: install new versions of packages as they come out, maybe daily.

  • Upgrade to new point-release: e.g. from 19.2 to 19.3. Usually happens same way as daily updates ? Usually works fine.

  • Upgrade to new major release: e.g. from 20 to 21. Usually some special mechanism ? More dangerous.

  • Fresh install (AKA "nuke and pave"): back up your data and custom changes, then completely wipe the disk and install new OS, install apps, then restore your data and settings of some major apps.

  • Fresh install of OS only: you can try this if you have / and /home in different partitions. Wipe and install OS and apps on /, hope that /home remains intact and works. I don't do it.

On Mint, run Update Manager application. Application and kernel updates will appear automatically. If you want to change kernel "lines" (e.g. change from 4.15.x to 5.0.y), use View / Linux Kernels menu item.

On Ubuntu, to manually update kernel, use Ukuu (Ubuntu kernel update utility) or bkw777 / mainline. But the normal update app automatically will update kernel and remove old kernels. To see kernels, do "dpkg --list | grep linux-image". To purge several of the oldest images, do "sudo apt purge IMG1 IMG2 IMG3".

On Ubuntu, to see when snaps were last updated, do "ls -l /snap".

For Ubuntu, I asked about installing a LTS release and then later updating to a non-LTS release, and got this from people on reddit:
[From LTS to non-LTS,] You don't need to do a fresh install. Ubuntu will update with its software update tool. If your first install was an Ubuntu LTS, you will need to configure Ubuntu to allow non-LTS upgrades though. If you open "software sources" and go to the "Updates tab" configure "Notify me of a new Ubuntu version" from "Long term support" to "any new version". When the time comes you'll be prompted to update.

Word of advice: Avoid using third party software repositories (like PPAs) as they can cause situations where Ubuntu can't do an OS update. This is the number 1 cause for Ubuntu failing to upgrade. I personally don't have any as most of the stuff I use is available through Ubuntu's software library.


In major updates, the updater tool will disable your PPAs so that there are no conflicts.

New point-release upgrades seem to go okay, usually.

Major release upgrades: I hear that Ubuntu and its derivatives usually do these okay. On other distros, maybe not so much.

Fresh install:
Instead of doing a major release upgrade, I do a fresh install. And a fresh install shows that your backups are complete, and of course is necessary when switching to a different distro.

Special hardware:

  • WD My Passport encrypted external hard disk drive.

    How to install and use KenMacD's "wdpassport-utils":
    1. sudo apt install git
      (might already be installed, by default)
    2. git clone $HOME/wdpassport-utils
    3. Now you have the files in $HOME/wdpassport-utils
    4. You could move the files to /usr/local/bin so they can be used all users. But this particular software is going to hard-code a password into a file, so best to leave it under your home.
    5. cd $HOME/wdpassport-utils

    6. Follow the "Non Gui Steps" from the file in the repository:
        First time:
      1. sudo apt install sg3-utils

      2. Every time:
      3. Plug in external drive and wait a few seconds.
      4. sudo dmesg | grep sg | grep "type 13"
        This should return one line which gives drive's "sgN" (such as "/dev/sg1").
      5. ./ YOURPASSWORD >password.bin
      6. Verify that size of password.bin is 40 bytes.
      7. sudo sg_raw -s 40 -i password.bin /dev/sgN c1 e1 00 00 00 00 00 00 28 00
        but replace "sgN" with appropriate number, "sg1" or whatever.
        See message saying something like "Good".
      8. Now drive should be unlocked.
      9. sudo partprobe
      10. Now drive should be mounted and available for use.
      11. Delete password.bin file so password is not saved ?

    7. Try the GUI method:
        First time:
      1. Instructions say do "sudo apt install gksu", but that package has been removed from Debian/Ubuntu18/etc.
      2. Edit to change all "gksudo" to "sudo".
      3. sudo apt install python-qt4
        May take 30 minutes or so in Live session.

      4. Every time:
      5. python
      6. See buttons for unlocking and mounting the drive.
      7. App automatically makes a desktop icon, called "WD Unlocker", which you can use next time.
      8. It creates a password.bin file each time. Delete that file after drive is accessible, or after unmounting disk ?

