Linux Laptop – Ubuntu

Howard Gibson

2018/11/24

Contents

1 Introduction 1

1.1 Objective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.2 Copyright . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.3 Why Linux? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.4.1 Installation . . . . . . . . . . . . . . . . . . . . . . . . 3

1.4.2 DVDs . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.4.3 MBR and GPT Formatted Disks . . . . . . . . . . . . 4

2 Hardware 4

2.1 Laptop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.2 CPU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.3 Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.4 Hard Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.5 DVD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.6 Video Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.7 Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.8 Sound Card . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

i

2.9 Modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2.10 Keyboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2.11 Webcam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2.12 Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.13 Battery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.14 Slots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

3 Installation 7

3.1 Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

3.2 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

3.3 Partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

3.4 Sudo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.5 Install Media . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3.6 Text Editing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3.7 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

3.8 As Installed Partitioning . . . . . . . . . . . . . . . . . . . . . 12

3.9 Logging in for the first time . . . . . . . . . . . . . . . . . . . 14

3.10 Exploring the Desktop . . . . . . . . . . . . . . . . . . . . . . 14

3.11 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

3.12 Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

3.13 Terminal Sessions . . . . . . . . . . . . . . . . . . . . . . . . . 16

3.14 New Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

3.15 Bluetooth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

3.16 Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

3.17 More Software . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3.18 Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3.19 Window Managers . . . . . . . . . . . . . . . . . . . . . . . . 19

3.19.1 XFCE . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

3.19.2 LXDE . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

ii

3.19.3 Other Window Managers . . . . . . . . . . . . . . . . . 19

3.20 Fortune Cookie . . . . . . . . . . . . . . . . . . . . . . . . . . 20

3.21 More Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

3.21.1 Disable Ping . . . . . . . . . . . . . . . . . . . . . . . . 21

3.21.2 Login Window (Display Managers) . . . . . . . . . . . 21

A Backups 23

B Mounting a USB Stick While Installing 24

C Encryption 25

iii

iv

1

1 Introduction

1.1 Objective

Test the default installation of a popular Linux distribution, in this case,Ubuntu 16.04.5 (32bit).

I have been installing Linux since 1995. I have been formally trained in UNIXadministration. I have developed all sorts of installation and usage habitswhich are of no interest to ordinary people who might be tempted to installLinux. The install instructions for my regular computers show all sorts ofcustomizations I like to do.

I want to know how easy it is for an ordinary mortal to install Linux. I willdo a standard installation. I will customize only if something important ismissing. I will not use vi.1 I will use the editor nano if absolutely necessary,but I will use easily located graphical administration tools whenever possible.

The OS is Ubuntu 16.04.5 (32bit), downloaded from Ubuntu’s website,2018/08/25 The installation was on 2018/08/26.

1.2 Copyright

This document is copyright © 2018 by Howard Gibson. You may post thison web pages and bulletin boards free of charge. All other rights are reserved.

1.3 Why Linux?

Linux is Free Software. Your computer should not be encumbered by copy-rights and Digital Rights Management (DRM). Proprietary software publish-ers are trying so hard to prevent unathorized copying that they can preventyou from installing and using copies you purchased, and are authorized touse. Also, if you cannot run the application you used to create your data,you don’t own your data!

1Bill Joy from Sun Microsystems, wrote vi back in the seventies. It is the standardUNIX system administration text tool, and UNIX/Linux administrators are expected toknow it.

2 1 INTRODUCTION

Linux is not hard to install on most computers. The latest “bleeding edge”video and sound cards may give you trouble. If you are buying a new com-puter, you should do some research on the hardware. If your computer isolder, Linux should have all the drivers you need. You need to research Linuxsupport on printers and scanners. Not everything works.

A basic Linux install will include some very good graphics programs, par-ticularly GIMP, a good substitute for Adobe Photoshop. Just about everyprogramming tool is available for Linux, except for the proprietary Microsoftones like Visual Basic and C#.

Linux can run efficiently on older, slower computers, because you can selectsmaller, faster user interfaces and applications. Install the window managersXFCE and LXDE. Libre Office is a credible alternative to Microsoft Officebecause it is just about as bloated as Microsoft Office. Try the word processorAbiWord, and the spreadsheet Gnumeric. You could learn to use LATEX,whose files are edited with a text editor.2

Linux is less capable at video games and multimedia. There are lots of FreeSoftware computer games out there, but the best stuff is commercial andproprietary. Few publishers support Linux.

The big problem with Linux and multi-media is ideological. Most mediaformats are proprietary. GNU and Linux are the work of Free Softwarepeople, who are reluctant to support proprietary formats. If you spend anhour or so surfing GNU.org , you will understand who you are dealing with.The GNU “Copyleft” really is a copyright. All copyrights are supported bythe Free Software community.

Linux can be made to support multi-media. I watch YouTube and Netflixon my Linux box. I can watch most commercial DVDs. Don’t expect theFree Software community to knock itself out to help you.

For more information on the thinking behind Free Software, just follow thelinks. You can get support for most media formats. Just search Google forLinux multi-media support.

