Installing Linux

= Which Linux =

I personally recommend Kubuntu or Xubuntu, which are Ubuntu derivatives. They are not perfect, but I found the other Linux distributions I tried even more annoying.

If you do not trust Canonical, the american company behind Ubuntu, you can always go for plain Debian. Although using a derivative like Xubuntu reduces exposure to Canonical's whimsies, like the Unity interface or the "lens" spyware.

Manjaro has become a good contender lately. I like the idea of a rolling distribution that is more careful and easy to install and maintain than Arch. The main reason why I have not given it a go yet is the lack of home directory encryption. You can manually set it up, but it's not easy and I fear running a non-standard system configuration. I do not want full disk encryption, I want a per-user encryption. And ext4's native encryption is not user-friendly yet.

Kubuntu vs Xubuntu
Kubuntu uses the KDE desktop environment. After so many years, we need to face the truth: KDE will never turn into a polished, reliable desktop environment. Something has been wrong for a very long time in the KDE development team. Expect constant annoyance.

Xubuntu uses the Xfce desktop environment, which is faster and more reliable. The trouble is, it is not as flexible, and it also lacks basic features, like: To top it all, Xfce/Xubuntu ships with insane defaults, and reconfiguring them is not intuitive. Furthermore, development has pretty much stalled, and some bugs have been there forever.
 * You cannot turn off the laptop touchpad automatically when plugging a USB mouse.
 * The standard file manager Thunar does not have a split view, unlike everybody else. Its path autocompletion is case sensitive, which is counterintuitive.
 * The window resize borders are too thin, and it is not easy to make then thicker.

The good news is that, after installing Kubuntu or Xubuntu, you can easily switch to the other one, as they share the same Ubuntu base. This way, you can comfortably decide which one is the least uncomfortable for you.

General Kubuntu/Xubuntu Advice

 * For new installations, go for Xubuntu or Kubuntu 16.04.2 LTS or whichever small version the latest is. Versions 16.04.0 and 16.04.1 are stuck with Kernel 4.4 and an older X-Server, but there is little reason to stay with those older versions. See LTS Hardware Enablement Stack for more detailed information, and see section below too.
 * Skip all the non-LTS versions like 16.10.
 * Wait at least 6 months to upgrade to the next LTS version. In my experience, Kubuntu/Xubuntu has to ship on a particular date, and they do not really care much if there are still annoying bugs at that date, or whether they remain for months afterwards.