    8. To remove the drive from the system:
      1. In File Explorer, right-click on drive and click "Safely Remove Drive".
      2. Wait 5 seconds or so.
      3. In File Explorer, right-click on drive, see that now there is a "Mount" option (showing drive is unmounted), and click "Safely Remove Drive" again.
      4. In File Explorer, see that the drive no longer appears.
      5. In File Explorer, right-click on WD Unlocker drive, and click "Safely Remove Drive".
      6. Unplug the external drive.

    Western Digital's "How to physically connect, disconnect, and install a WD external / easystore drive on a Windows PC or Mac" says they don't support Linux, and they say nothing about how to mount an encrypted drive on Linux.

    Use WD-Decrypte with sg3-utils. See Vector's "Unlock WD Password Protected HDD in Linux" (video) which explains how to use WD-Decrypte, covering a couple of glitches not explained in Sifo Hamlaoui's "HOW TO DECRYPTE Western Digital DRIVE ON LINUX" (video).

    Or use 0-duke's "wdpassport-utils"

    Or use KenMacD's "wdpassport-utils"

    How to install KenMacD's "wdpassport-utils" (or other GitHub project), from someone on reddit 8/2018:
    1. sudo apt install git
      (might already be installed, by default)
    2. git clone $HOME/wdpassport-utils
    3. Now you have the files in $HOME/wdpassport-utils
    4. You could move the files to /usr/local/bin so they can be used all users. But this particular software is going to hard-code a password into a file, so best to leave it under your home.
    5. The rest of the steps are specific to this project.
    Installing a package using apt installs it system-wide by default (which is why you have to use "sudo").

    Testing a drive for problems using Data Lifeguard Diagnostics for Windows

    A better long-term solution:
    1. Mount the encrypted drive on a Windows machine (or Linux, if you have decryption working).
    2. Copy the files to a temp disk.
    3. Disable hardware encryption on the encrypted drive (must be on Windows to do this).
    4. Plug the encrypted drive into your Linux machine.
    5. Reformat it as a VeraCrypt volume with ext4 or NTFS or Btrfs filesystem inside.
    6. Copy all the files from temp disk to VeraCrypt drive.
    7. Close VeraCrypt drive, re-open, close, unmount disk, re-mount, test several times.
    8. Save backup copy of VeraCrypt volume header on some other device.
    9. Erase temp disk.

After using Linux for a while:

  • Updates:

    In Mint, I always use Update Manager, not the CLI. If a new kernel or systemd or Xorg comes out, maybe wait a day to let other people try it out first. Other than that, I always update.

  • If you decide you got the partition sizes wrong, you want more/less for Windows and less/more for Linux, you can adjust them.

    To change the Linux partition sizes, boot from a Linux USB and run GParted.
    Ask Ubuntu's "Can I Adjust/Reduce My Partition Size for Ubuntu?"
    Danny Stieben's "Three Ways to Resize a Linux Partition Safely"

    To change the Windows partition sizes, boot Windows and run Disk Management.
    Microsoft's "Overview of Disk Management"

    Before doing these operations, make backups !

    If using a laptop, plug into AC power before starting these operations.

  • Linux Uprising's "How To Use A Swap File Instead Of A Swap Partition On Linux"
    FOSS Linux's "How to create or add a SWAP partition in Ubuntu and Linux Mint" (but "method 1" creates a swap file)

  • If you didn't encrypt the partitions, you may be able to encrypt them in-place later.

    Johannes Bauer's "LUKS In-Place Conversion Tool"
    Leo Notenboom's "How Do I Encrypt a Hard Drive Using VeraCrypt?"
    "man ecryptfs-migrate-home"

    From LawrenceC on superuser's "How would I encrypt my whole Linux filesystem with VeraCrypt?":
    Linux has supported boot/system volume encryption like VeraCrypt for a long time using its own separate integrated system called LUKS, which is not compatible with Truecrypt/VeraCrypt.