2This document is maintained in LATEX. The best reference on LATEX is A Guide toLATEX 2ε by Helmut Kopka and Patrick W. Daly, Addison Wesley books. This bookprovides good document templates. I have not found other references to be useful.

1.4 Summary 3

1.4 Summary

1.4.1 Installation

A default new installation of Ubuntu took about an hour, and it was easy.The machine will have properly configured user accounts, and a workingfirewall. There are some nasty UNIX tricks that will improve security, butthese are not absolutely necessary.

I downloaded and installed Ubuntu 16.04.5, but when I logged in the firsttime, it offered to upgrade to 18.04 ‘Bionic Beaver’.3 Great! With a 32 bitcomputer, you cannot download the latest version, but you can upgrade toit.4

Ubuntu’s default behaviour is to install a /boot primary partition, and alogical partition containing only a root partition. I strongly prefer a separate/home partition. This is where all the user’s working files are stored. The newUbuntu user must plan a backup strategy to copy /home off the hard driveand onto some external media like an optical disk, or an external USB drive.See my notes below on Backups.

Ubuntu sets up user directories with read-write access for the user, and readaccess for everyone else. Fedora allows access of any kind only to the user.I strongly prefer Ubuntu’s approach. If you are setting your file systems upfor a work group or for your family, you should trust everybody. Folders con-taining private stuff can be locked down by the users. Email tools generallykeep non-users out of email folders.

1.4.2 DVDs

Download install ISO images from the internet. These can be burned toDVDs, or copied to USB sticks. New computers generally do not have DVDsor Blue-rays. There are instructions on the internet for creating bootableUSB sticks from ISO files.

If you are interested in Linux, buy one of the books. You get documenta-tion, and you support the community. Christopher Negus’ Linux Bible and

3Ubuntu does not take version names with deadly seriousness.4A more recent download of the standard Bionic Beaver, installed on my 32 machine.

This is even better than the upgrade.

4 2 HARDWARE

Ubuntu Bible continue to be updated as of 2020. I cannot find a Fedora Bibleless than ten years old. Google, or search the bookstore websites. Make sureyou are buying something recent. There are lots of older books for sale.

1.4.3 MBR and GPT Formatted Disks

If you are buying a new hard drive for an old computer, you need to readthe following carefully.

New computers are being shipped with GPT formatted hard drives, andmotherboards that can use them. GPT is a more advanced disk format.Among other things, it allows many more primary partitions. The oldMBR format5 only allows four. For my Fedora 26 install onto my new harddrive, this was a very nasty surprise. My Gigabyte GA-990FXA-UD3 Ver-sion 1.1, motherboard6 did not work with my new hard drive, a WesternDigital WD2003FZEX-0. The installed system showed the boot screens,then “Loading Operating System ...”, then it stopped. After a week of futilehacking, I bought a new 2TB hard drive, and now everything works! theWD drive now is my /archive drive. It works. I just cannot boot from it.

If you are installing Linux on an old clunker computer and an old drive, youshould have no problems. If you are installing Linux on a new computer witha new, GPT capable motherboard and GPT formatted drive, you should haveno problems. The fun starts when you replace the hard drive on your oldclunker.

If you are buying a new hard drive for your old computer, ask questions at thestore. My non-functional drives were from Western Digital. My functionaldrive is from Seagate.

A crude rule of thumb is that if your “new” machine is working with whateveroperating system you have, your Linux install will work.

2 Hardware

This is a Lenovo Thinkpad T400. I purchased it second hand at Laptops forLess, at 3358 Lakeshore Blvd, in Etobicoke, Ontario.

5MBR stands for Master Boot Record. GPT means GUID Partition Table. GUIDmeans Globally Uniquie IDentifiers. I don’t know the significance of any of this.

6The Gigabyte GA-990FXA-UD3 Version 3.0 is capable of booting GPT drives.

2.1 Laptop 5

The machine has a double density DVD burner, an Ethernet connection, andthree USB ports.

2.1 Laptop

Lenovo Thinkpad Model 6475GZ5, Serial Number R8-GEFYN 09/11

2.2 CPU

Intel Core 2 Duo CPU P8400 2.26GHz

2.3 Memory

It came with 4GB, in the form of two 2048MB DDR3 SD-RAM.

2.4 Hard Drive

ATA HDD0: Hitachi HTS723216L9SA60-(S1) listed at 160GB.

2.5 DVD

ATAPI CD0: Matshita DVD-RAM UJ862A-(S2)

2.6 Video Card

Intel HD graphics with up to 1.6 GB of shared video memory. This supportsan external monitor 1920x1200 16 million colours.

2.7 Monitor

14.1” 1280x800, and 16 million colours

6 2 HARDWARE

2.8 Sound Card

Realtek codec ALC269 with 2-channel High-Definition (HD) audio

2.9 Modem

Protocols & Specifications: ITU V.90, Max Transfer Rate: 56.0Kbps, Fea-tures: V.92 upgradable.