= Things to do before and after installing Kubuntu/Xubuntu =

System configuration

 * Check the BIOS settings:
 * Is the date/time correct?
 * Is AHCI for SATA drives enabled? This is especially important for SSD disks.
 * Is booting only allowed from the Linux hard disk?
 * Consider turning disk encryption on during installation. See section below for more information.
 * Is the Linux date/time and timezone correct?
 * Make the Grub bootloader accessible. Otherwise, if you PC ever fails to start and you need access to the bootloader, it will probably be too late. You have 3 options:
 * Option 1) Install package grub-customizer from https://launchpad.net/grub-customizer, and then start the Grub Customizer tool. Enable the "show menu" option, and set the "Boot default entry after" to 1, so that you have 1 second to press the arrow down key (for example) and stop the boot process.
 * Option 2) For Kubuntu, install package kde-config-grub2, and you can configure it with the mouse under System Settings, Startup and Shutdown, GRUB2 Bootloader. Choose "Automatically boot..." after 1 second, so that you have 1 second to press the arrow down key (for example) and stop the boot process. As a bonus, you can comfortably remove old kernels on this window too. Unfortunately, that does not seem to remove the associated header files, so it's not really worth it. See section below.
 * Option 3) Manually edit /etc/default/grub, add GRUB_TIMEOUT=1, comment out GRUB_HIDDEN_TIMEOUT, run sudo update-grub2. You may also want to remove kernel options quiet and splash in order to see the boot messages.
 * Check the available proprietary drivers. I am not sure about installing proprietary (non-open-source) drivers for AMD or nVidia graphics cards, but using the latest processor microcode is probably a good idea.
 * Enable Ctrl+Alt+Backspace to kill the current graphical session. If you make a mistake and/or your system becomes unresponsive, this key combination may be the safest and quickest way out. Edit "/etc/default/keyboard", find variable XKBOPTIONS and set it to "terminate:ctrl_alt_bksp".
 * Reduce the amount of reserved disk space. On ext4 filesystems, Linux reserves some disk space for privileged processes and to help prevent fragmentation. The default amount of 5 % comes from the times where hard disks were much smaller. You can reduce it to 1 % with command "sudo tune2fs -m 1.0 /dev/sdXY". In order to find out how much is reserved: sudo tune2fs -l /dev/sdXY | grep -e "Reserved block count:" -e "Block count:" Use "sudo fdisk -l" to list your hard disk partitions. If you used LVM during installation, your main filesystem could be called something like "/dev/mapper/xubuntu--vg-root".
 * Prepare to access Windows PCs over the network: Install packages cifs-utils and libnss-winbind, edit file /etc/nsswitch.conf as root, and add "wins" to the "hosts:" line, so that it looks like this: hosts:  files mdns4_minimal [NOTFOUND=return] dns wins
 * Install some useful packages:
 * Synaptic seems to be the only reasonable package manager for Ubuntu. Install also package apt-xapian-index (which is not automatically installed, at least on Xubuntu 16.04), or you will miss the very convenient "Quick filter" field in Synaptic. The index is very slow to build, but the standard search function is very uncomfortable.
 * Typical applications are VLC and Gimp. You may want to upgrade to a more recent version of LibreOffice with: sudo add-apt-repository ppa:libreoffice/libreoffice-5-2
 * Install package "trash-cli" and get used to deleting files with "trash" instead of "rm". If you make a mistake and delete the wrong file, you'll be able to recover it from the desktop trashcan/wastebin.
 * Install package "exfat-fuse", in case some external disk has been formatted by Windows with the exFAT filesystem.
 * You may want to install legally-encumbered codecs and DVD playback: Up to Ubuntu 15.04: sudo apt-get install ubuntu-restricted-extras libavcodec-extra sudo apt-get install libdvdread4 sudo /usr/share/doc/libdvdread4/install-css.sh From Ubuntu 15.10 onwards, libdvd-pkg is available to ease the installation of libdvdcss: sudo apt-get install libdvd-pkg sudo dpkg-reconfigure libdvd-pkg
 * By default, all accounts can access other user's home directories. This goes against intuitive expectation and is an incredible security and privacy oversight. In order to stop this:
 * Issue the following command inside each existing user account:     chmod g-rwx,o-rwx "$HOME"  For users other than the current one, use:      sudo chmod g-rwx,o-rwx ~username.
 * For eventual new users, edit /etc/adduser.conf and change DIRMODE from 0755 (rwxr-xr-x) to 0700 (rwx--). Alternatively, 0750 (rwxr-x---) allows access to users of the same group too.
 * Configure some of the usual system tools to run as root without password. Although this system configuration change is probably not watertight, this time I prefer productivity over security. This is what I usually add to my /etc/sudoers file:

# ALWAYS edit file "/etc/sudoers" with "sudo visudo", because visudo edits the sudoers file in a safe fashion. # Otherwise, the smallest syntax error can lock you out of the system. # # I could not get this to work with KDE's default application menus. This is what I did to make it work # for each application: # Right-click on the bottom-left 'K' icon, choose "Edit Applications...", copy and paste the entry for each # application (like Synaptic), edit the copy, use "kdesudo synaptic" as the command, untick "run as a different user". # Untick also "Enable launch feedback", as it probably gets confused because of the root user it is running the application as. # Then use this new icon to start synaptic as root without password. # # Instead of "myuser" below, you can choose "%sudo" for all users that belong to the 'sudo' group. # The 'ALL' in 'ALL=(root)' is the hostname. # The "" below at the end of some commands limits the effect of that permissions line to running the application with no arguments. # Note that you cannot give NOPASSWD permissions to any file, like some script under your home directory, # because sudo seems to carefully check permissions along the way. Files under /usr/sbin/ (for example) are fine. # The order of the entries is important, the last one wins. # # The alternative would be using a script with setuid set, but setuid is disabled by default in Debian # for shell scripts. You can use some setuid wrapper as a workaround, but these changes # to /etc/sudoers are probably safer. myuser ALL=(root) NOPASSWD: /usr/sbin/synaptic "" myuser ALL=(root) NOPASSWD: /usr/bin/muon-updater ""   # For Kubuntu. myuser ALL=(root) NOPASSWD: /usr/bin/update-manager "" # For Xubuntu. # Traditional apt-get. myuser ALL=(root) NOPASSWD: /usr/bin/apt-get install * myuser ALL=(root) NOPASSWD: /usr/bin/apt-get update myuser ALL=(root) NOPASSWD: /usr/bin/apt-get upgrade # From Ubuntu 16.04, you are encouraged to use "apt" instead of "apt-get". myuser ALL=(root) NOPASSWD: /usr/bin/apt install * myuser ALL=(root) NOPASSWD: /usr/bin/apt update myuser ALL=(root) NOPASSWD: /usr/bin/apt upgrade

You probably want to change your menu items for Synaptic and for the updater to match the lines above, that is, to "sudo /usr/sbin/synaptic" and so on.