    VeraCrypt (if it's like Truecrypt) is implemented on Linux via FUSE. FUSE is a way to implement filesystems without writing a kernel driver, the cost of this is speed. LUKS is part of the kernel and is faster than VeraCrypt would be, so this is why LUKS is preferred if you are using Linux.

    LUKS is well supported by Debian and other distribution installers, it's fairly simple to encrypt your full system, or full Linux partition, except for a small boot partition containing the kernel and initial RAM disk. This is equivalent to everything being encrypted on Truecrypt/VeraCrypt except the bootloader, which has to be unencrypted so the BIOS/UEFI can read it.

    One thing to note is that I don't believe there is a tool that will encrypt/decrypt a currently running system like Truecrypt/VeraCrypt does.

    Before doing these operations, make backups !

    If using a laptop, plug into AC power before starting these operations.

  • If you want to move /home to a separate partition:

    Ubuntu's "Partitioning/Home/Moving"

  • More software or more updating:

    From Easy Linux tips project's "Avoid 10 fatal mistakes in Linux Mint":
    "Never use installation scripts like Ultamatix, Ubuntu Tweak, Ubuntu Sources List Generator, Ubuntuzilla and UKUU. Don't use Grub Customizer."

    Scripts or commands you find on random web pages: Even if you read them on the web page and understand them, don't copy/paste them straight onto the shell CLI. Instead copy/paste them into a text editor and see if they look the same. Then copy from there to shell CLI if you wish. [Or in Firefox set dom.event.clipboardevents.enabled = false.] See Brian Tracy's "Don't Copy Paste Into A Shell" and example.

  • Easy Linux tips project's "Speed up your Mint!"
    Easy Linux tips project's "Speed up your Ubuntu!"
    SK's "How To Improve Application Startup Time In Linux"

  • [Apparently, tweaking the UI of your system is called "ricing" it.
    /r/unixporn's Wiki "Ricing 101"
    /r/unixporn's "ricerous_info"
    InstallGentoo Wiki's "GNU/Linux ricing"

  • Adding more desktop wallpapers:

    Download images from:
    Awesome Wallpapers

    In Mint 19, click on the Start button and run "Backgrounds" application. You could add the new images in a new directory, or put them somewhere under /usr/share/backgrounds. But I think the slide-show in the Backgrounds apps only uses one folder, that you pick, not all the folders listed in the left-hand pane. At least JPG and PNG formats are supported, and any size (bigger is better).

    In Ubuntu 20, install Variety application. But soon my GNOME background was broken. ?

  • Hack Terminal's background color: put at end of $HOME/.bashrc:
    # change terminal background color at random
    # adapted from /u/code33301
    w=("#3c3c76" "#527774" "#32573d" "#800080" "#800000" "#A05000")
    if [ "$r" -ne "6" ]; then
    	echo -ne $q${w[$r]}$e
    # else use default system color

  • If you want to try other themes in your current Desktop Environment:

    Mint's "Themes" application.
    Alistair Ross's "How to theme your Linux Desktop"
    Cinnamon Spices' "Themes"
    Pling's "Cinnamon Themes"

    In Mint, it's easy to "install" a theme, but it doesn't get used until you change 5 individual settings in Themes: Window borders, Icons, Controls, Mouse Pointer, Desktop. Some of the themes don't show up as choices in some of those 5 settings. None of them change the desktop background, I think; that must be done elsewhere (right-click on desktop and select "Change Desktop Background"). Some of the themes have descriptions that include some additional work you have to do, beyond just the Themes app. Seems that a new theme makes KeePassXC change a lot, Firefox changes mainly in title bar and tabs and some menus, but VSCode has no changes ?

    I think the default Theme in Mint Cinnamon is Mint-Y.
    I changed to Mint-X-Blue and liked it.

  • Applets and Desklets and Extensions etc:

    Cinnamon Spices
    Pling's "/s/Cinnamon"

  • You could add a dock to your desktop:

    Mehedi Hasan's "Top 10+ Best Linux Docks To Make Your Desktop Beautiful"
    Many are available through Software Manager.

  • GNOME Shell extensions:

    In Mint, you can use the Extensions application to install from a limited list.