This is a “soft” modem requiring drivers, as opposed to a hardware modemthat just works. Linux drivers probably are available, but they are not FreeSoftware. When was the last time you used a modem?

I have gotten these modems working way back in the distant past.

2.10 Keyboard

Laptop keyboard with touch-pad and nipple. Cool! Also, there are two sets ofmouse buttons. The buttons near the nipple include a middle button. Withthe X Windows System graphical user interface, this is very good indeed.

2.11 Webcam

Oh oh!

1.3 megapixels with digital microphone. This camera has an LED that goeson when the camera is running.

Gnome comes with something called cheese to operate webcams.

I have tried running cheese remotely, using another computer as the display.It could not find a device. This is good. We do not want the webcam runningremotely.

Recent articles in the news show that webcams and impressionable younggirls are a bad combination. I don’t have a young girl, impressionable orotherwise, so there is no problem for me. I will refrain from taking myclothes off when asked. I promise!

Facebook is being blamed for recent teen suicides. Facebook does not havea live “please take your clothes off” feature. I suspect that the real culpritis Skype, which is available for Linux.

2.12 Network 7

Like all other web-enabled devices, the webcam in your daughter’s bedroomwill be inaccessible to the internet if it does not exist. My newer Lenovolaptop does not have a webcam.

2.12 Network

Integrated 10/100 Ethernet LAN

Atheros XSPAN BGN (802.11BGN) wireless

Bluetooth V2.1 technology

Wireless: 802.11 a/b/g/n (draft), Bluetooth 2.0, Network Interface: GigabitEthernet

2.13 Battery

6-cell Lithium ion

I have replaced this with a higher capacity battery, which give me a lifespanof around four and a half hours.

2.14 Slots

ExpressCard/54

3 Installation

3.1 Planning

I have replaced this machine with a newer, faster laptop. This now is a playtoy.

Newer machines all are 64 bit. Linux is a good way to extend the functionallife of older machines. Google Chrome is available for Linux in 64 bit, only.

I will treat this as a user’s primary computer. The machine must have emailand web surfing tools, as well as a Microsoft Windows compatible office suite.

8 3 INSTALLATION

The ability to read and to save files in Microsoft DOCX, XLSX and PPTXis necessary.7

The user may have a family, and they may want to create extra accounts.

Programming is not necessary, but I will look at this as an option.

3.2 Security

This machine is a laptop. I expect it to be transported out of the home, andconnected to the internet in coffee shops, and in schools and colleges.8 Evenif the machine is kept at home, it may be plugged directly into an internetmodem. Wireless routers act as firewalls, but not everybody has one. Wewill activate and test the firewall.

If your laptop gets stolen, the best thing you can have is an encrypted harddrive. The bad guy will have your hardware, but your data will not beaccessible. An encrypted installation is not necessary for a desktop or serverthat stays at home, but this is a laptop.

3.3 Partitioning

Linux installers break the hard drive up into separate partitions.

There are two important issues with partitioning. I assume you plan to useyour computer for a fairly long time. Eventually, you will want to re-installLinux to get a more advanced version, or perhaps, a different distribution.

1. You need a root partition large enough to hold the newer version of theOS.

2. You do not want to harm your /home partition. This is where all ofyour data will be stored.

7If you share office files, you should stick with the older DOC, XLS and PPT formats.If people’s computers ain’t broke, they don’t fix them.

8The Toronto Transit Commission provides WiFi in its subway stations.

3.4 Sudo 9

Ubuntu’s default behaviour is to create a primary partition called /boot, andan encrypted logical partition9 containing the root partition, only. There isno separate /home partition.

I am a Fedora guy. Fedora does not reliably upgrade to new versions. I preferto blow away root and reinstall the new OS. Maybe Ubuntu is better at this.Maybe, someday, you will want to install a different Linux, like Fedora orDebian, or one of those GNU/Linuxes that are completely Free Software.

I will accept the standard Ubuntu single partition install. You need somemeans of copying /home onto some external media if you want to do a re-install.

3.4 Sudo

There are two ways to administer UNIX/Linux. You can have a root account,or you can use sudo.

Historically, UNIX type systems are installed with a super user account calledroot. This account has complete write access to everything on the computer.This is dangerous. Good practise is not use this account for anything otherthan system administration. When you are logged in as a regular user, yourability to damage your system is drastically reduced.

When you open any sort of UNIX/Linux terminal or shell, you are promptedby a text string ending in a dollar sign, $.10

When you log in as root, the prompt changes to a pound sign, #, also calleda hash sign in the computer world. This is a sign of danger. The hash signsays you are root, and that you can trash the system if you are not careful.

An alternate approach for all this is to not have a root account. A group ofusers are designated as administrators. To issue a root command, they go. . .

$ sudo nano /etc/group

9Don’t worry about the terminology. If you follow my instructions, you will get aworking computer. You can always Google this stuff.

10The command line prompt is configurable. Fedora’s current default is to show theuser name, the computer name and the current directory. If you want to change this, youwill have to read up on it.