Performance optimisation

 * Optimise filesystem performance with noatime. Edit /etc/fstab as root and add options "noatime,commit=30" to your ext4 filesystems.

# How to see the current mount options: mount -l | grep ext4 # How to test this change, option 1: # Sort by and show last access time, most recent last. # No file should have the current date or time. ls -l -t -u --reverse --time-style=full-iso "$HOME" # How to test this change, option 2: # Check if accessing some old file updates its last access time: SOME_OLD_FILE="$HOME/some_old_file" sh -c 'stat --format="Lass access time before: %x" "$SOME_OLD_FILE"  &&  cat "$SOME_OLD_FILE" >/dev/null  &&  stat --format="Lass access time after : %x" "$SOME_OLD_FILE"'
 * Disable unnecessary indexers:
 * updatedb / locate database. See mlocate conflicting package.
 * (Kubuntu only) KDE Baloo (formerly Nepomuk). Go to System Settings, Desktop Search or simply Search, and add your home folder, which acts as an indication to turn the indexer off. Later note: they have finally added an "Enable Desktop Search" checkbox with the latest update. Alternatively, disable it with command "balooctl disable".
 * (Kubuntu only) KDE Akonadi. Go to System Settings, Personal Information, stop the service.
 * Prevent unexpected system updates. Unexpected package manager activity in the background can render your PC slow or even unresponsive when you are in a hurry. Configure the system updates to check less often (weekly or every fortnight) and disable automatic installation.

For Xubuntu/Xfce

 * (only up to Xubuntu 14.04) The default menu applet, Applications Menu, is no good. Use Whisker Menu instead.
 * (only up to Xubuntu 14.04) The default menu editor, Alacarte, does not seem to work well. Install and use MenuLibre instead.
 * Disable "Use mouse wheel on title bar to roll up the window" under "Settings", "Window Manager Tweaks", "Accesibility". You normally do not pay attention to the exact position of the mouse cursor when you are scrolling with the mouse wheel, and it is disconcerting to see a window suddenly collapse to just the title bar, with no obvious way to restore it to its normal size.
 * The Whisker menu should show "Firefox" and "Chromium" instead of 2 "web browser" entries that you can only tell apart with their icons. Otherwise, right-click on the Whisker icon, "Properties", "Appearance" tab, untick the "Show generic names" option. Alternatively, if that has happened in the favourites: start MenuLibre, look at the menu item for "Internet", and in field "common name" replace "web browser" with Firefox etc. Save the entry.
 * When you maximise windows, you may find that their bottom part is obscured by the Xfce panel at the bottom (the taskbar). Go to the Panel Preferences and disable option "Don't reserve space on borders". That this happens at all, and also the option's name, is just unbelievable.
 * Install package xfce4-pulseaudio-plugin. Otherwise, you get no volume icon on the taskbar (!).
 * Install package xfce4-goodies.
 * Add to the taskbar the 'devices' item, in order to comfortably unmount USB sticks.
 * If you find the sleep/suspend behaviour annoying, add an icon (a Quicklauncher) with the following command: sh -c "xscreensaver-command -lock && xfce4-session-logout --suspend && xscreensaver-command -deactivate" That does the sane thing: lock the screen, suspend, and ask for the password on resume.
 * If you play with themes, a reasonable one is "Greybird", which is the default for Xubuntu (there is no option to restore the theme to the default one).
 * If the window resize borders are too thin, your options are: 1) Choose under "Settings", "Window Manager" a theme with thicker borders, like 'Kokodi'. Which ones have thicker borders, and how thick they are (usually too thin anyway), is not apparent until you click on each theme. Unfortunately, themes change other things that you may not like, but it is an all-or-nothing approach. Option 2) is to get used to resizing windows with Alt+right mouse button, which is pretty comfortable after all.
 * Disable desktop zoom with Alt+mouse wheel if it bothers you:
 * Start "xfce4-settings-editor" (the "Settings Editor" is not the standard "Settings" window).
 * Go to Channel "xfwm4".
 * Disable Property "zoom_desktop".
 * Remove some global keyboard shortcuts that tend to conflict with other apps, like Ctrl+F4: "Settings", "Window Manager", "Keyboard" tab.
 * Useful application shortcuts under Settings, "Keyboard", "Application Shortcuts":
 * Ctrl+Alt+Escape: xkill
 * Ctrl+Shift+Escape: xfce4-taskmanager
 * A useful format string for Xfce's clock on the taskbar is: %d %b, %H:%M