    More extensions: GNOME Shell extensions
    Martins D. Okoi's "How to Install Gnome Shell Extensions"

    To see what version of GNOME you're running: "cat /usr/share/gnome/gnome-version.xml".
    The web site Download may ask for "GNOME Shell version"; maybe: "apt list | grep gnome-desktop | grep installed".

  • If you want to try tiling window managers:

    Mehedi Hasan's "Best 20 Linux Window Managers"

    From someone on reddit:
    +/- [I'm running Ubuntu GNOME 20.04]
    1. Find a WM you like. (I'd recommend I3, but there's awesome, dwm, qtile, xmonad, bspwm, herbstlutwm, etc.)
    2. Install it through apt (or through a PPA, usually the instructions are on the GitHub repository ["sudo apt install i3" or "sudo apt install awesome"]
    3. Logout and in gdm after selecting the user, click the gear icon in the lower right corner and search for the window manager you just installed.
    4. Login and play with it a little bit.
    5. When you want to go back to GNOME just log out of the WM (usually there's a key-binding for that in the config file) and select GNOME in the gear icon.

    In i3 window manager:
    +/- Click on network icon in lower-right corner of screen to set networking.
    Command-d to select an application to launch.
    Command-enter to open a Terminal window.
    Command-f to go to full-screen mode.
    Command-shift-q to close current application.
    Command-shift-e to exit i3 and go back to login screen.

  • If you want to try display managers:

    In Ubuntu GNOME 20.04: install another window manager (see previous section), then logout. Click on a user name to log in, then click on gear icon in lower-right corner. A couple of the choices will be "Ubuntu" (which means X) and "Ubuntu Wayland" (which means Wayland). Pick one, then type password to log in.

    After system has logged you in, do "sudo ps -ax | grep gdm3" to see what display manager you're running.

    A few quirks with Wayland on Ubuntu GNOME 20.04: some kind of transparent desktop with one icon shows up in list of apps; in Firefox much of the tab bar doesn't work and locks the whole app until you alt-tab to another app.

  • If you want to try other Desktop Environments:'s "How to Install and Manage Multiple Desktop Environments Using GUI"
    How-To Geek's "How to Install and Use Another Desktop Environment on Linux"
    StackExchange's "Why does installing different desktop environments break things?"
    In Mint, open Software Manager app and search for "desktop". A bit confusing, but they're there.

    Or maybe create a USB Live drive for the new DE and try it there for a while, before messing with your system on disk.

    From someone on reddit:
    +/- > is it possible to just install a couple different desktop environments
    > and switch between them when I feel like it ?

    You can install most all of the *-desktop packages and select what desktop to use at the Login screen Its not that hard.

    The Login manager screen has some icon of menu of all the DE's and WMs installed on the system, the user just picks one before they click the Login button.

    HOWEVER ...

    The icons and applications are often not very separated, and the names can be confusing because they are all mixed together.

    Example, With the IDIOTIC naming scheme common these days of using 'common' terms for program names, you may have 4 'terminal' icons each called terminal, and each calling a different terminal program. KDE is a bit more clear in its menus, but some other DEs can be a real bother. it is possible to hide specific programs/icons in specific DEs but it can be annoying to tweak them all.

    So in short, you can:
    sudo apt install kubuntu-desktop xubuntu-desktop lubuntu-desktop budgie-desktop   
    then log out, (you may need to restart the login manager) (or be lazy and reboot)

    Select the correct desktop to try, log in, enjoy.

    Some things to watch out for: redundant programs, poorly named programs (gee 4 icons called 'settings' how nice), Login manager might get changed (easy to change back), disk space used up, default applications might get changed also. Been running this kind of Franken-Desktop setup for ages.

    I tend to go on a 'testing spree' of the other desktops, before i do a clean install, then when installing i pick what DE to try out for a while, until i get bored and do it all again.

    From people on reddit:
    +/- A loosely-structured hierarchy of components ultimately all work together to provide you with a graphical experience. From the "ground up" they are:

    • A display server protocol. (See: X11, Wayland)

    • A display server is a service that provides an interface for applications to present a simple graphical interface to the user. (There's basically only one display server left that implements the X11 protocol, the one from X.Org. There are several display servers that implement the Wayland protocol, e.g. Weston, Mutter, KWin, Sway. Also, on Wayland the tasks of display server, window manager, and compositor are often done by the same program.)