10 3 INSTALLATION

The system prompts for the user password. The resulting increased accesscontinues for several minutes.

This is used on MacOS, Ubuntu and now, Fedora. I would prefer to keepthe root account. When I am logged in as root, I can see the hash sign, andI know there is a threat. On a single user machine, like mine, sudo makesadministration easier, and reduces the number of strong passwords I need totrack. This may be one of those six of one, half dozen other issues.

3.5 Install Media

The files you download from the distribution websites are ISO files. These areused to create potable DVDs or USB sticks. I find DVDs easier to manage.If your machine lacks a DVD reader, you will have to search the internetto find out how to install an ISO image onto your USB stick. The ISO forUbuntu 16.04.5, 32bit, is 1.6GB. Any cheap old USB stick will work. Ifyour computer will not boot from USB, you will have to pick up a USBDVD reader.

3.6 Text Editing

This document is written mostly with the text editor vim, a version of vi.This is an extremely efficient and productive editor once you learn it, espe-cially if you are a touch typist, like me. It is especially efficient with largedocuments, since you can navigate by doing the text seaches through thecommand line. It is the text editor of UNIX and Linux geeks everywhere.Unfortunately, it is mindbogglingly not user friendly.

Linux newbies need to try something else. You need a text editor that runsin a terminal session. You don’t always have the X Window System runningwhen you do administration.

The text editor nano, is available and strongly recommended. You navigatearound the text file using the arrow keys, just like you think it should. Ithas a CTRL key menu at the bottom of the screen.

When you are told to edit configuration files, use nano.

3.7 Installation 11

3.7 Installation

I mean to do a wireless installation. Plugging into your wired network isfaster and way more reliable, but sometimes, you have to do wireless.

1. You may have to go into your BIOS and select the boot device withyour OS on it.

2. Insert the DVD or USB stick, and boot the machine.

3. Wait.

4. Eventually, the GUI window11 comes up, and then the “Welcome” win-dow appears. You can Try Ubuntu or you can Install Ubuntu. Let’sinstall it.

5. The “Wireless” window has come up. Select your local WiFi networkand hit [Connect].

6. It worked! Hit [Continue] to get to the next window.

7. The “Preparing to install Ubuntu” window comes up. There are twochoices here,

• Download updates while installing Ubuntu,

• Install third party software for graphics and Wi-Fi hardware

Flash12 MP3 and other media.

The second choice will install all sorts of not-free software. If youwant to be a strict Free Software person, you should not select this.Otherwise, select both.

8. The “Installation Type” screen comes up.

• Erase disk and install Ubuntu.

– Encrypt the new Ubuntu installation for security.

– Use LVM with the new Ubuntu installation.

11GUI stands for Graphical User Interface.12Flash is being discontinued in the industry because of security problems. I hope this

is not installed.

12 3 INSTALLATION

• Something else

Let’s erase the disk, and encrypt the new installation. LVM turns onautomatically.13 Don’t worry about this.

9. The Choose a security key window comes up. This is your harddrive encryption. Read carefully through my notes below under En-cryption. Type in your encryption key. Hit [Install now].

10. You will be prompted asking if changes are to be written to disk. Thisis your last chance to not wipe everything out and replace it. Hit[Continue]. I did this at 4:40pm.

11. Now it is asking “Where are you?”. I clicked in the general vicinity ofToronto, Canada. This is what it recognized. Hit [Continue].

12. The “Keyboard layout” window came up. I left mine at English (US).

13. Now it wants to know “Who are you?”. Provide your name, pick aname for your computer, then select a password. Now how the installerrates your password. Definitely, require your password to log in. Hit[Continue].

14. A bunch of windows scroll by, telling you what is being installed. Atsome point there are notes above the progress bar that talk about“removing” stuff. This has to be the updates we have selected.

15. The installation completed at some time before 5:05pm. Remove theDVD, then turn your computer off. I had troubles rebooting.

16. When it reboots, you will be prompted to your encryption key.

3.8 As Installed Partitioning

I am showing you here how the disk drive got partitioned. There is no needfor you to do this.

13LVM is Logical Volume Management, which is useful for MBR-formatted drives. Thislaptop has an MBR formatted drive. Newer computers have GPT formatted drives. Theinstaller may behave differently if it sees these.

3.8 As Installed Partitioning 13

The following output was done immediately after installing Linux, Note howI use sudo to get into fdisk. This command can wipe out everything on yourhard drive, so use it with extreme caution. Here, I read the partition table,then I exited without saving anything. I see no reason why an ordinary usershould run fdisk.14

howard@Lenovo:~$ sudo fdisk /dev/sda

Welcome to fdisk (util-linux 2.27.1).

Changes will remain in memory only, until you decide to write them.

Be careful before using the write command.