For Kubuntu/KDE

 * Choose "Start with an empty session" in "System Settings", "Startup and Shutdown", "Session Management". You will probably want to untick option "Confirm logout" too.
 * Configure Keyboard shortcuts like under Windows: Go to "System Settings", "Shortcuts and Gestures", and then:
 * Ctrl+Esc should bring up the start menu: "Global Keyboard Shortcuts", "Plasma Desktop Shell", "Activate Application Launcher Widget".
 * Ctrl+Shift+Esc should bring up the Task Manager: "Custom Shortcuts", "Edit", "New Group", then, in that group, "New", "Global Shortcut", "Command/URL", "Trigger", set Ctrl+Shift+Esc, "Action", enter "ksysguard". Make sure the new group is active by ticking the box next to its name.
 * Alt+Space should bring up the window menu: "Global Keyboard Shortcuts", "Kwin", "Window Operations Menu" ("Fensteraktionen-Menü in German).
 * Remove some keyboard shortcuts that tend to conflict with other apps, like the following (is there a way to find a KDE shortcut by key combination in all "KDE components"?):
 * Global Keyboard Shortcuts, KWin: Ctrl+F1 ... Ctrl+F7.
 * If the window resize borders are too thin and therefore hard to hit: Go to "System Settings", "Workspace Appearance", "Window Decorations", "Configure Decoration...", "General", "Border size".
 * Add pavucontrol ("PulseAudio Volume Control") to your favourites. You may need to install package pavucontrol first. The standard volume control applet does not let you choose where an application like Skype should be recording the audio from.
 * Install plug-ins for the Dolphin file manager. Install package ruby. Then open the file manager, go to Control, Configure Dolphin..., Services, Download New Services.... Add "Root Actions Servicemenu" and "Scan with ClamAV".
 * The User Manager tool in System Settings is useless. Install package kuser, and run "sudo kuser" instead (or KUser from the menu).
 * Minimised windows get very pale taskbar icons and captions, making it hard to tell which window they represent. To fix that for the icons: Go to System Settings, Application Appearance, Icons, Advanced, Desktop, click on Set Effect for the Disabled icon, select "No Effect" and untick the "Semi-transparent" option. Unfortunately, I don't know how to fix that for the caption texts yet.
 * If connecting a USB stick does not automatically mount it, or it asks too much confirmation, look at System Settings, Removable Devices.
 * emacs warns: "Buffer 'somefile.txt" still has clients; kill it?". Go to System Settings, File Associations, text, plain, emacsclient, Edit..., Application, "Command:", enter "emacsclient --no-wait".

Reboot after an update
Be careful with updates, as running applications are not updated on the fly. Some of them, like Firefox, realise automatically and display a warning, but others can get confused if files underneath suddenly change. The only truly safe way is to reboot after an update. See article "dnf update" considered harmful for more information.

Upgrading the Kernel Components
Every now and then, you should upgrade the kernel and X-Windows versions. Instead of Service Pack, this kind of upgrade is called LTS Hardware Enablement Stack in the Ubuntu world. Wait at least 3 months after a Hardware Enablement Stack has been released before upgrading.

Package Manager Maintenance
Unlike Microsoft Windows, Ubuntu automatically deletes temporary files, so your hard disk will not fill up with rubbish so quickly. Unfortunately, Ubuntu does not remove old kernels or their associated headers, so after a year's worth of updates your disk will accumulate hundreds of megabytes of garbage. In order to purge them, you need to install package bikeshed and run the following command every now and then:

# But see below for a combined command. sudo purge-old-kernels --keep 6    # 6 means the current kernel + 5 more

The package manager also accumulates other non-kernel garbage over time. Even after running purge-old-kernels, I once realised that autoremove still found more kernel packages to delete. Therefore, you can combine all kernel and package manager cleaning actions (and avoid prompting for confirmation) in this way:

sudo purge-old-kernels --keep 6 --assume-yes &&  sudo apt-get --assume-yes autoremove  &&  sudo apt-get --assume-yes autoclean

If you run into weird errors when updating your system, the following usually helps:

sudo aptitude safe-upgrade --full-resolver

For PCs with only 512 MiB RAM
512 MiB of RAM is too little nowadays for Ubuntu-based system. Starting the package manager is already a heavy load for such a computer. Here is some suggestions:


 * Get rid of apt-xapian-index, see Fake Replacement for Debian Package apt-xapian-index
 * Switch to a lightweight Web browser like Midori. You will lose some comfort, and some pages will not display properly, but Firefox and Chromium are just too heavy.
 * Optimise your swap:
 * Move your swap partition to another drive.
 * If you have more than one drive, move the swap partition or file to the least-busy disk.
 * Try swapping to a USB stick. Here is a how-to guide.
 * If the computer has a memory card reader, you could use a fast memory card as the main swap drive. I have seen great swap performance improvements even with a standard 512 MB SD card (8.5 MB/s read speed, 2.5 MB/s write speed, 1 ms seek time) from an old digital camera connected over a cheap USB 2.0 card reader. The reason behind the improvements are probably the card's fast seek time and the lower pressure on the main hard disk.
 * If your video card has a lot of memory, some people have managed to use some of it as a swap device.
 * Reduce the swappiness from the default 60 to 10. Whether this will improve swapping is debatable. It is probably a good idea only if you cannot move your swap partition to another drive. Add "vm.swappiness = 10" to file "/etc/sysctl.conf".
 * Try swapping to zram. It made things worse for me, but your mileage may vary.
 * Switch to a lightweight Linux distribution. Xubuntu or Lubuntu will not bring much. You could try Puppy Linux.

= Disk encryption =

You should always encrypt your personal data in order to protect it from prying eyes, especially on portable devices that leave your home often.

If you decide not to, or you set your computer to automatically log on without a password, then you should not bother enabling encryption, as that would bring only unnecessary complication. In this case, you can stop reading this section now.

The Ubuntu installer offers option "Encrypt my home folder" during installation. This encryption method is a good compromise among performance, manageability and security.

What the installer fails to mention is the performance implication of such a decision. Ubuntu uses eCryptfs with an AES cypher. If your CPU has no AES hardware acceleration, you will lose performance when reading and writing files.

In order to find out whether your CPU has AES instructions, use the following command:

$ cpuid | grep -i aes AES instruction = false

Alternatively, "cat /proc/cpuinfo | grep -i aes" will also do.

I have an oldish netbook with a sluggish Intel Atom N450 running at 1.66 GHz (1 core with hyperthreading and 512 MiB cache), which actually was the motivation behind writing this article. As the author of the Quick Disk Test tool, I recently lost quite some time debugging a non-existent disk performance issue on this laptop. I had installed an SSD disk and wondered about the abysmal disk performance. I looked at everything: SATA and AHCI BIOS settings, DMA settings in Linux, I even replaced the disk.

It turns out that sequential read performance on the Netbook drops from 56 MiB/s, using 23 % CPU, to 25 MiB/s using over 50 % CPU (one full CPU thread). Sequential write performance drops from 50  KiB/s, using 35 % CPU, to 18 KiB/s using over 50 % CPU. I just did not realise that disk encryption could cost so much.

The CPU is the limiting factor here, so replacing the traditional hard disk with an SSD does not improve performance. Note that this only affects reads and writes under your home directory. System files and application executables are not encrypted and run at full speed.

I repeated the test on a faster Intel Core i3 M380 with 3 MiB cache running at 2.53GHz. This CPU does not support AES either. When reading from or writing to an encrypted home directory, the CPU load difference amounts to 20 %. You can tell that it is due to encryption because the CPU time reported by tools like top is not accounted to user time, but to system time. Because the CPU is faster, I did not lose much read performance, but write performance dropped from 44 MiB/s to 32 MiB/s.

= KDE Ramblings =

KDE Tips

 * Useful keyboard shortcuts are:
 * Ctrl+Alt+Esc: Kill window on click, similar to starting xkill.
 * Ctrl+Alt+L: Lock desktop.
 * Emptying the Trash takes forever, and manually deleting the ".Trash-1000" directory with the mouse tends to yield an error. To overcome it, hold the shift key while pressing the delete key on that directory. Alternatively, right-click on the folder to get the pop-up menu, and then hold the shift key and watch how the "Move to Wastebin" entry mutates to "Delete". Release the shift key and it will go back to normal. That only works if there is no submenu open at that time.

KDE Rants
KDE Rant about ".directory" files:
 * KDE tends to litter your hard disk with hidden ".directory" files, and there is no way to prevent it. It just remember the view settings for the last N directories, like Windows does, and it should cache those settings somewhere under $HOME instead of creating those pesky files all over the place.
 * The Dolphin file manager does not display MP3 ID tags like everybody else. Older versions used to (!).
 * The "safely remove" eject icon for USB drives is often missing from the "device notifier" pop-up window. Sometimes it is because the file system has not been mounted automatically. But sometimes, there is no real reason. If you then open a Dolphin window and right-click on the USB drive mount on the left panel, the eject option is shown there.