    • A window manager is a service that works with the display server to present applications via one or more windows. These come in several flavors:

      • A stacking window manager is the traditional concept, where one window is "on top" and all the others are layered behind. (See : Xfwm, Openbox)

      • A tiling window manager presents windows to the user in a way that they're never overlapping. (See: awesome, i3)

      • A compositing window manager (or compositor) is similar to a stacking window manager, except that it provides each application its own off-screen buffer first, and then composites those buffers together on screen. This provides additional features like alpha-blended windows, animations, desktop wall/cube, etc. (See: Compiz, Mutter)

    • A widget toolkit is an code library applications use to draw widgets (menus, buttons, etc.) onto the windows provided by the window manager. (See: Qt, GTK)

    • A graphical shell is an application that provides the basics concepts like login screen, task bar, system tray, etc. (See: GNOME shell, KDE Plasma)

    • A desktop environment is the coordination of all these layers, plus any number additional applications, into a single user experience. (See: GNOME, KDE)

    • A Linux distribution will package a desktop environment with more applications, plus an installer, software repository, etc. to form a complete operating system.

  • Buy a USB SSD drive for backup/offline-storage, encrypt it, and possibly move it between Linux and Windows:

    SSD vendors don't seem to support Linux in their "management" software.
    Format the drive as NTFS and encrypt it with VeraCrypt ? Or format as EXT4 ?
    Many tips about SSD apply to using it as boot/system drive, not external storage.
    Easy Linux tips project's "SSD: how to optimize your Solid State Drive for Linux Mint and Ubuntu"
    Jack Wallen's "How to check SSD health in Linux"

  • Mounting disks:

    From someone on reddit:
    To auto-mount disks at startup:

    sudo apt install gnome-disk-utility

    Run GNOME Disks application.

    Select your partition from the disk -> Advanced options -> Edit Mount options -> Turn automatic mount options off -> here you can set a variety of options including the name, disable the password prompt, and set the mount point (/mnt/123456 -> /mnt/Media).

  • Moving Linux from HDD to SSD:

    Abhishek Prakash's "Upgrading To Solid State Drive in Linux: The Easy Way and The Hard Way"
    Easy Linux tips project's "SSD: how to optimize your Solid State Drive for Linux Mint and Ubuntu"
    Danny Stieben's "How To Optimize Linux For SSDs"
    Jack Wallen's "How to check SSD health in Linux"

    In Firefox, set "browser.sessionstore.interval" to a much larger number, to reduce writes to SSD. If you have lots of RAM, maybe set "browser.cache.disk.enable" to 0.

    Might also want to change I/O scheduler, at least for SSD ? Use BFQ ? Article1 Article2

  • Can I change the location of my Home folder to an external drive with more room?

    Suggest leaving it where it is and mounting the external drive under your home directory. Mount the disk once and then do "sudo blkid" to get the UUID. Later you can mount it via "sudo mount UUID=nnnnnnnnnnnnnnnnnn /home/myuser/extdrive". And you can make it auto-mount by adding a line to /etc/fstab.

Easy Linux tips project's "Complete starters' guide for Linux Mint"
Linux Mint's "The Linux Mint User Guide"'s "Tutorials"


Gary Newell's "Complete List of Linux Mint 18 Keyboard Shortcuts for Cinnamon"

OSTechNix's "3 Good Alternatives To Man Pages Every Linux User Should Know"
TLDR pages ("simplify the beloved man pages with practical examples")
Sudeshna Sur's "Replace man pages with Tealdeer"
ManKier ("a collection of man pages, translated ... to semantic HTML5")

A bit old, but interesting: Debian Reference's "Chapter 9. System tips"
GNU Project's "All GNU packages"
LeCoupa /
P. Lutus's "How to Use Secure Shell"
Debian Reference
The Debian Administrator's Handbook

CLI stuff:

"man": in output, /SEARCHTERM to find, n for next match, Shift+n for previous match.
"man -k KEYWORD": list all man pages that relate to KEYWORD.
"apropos KEYWORD": list all man pages that relate to KEYWORD.
"info" (mainly for GNU components).
"whatis COMMAND": show brief description of command.