Command (m for help): p

Disk /dev/sda: 149.1 GiB, 160041885696 bytes, 312581808 sectors

Units: sectors of 1 * 512 = 512 bytes

Sector size (logical/physical): 512 bytes / 512 bytes

I/O size (minimum/optimal): 512 bytes / 512 bytes

Disklabel type: dos

Disk identifier: 0x712cc48b

Device Boot Start End Sectors Size Id Type

/dev/sda1 * 2048 1499135 1497088 731M 83 Linux

/dev/sda2 1501182 312580095 311078914 148.3G 5 Extended

/dev/sda5 1501184 312580095 311078912 148.3G 83 Linux

Command (m for help): q

howard@Lenovo:~$ df

Filesystem 1K-blocks Used Available Use% Mounted on

udev 1988760 0 1988760 0% /dev

tmpfs 403064 6472 396592 2% /run

/dev/mapper/ubuntu--vg-root 151974036 5126580 139104584 4% /

tmpfs 2015316 37240 1978076 2% /dev/shm

tmpfs 5120 4 5116 1% /run/lock

tmpfs 2015316 0 2015316 0% /sys/fs/cgroup

14If you are in fdisk, Enter the command “q” to quit without saving changes.

14 3 INSTALLATION

/dev/sda1 736752 72936 626392 11% /boot

tmpfs 403064 76 402988 1% /run/user/1000

howard@Lenovo:~$

3.9 Logging in for the first time

This Ubuntu machine is using Sudo. When you are prompted for an admin-istration password, you type in your account password.

Ubuntu boots. I log in, and find myself in Unity, which is Ubuntu’s versionof the Gnome window manager. The window shows a bunch of keyboardshortcuts, but this disappears when I try to do anything.

I see icons down the left hand side of the screen, starting with a file cabinet,and Firefox. I launched Firefox, and I determined that I am connected tomy WiFi. Evidently, the WiFi key was saved during installation. Great!

A window has popped asking me if I want to upgrade to a newer versionof Ubuntu. Okay. [Yes, upgrade now]. Type in your password. As of2018/08/28, we are getting Ubuntu 18.04 ‘Bionic Beaver’. This could take awhile.

The update program warned me that some packages will be removed, newpackages will be installed, and a bunch will be upgraded. The download willtake 27 minutes through my wireless connection, and the installation, severalhours. Once the download is finished, the process cannot be cancelled. Hit[Start Upgrade]. I will do no configuration until this upgrade is complete.The upgrade process prompted me before it deleted the obsolete packages.

When I completed the upgrade and I logged in, it asked me to set up aUbuntu account to do security upgrades. I did, and I have run Livepatch.

3.10 Exploring the Desktop

Unity shows icons down the left hand side of the screen below the word“Activities”. From the top down. . .

• A file cabinet icon – file manager

• Firefox – web browser

3.11 Firewall 15

• LibreOffice Writer

• LibreOffice Calc

• LibreOffice Impress

• A briefcase – Ubuntu Software – install new software

• A gear and wrench – Settings

Click on “Activities” and look over at the right hand side of the screen. Thebrings up Unity’s virtual windows. You can scatter your applications acrossmultiple windows, and move from one to another by clicking on “Activities”.

At the bottom of the left hand screen is a 3 × 3 matrix of dots. This showsyour available applications. You can show a small list of applications yourun frequently, or you can show all of them.

3.11 Firewall

On any machine not located behind a firewall, this is absolutely critical.

I cannot find a Firewall icon. I clicked “Activities” at the top left hand of thescreen. I typed firewall in the “Type to search...” window. This broughtup a Firewall install window. I installed the graphical configuration tool byclicking [Install]. After it installed, I clicked [Launch].

Under “Zones”, I selected “external”. I went down through Services, Ports,Protocols and Source Ports, and I made sure everything was turned off.The only thing turned on was ssh, the secure remote shell. I turned thisoff.15 Next to “Configuration” at the top, pull down the button and select[Permanent].

3.12 Networking

Ubuntu automatically connects to your Ethernet and WiFi networks.

15The secure shell allows you to login remotely to your computer. If you do not under-stand UNIX shells, this feature is useless.

16 3 INSTALLATION

3.13 Terminal Sessions

Operating system and desktop developers try hard to make adminstrationtasks work from graphic users interfaces (GUIs). The time comes when youmust open a terminal and deal with the command line.

On a Gnome desktop, there are two ways to open a terminal.

1. Hit Alt-Ctrl-F2. A GNU/Linux destop has seven terminals, num-bered from 1 to 7. Typically, terminal 1 is your graphical desktop.Terminals 2 to 7 provide you with command line logins. For most dis-tributions, Alt-Ctrl-F1 gets you back to the graphical window. Makesure you logged out of the terminal.

2. Click on “Activities”. Click on [Show Applications]. Search for aterminal. The terminal may be located under Utilities.

I have written a HOWTO on the UNIX/Linux command line.

3.14 New Users

Let’s create some user accounts. You have sudo access. Your new usersprobably should not have this.

Click on “Activities” at the top left of the screen. In the “Type to search...”window, type users. You should see an icon for “Add or remove users andchange your password”. Click on this.

The “Users” window should show of your user account. At the top right ofthe window, you should see an “Unlock” icon. Click on this. Type in yourpassword to get system access.

At the top right, you should be the button [Add User...]. Click on this.

Type in the user name. Type in a password that is strong enough the systemwill accept it. Verify that the account type is [Standard]. Hit [Add] at thetop right of the window.

I have tested it, but I assume that an [Administrator] user has sudo access.

Ubuntu’s default is to leave user accounts readable, but not writable, by theoutside world. This is good. You can set more restrictive permissions on files

3.15 Bluetooth 17

and folders. Your email program probably will lock your email account sothat only you, and people with administration access, can read it. Meanwhile,you all can share information.

The user configuration window allows you to attach pictures of your users, oryour users to attach pictures of themselves. This is cute, and it is a securityhole if your machine is exposed to jerks and assholes.

Open a file manager and try reading the folders of other users. These arefound under /home. Ubuntu default behaviour is to allow read access touser folders. This makes sense to me. The other users either are co-workers,friends, or family members. A user can restrict access to folders if necessary.Email tools do this automatically.

3.15 Bluetooth

I tested Bluetooth. Just pull down the network icons at the top right of thescreen, and select Bluetooth. It works!

3.16 Printer

You probably have one.

If your printer is plugged into your USB, Ubuntu will find it and configureit.16 This takes a while, so be patient. When I set up my Hewlett Packard HPDeskjet 6940, it claimed it was missing drivers. When I launched “Settings”from the left side buttons, I went “Devices”, and “Printer”, and I requesteda test page, everything worked!

1. Click on the [Settings] icon on the left of the screen.

2. Click Devices.

3. Click Printers.

4. The window should indicate at this point that there are no printers.Click [Additional Printer Settings...].17

16I find that not every USB ports works on this stuff. If the printer is not seen, tryanother USB port.

17Hitting [Add a Printer...] looks like the right button, but it isn’t.

18 3 INSTALLATION

5. The “Printers – localhost” window comes up. Hit [Add] in the middle.This gives us a selection of places to find a printer.

6. Expand “Network Printer”. You will be prompted for the administratorpassword. This revealed HP Deskjet 6940, my network printer!

7. I clicked on my printer.

8. I left “Connection” at the default HPLIP.

9. I clicked [Forward].

10. The system went searching for drivers. It found some.

11. When the “New Printer” window comes up, I recommend naming itlpr. This is the default Linux printer name, and all sorts of applicationsdefault to it. Hit [Apply].

12. Print a test page. If this works, you are done!

13. Click [Okay].

3.17 More Software

Click on the “Ubuntu Software” icon. Search through this for cool soft-ware packages to install. The GIMP (GNU Image Manipulation Program)is strongly recommend.

3.18 Programming

GNU/Linux is notoriously a good programmer’s environment. I did a searchfor make, gcc, g++, perl and python, and I found all of them.

The original GNU text editor Emacs is not installed. If you are serious aboutprogramming, you want this.

Open a Terminal.

$ sudo apt-get -y install emacs

3.19 Window Managers 19

3.19 Window Managers

Ubuntu’s standard window manager is Unity, a version of Gnome 3. Thereare other window managers out there that are worth looking at. I don’t likeGnome 3 very much. You may be installing Ubuntu as a way of making anolder, slower machine continue working. Some other window managers aresmaller, faster, and they behave enough like Microsoft Windows that youunderstand what they are doing.

When you login, you will see a little gear next to the [Sign In] button. Clickon this, and you will see a list of desktops. Let’s add some. You will need toreboot to get these onto the login menu.

In all cases, you need to open a terminal.

3.19.1 XFCE

XFCE describes itself as a lightweight window manager.

$ sudo apt-get -y install xfce4

When you log into this thing, look carefully at the top menu bar. You havefour virtual windows you can click on. This way more convenient than Unity.

3.19.2 LXDE

This is another lightweight window manager.

$ sudo apt-get -y install lxde

On first login, the virtual windows are at the bottom left of the menu bar.Right click on it. The “Desktop Pager” is configurable.

3.19.3 Other Window Managers

There are other window managers available for Ubuntu. KDE is the otherfancy, heavyweight manager. I run FVWM. You can Google all this stuff ifyou are interested.

20 3 INSTALLATION

3.20 Fortune Cookie

It ain’t *NIX if there is no joke printed at the opening of each commandshell.

If worst comes to worst, this is installable from a command line terminal,such as the Gnome terminal.

Red Hat (Fedora) Debian (Ubuntu)

$ sudo dnf -y install fortune-mod

I activated the fortune cookie byadding the following lines to thevery bottom of /etc/profile

$ sudo nano /etc/profile

FORTUNE=/usr/bin/fortune

if [ -x ${FORTUNE} ]; then

${FORTUNE}

fi

$ sudo apt -y install fortune-mod

I activated the fortune cookie byadding the following lines to thevery bottom of /etc/profile

$ sudo nano /etc/profile

FORTUNE=/usr/games/fortune

if [ -x ${FORTUNE} ]; then

${FORTUNE}

fi

Make sure you scroll all the way to the bottom of /etc/profile beforetyping anything in.