Type command and space-tab-tab, see all possible arguments to it.

Try "exa" (article) instead of "ls"; it adds coloring and tree features.


To change keyboard behavior/mappings, see man pages for setxkbmap and xkeyboard-config. Or on Mint, go to System Settings app, Hardware / Keyboard / Layouts, select a layout [probably English (US)], click Options, click on Caps Lock behavior.


Types of printer interface:
  • CUPS printer drivers (which are somewhat uncommon).
    Seth Kenlon's "How to set up your printer on Linux"

  • CUPS PPDs (PostScript Printer Definitions). on Wikipedia

  • IPP (Internet Printing Protocol; AKA "driverless"). on Wikipedia
    The printer has to be up and responding to you when you add it to the CUPS server (because CUPS immediately tries to query it for its printing information).

"apt install ink" and then "ink -p usb" to see ink levels in a USB-connected printer.

Apparently HP printers have had great support for Linux for a long time, and open-source drivers; strongly recommended.

Instead of using CUPS, you might be able to print directly to a network-accessible printer (has an IP address). Try "nc IPADDRESS 9100 <FILENAME" or "gs FILENAME | nc IPADDRESS 9100".

See what distro/kernel versions you are using:


cat /etc/lsb-release
cat /etc/upstream-release/lsb-release
cat /etc/debian_version
cat /proc/version

See what CLI commands you use most often:

history | awk '{print $2}' | sort | uniq -c | sort -nr | head -n 10

See if you are using any 32-bit software:


lsof | grep i386-linux-gnu && echo "Found 32-bit library in use" || echo "No 32-bit library in use"
dpkg -l | grep "^ii" | grep ":i386" && echo "Found 32-bit packages installed" || echo "No 32-bit packages installed"
Jesse Smith's "Checking for 32-bit applications on the operating system"

CPU stuff

See if your CPU has any vulnerabilities and if mitigations have been implemented:

tail -n +1 /sys/devices/system/cpu/vulnerabilities/*
Wikipedia's "Processor Info and Feature Bits"

Test for AMD Ryzen RDRAND bug:



Phoronix says edit /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor to set to "performance", but my system doesn't have the lower part of that tree. I did:

sudo bash
sudo echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
But it made no difference, and after a reboot they had all been changed to "ondemand".

Steve Scargall's "How To Set Linux CPU Scaling Governor to Max Performance"

Michael Larabel's "The Desktop CPU Security Mitigation Impact On Ubuntu 20.04" (10% perf loss on somewhat-older CPUs)
Leo Chavez's "Disabling Intel and AMD CPU Vulnerability Mitigations in Debian and Ubuntu"
Linux Reviews' "HOWTO make Linux run blazing fast (again) on Intel CPUs"
See state of mitigations: "grep -H '' /sys/devices/system/cpu/vulnerabilities/*"
Edit /etc/default/grub to add "mitigations=off" to GRUB_CMDLINE_LINUX, then update GRUB.
I turned off CPU mitigations, and saw no difference in benchmarks.

Didn't do: "sudo apt install cpufrequtils" and "echo 'GOVERNOR="performance"' | sudo tee /etc/default/cpufrequtils"

Did "sudo systemctl disable ondemand" and rebooted. That got rid of Phoronix's "CPU governor is on" warning message, but no change in results. Enabled service again.

In BIOS change "performance profile" from "Silent" to "Balanced".

DON'T overclock. A recipe for errors and damage.

See if you are using any non-free software:


sudo apt install vrms
# note: installation creates a monthly cron job !

Using your Linux box to do penetration-testing of other devices:

Compiling stuff from source:

Chris Hoffman's "How To Compile and Install from Source on Ubuntu"

SK's "An Easy Way To Remove Programs Installed From Source In Linux"
Ubuntu's "CheckInstall"

I don't know how to register a compiled app under apt. But once you've done so, you can create a .deb file from it by using "dpkg-repack". Or:
Debian Packager