The terminal that is launched by Gnome does not automatically run theFortune Cookie. Pull down the edit menu. Select Preferences. Select Pro-files. You should see highlighted a profile called “Unnamed”. Click the Editbutton. Select Command. Ensure you have highlighted the button “Runcommand as a login shell”.

It will be worth it.

3.21 More Security

We now have a nice machine with separate user accounts, login security, anda firewall. This works fine on a home computer that sits behind a firewall. Ifyour home computer is plugged directly into a DSL or cable modem, or youare using outside Wi-Fi, you can improve security. I have two issues that arefairly easily corrected.

3.21 More Security 21

1. Even with a fully configured firewall, Ubuntu, and other Linux boxes,respond to ping. The ping command tests network addresses to see ifthere is a computer there. If your machine does not respond to this,crackers18 will need some other way to find out you are there. You havemade their lives more difficult.

2. The login window should not display user names. If a black-hat wantsto try to login to your machine, they should have to guess the passwordand the user name.

3.21.1 Disable Ping

Ping is a useful network debugging tool. If your computer sits behind afirewall, you should not disable this. If you are exposed to potentially hostileWi-Fi, you may want to do the following.

To do this, we need to edit a configuration file. You must use sudo, and youmust be very, very careful. You need to edit sysctl.conf, scrolling to thevery bottom of the file to add this. . .

$ sudo nano /etc/sysctl.conf

###################################################################

# Disable ping

net.ipv4.icmp_echo_ignore_all=1

3.21.2 Login Window (Display Managers)

The standard Gnome/Unity login window shows a list of usernames, andit can display user photos and other graphics. This is fun and cute if themachine resides in a safe area. If it is exposed to unauthorized users, youmay want to force them to guess user names.

18Free Software people regard themselves as “hackers” to signify that they like hack-ing with computers. Criminals who break into other people’s machines should be called“crackers”. I don’t know what southern USA white people think about his.

22 3 INSTALLATION

I investigated, and found out how to turn off user display on GDM, whichis what Ubuntu uses. This used to not be possible. I got the following fromthe help files on http://www.gnome.org.

This all is command line stuff, so you need sudo access, and you need to bevery, very careful.

1. Create the GDM profile /etc/dconf/profile/gdm, with the follow-ing. . .

$ sudo nano /etc/dconf/profile/gdm

user-db:user

system-db:gdm

file-db:/usr/share/gdm/greeter-dconf-defaults

2. Create the directory /etc/dconf/db/gdm.d.

$ sudo mkdir /etc/dconf/db/gdm.d

3. Create the keyfile /etc/dconf/db/gdm.d/00-login-screen contain-ing the following. . .

$ sudo nano /etc/dconf/db/gdm.d/00-login-screen

[org/gnome/login-screen]

# Do not show the user list

disable-user-list=true

4. Exit any applications you are running. When you restart GDM, youwill be logged out.

5. Update the system databases, and restart GDM. . .

$ sudo dconf update

$ sudo systemctl restart gdm.service

Weird things can happen if you do not reboot at this point.

This works better if you give yourself a creative, hard to guess user name.

23

A Backups

You need a strategy for backing up your hard drive.

I have had an administered, backed up hard drive since 1996. I was takingsome college courses, and getting involved in a ski club in 1998. My emailsand working files are still on my hard drive, although I used at least onecommercial application I cannot get working at the moment.

The primary threat to my data has been me stupidly deleting things, some-times realizing this months later. My primary hard drive has died on me. Ilost no data.

At present, I have two backup devices on my primary computer, a 4 terabytehard drive, and a Blue-ray burner. My automatic nightly backup is doneto the 4TB drive. Periodically, I copy my latest backup to a double densityBlue-ray disk, which has a capacity of 50GB. These are stored in my house,away from my computer. If I really wanted to be thorough, I could rent asafety deposit box at the bank, and store my backup Blue-rays there.

Optical disks, like Blue-rays, are disappearing off of new computers. I amconcerned that it will become hard to find Blue-ray disks, especially thedouble density ones. I love Blue-rays because the individual disks are cheap,and suitable for single use. I have recovered data months after having deletedit.

The Blue-ray requires me to limit the disk space I use. My biggest directoriesare my digital photo directory, and my email, which is archived at least backto 1997. I archive my digital photos to DVD. I am not intensively doinggraphical design, or engineering CAD.

The Cloud is an excellent resource for temporary sharing of information.As a long-term backup of information with security issues, it is risky. Askyourself why such a service is provided free. Assume that data uploaded toa free server is being scanned. Can you say “data mining”? An NDA19 willbe worthless when the owners of the server go out of business, and the bailiffsells their equipment to the highest bidder .

Consider how you store your backup media at home. If you are concernedabout security, you should store your backups in a locked cabinet or a safe.

19Non Disclosure Agreement

24 B MOUNTING A USB STICK WHILE INSTALLING

Once your backup has been transported to another Linux machine, it isaccessible to whoever has that root access.

You can encrypt your backups, but this makes it more difficult to do recov-eries. I try to avoid compressing my backups, because this takes time, andit can introduce data errors.

I may have to switch to portable USB drives. Tape drives still are available,and they have huge capacity. The tapes do not appear to be particularlycheap.

B Mounting a USB Stick While Installing

Maybe you will need to do this.

I was having some problems with an install, and I decided to mount myUSB stick. During the install routine, this is fairly easy. Hit ctrl+alt+f4.Log in as root. You should not need a password. Insert your USB stick. Youwill see a gibberish message on the screen with something like /dev/sdb.This is your USB device. You need to create a file system as a mount point,then mount your stick.

# mdkir /usb

# mount /dev/sdb1 -o auto /usb

The mount command, above, specifies the device. Note that it is /dev/sdb1,not /dev/sdb. The -o auto tells Fedora to figure out the file system type.You could specify vfat, which probably is what it is, but why?

Now, you can copy files, or back up data. See my article on the UNIXCommand Line.

Now, you need to get back to your installation window. On Fedora andUbuntu, ctrl+alt+f1 should do it. Anything up to ctrl+alt+f7 will pro-duce a terminal.

25

C Encryption

These are general comments about encrypted file systems. Most of thesecomments apply to Microsoft Windows and Apple machines, as well as Linux.

As of 2018/02/07, I have encrypted my entire hard drive. My original Fedorasetup was an encrypted /home partition. When I attempted a Ubuntu install,it refused. If the /tmp and swap partitions are not encrypted, some of thenaughty stuff on /home can be accessed. Fedora does not care about this,but Ubuntu has a point.

When I first encrypted a file system on Fedora 10 on an older laptop, Imistyped the encryption key. Upon booting, I was unable to decrypt /home.After repeated attempts, the machine shut down the X Window system andprompted me for root’s password. As root, there was no way to change theencryption key or otherwise, decrypt the file system. It was possible to bootinto single user mode and log in as root. There was no way to mount thepartition. I loaded in the install DVD and tried to repair the install. Again,I was prompted for the /home partition encryption key. It was impossible tore-install Linux without the encryption key.

I booted into single user mode, again without the install DVD. As root,I reformatted the /home partition. I rebooted with the install DVD, and Irepeated the entire install process. It would have been possible to format andencrypt the /home partition from the command line, but I did not bother.

If you are running Fedora with an encrypted /home partition, it is not possibleto boot the machine into multi-user mode without the encryption key. Youcan boot into single user mode, but this is just a rescue procedure, andwhoever is doing it requires root’s password. No booting at all is possiblewith a fully encrypted drive, without the encryption key.

Once the machine is booted, anyone with a user password can access yoursystem and read your data.

Anyone who must be able to boot your computer must be told the encryptionkey. This is not an issue with a personal laptop. It will be an issue on aserver if the wrong people are on vacation, out at lunch and/or run over bytrucks.

If you write the raw partition out to tape or some other device, the data willbe encrypted. There is no convenient way to recover individual files from an

26 C ENCRYPTION

encrypted backup. The backup media is unreadable without the encryptionkey.

If you write /home out to tape or some other device, the data will not beencrupted. If your backup is not encrypted, your backup media is readableby whoever can get at it. Almost all of my backup recoveries have consistedof me recovering individual files I have messed up somehow. If your datamust be secure, you must keep your un-encrypted backups in a secure place.

Passwords and encryption keys20 are not the same thing. A password isstored on your drive somewhere, usually encrypted. When you log in, you areprompted for the password, and what you type in is encrypted and comparedwith the stored, encrypted password.21 You can easily change your password.

An encryption key is used to encrypt your data. If your encryption key iscompromised, you must re-install the file system. Be very careful with yourencryption key.

Shutting down a laptop such that it must be rebooted in the presence ofpotential hackers probably is a bad idea. If the laptop is being transportedand operated outside a secure environment, it should be put to sleep, ratherthan shut down.

My old Acer Aspire had a bad keyboard. Often, it took multiple tries to typein the encryption key and get the thing booted. On at least one occasion, Ihad to give up on using the laptop. If hackers had been watching me, theywould have had multiple opportunities to watch me type the key.

An encryption key is more secure if you are a touch typist, and you have agood keyboard.

Even an encrypted /home partition renders a laptop useless to anyone whodoes not have the key. A thief will be unable to boot the computer, muchless read data off of it. If the bad guys have stolen your computer, they canremove your drive, install it in their machine, and hack your encryption keyby brute force.

Encrypting a workstation or file server probably is not worth the trouble.Encryption really only works when the machine is shut down. Servers gen-erally are kept running. There should be no need to move these machines

20A lot of install instructions refer to keys as passwords.21Not all applications encrypt passwords. Probably, there are online applications out

there that don’t. The passwords are visible in plain text to whoever is administering them.This is one of the reasons you do not re-use passwords.

27

out of a secure area. An encryption key must be written out and stored in acompany safe, or some other secure area.