Curiosity about the Enlightenment desktop drove me to use nearly 500MB of my internet-data allocation to install it on Ubuntu 22.04, which I now admit is nice, although in my opinion the workspace-switching scheme is a solution in search of a problem. In a nutshell, "Enlightenment" is a misleading name, because as far as I'm concerned, it's one of the least enlightened desktops I've used, although I never actually got around to using to do anything. For example, the default fonts are microscopic, and I couldn't figure out how to change them. Perhaps it was meant for developers to use as the basis for an actual desktop, such as Bodhi and Elive, by setting it up to make it usable.
The file manager (Fileman) is a PITA to use. To open an encrypted partition, I had to use Disks to unlock and mount it, but it still didn't appear in the file manager's devices-column, so to access it via the file manager (although it would have been easier to just keep using Disks), I had to go to the /media/<user-name> directory, and I finally found it. Perhaps it was meant to conceal encrypted partitions from those who aren't aware of them, but most other file managers display encrypted partitions in the devices-column as soon as they're plugged in. Bodhi Linux, which is Ubuntu combined with Enlightenment, uses Thunar, the XFCE file manager, which is one of my favorites, so I'm not the only one who doesn't like Fileman.
I was also expecting some sort of a whiz-bang window-manager which would make it easy to move from one to another, but as far as I can tell, that's not the case. Anyways, taskbars seem like the optimal approach for doing this when the window of interest is hidden behind another, and Enlightenment has an optional taskbar in addition to its "i-bar."
But it's not all bad - there are various innovative features, but they don't make up for the deficit in usability.
So, I'm not going to waste any more time on Enlightenment. My distro of choice is MX-Linux XFCE, because I can get a lot done with it, without having to change a lot of settings and figuring out how to change them, and it has the Snapshot tool that makes it easy to create an ISO of a configured MX-Linux installation, with all of the settings and added software. The resulting ISO can be turned into a live installation on a USB2 drive (instead of one of those warm/hot-running USB3 drives), and the resulting installation can be run on an air-gap PC, for the ultimate in security, since it retains no session-data upon shutdown. Instead, data would be saved on separate drives.
Thursday, August 18, 2022
Enlightenment - for those who have nothing better to do with an OS than change settings
Sunday, August 7, 2022
Using Conky standard MX-antiX configuration as disk I/O monitor
Rev 8/15/22
A good option for a disk I/O monitor is to install Conky (conky-std) and use the standard MX-antiX configuration (see image). To obtain the corresponding configuration file from MX-Linux, open the Home directory, press Ctl-H to display hidden files, then open the .conky directory, then the MX-antiX directory, and copy the "MX-antiX17" file and rename it Standard_antiX_Conky_conf_file.txt. The same version is supposedly on the internet, but I tried the posted version, but it didn't produce the same results, so below I have included a copy of the version which I copied from MX-Linux, which you could test on a live installation.
There are various ways to use it as the configuration file, one of which is to put it in a text file, name it conky.conf, and place it in the Home/.conky directory created by installing Conky. The previous conky.conf directory would have to be removed or renamed. Another way is to put it in a text file named whatever you like and placed wherever you like, although I'd name it Standard_antiX_Conky_conf_file.txt and put it in the .conky directory. Then shut Conky down and restart it with the command "conky -c <path/name of configuration file>." To get the path of a file, right-click on it and select Properties in the menu which appears.
Standard MX/antiX Conky configuration-script:
conky.config = {
-- Standard antiX .conkyrc file written by Team antiX.
-- Feel free to use.
-- anticapitalista@riseup.net
-- Note: delete the line above to disable automatic scaling with DPI
-- on the live system.
-- set to yes if you want Conky to be forked in the background
background = true,
short_units = true,
cpu_avg_samples = 1,
net_avg_samples = 1,
out_to_console = false,
-- X font when Xft is disabled, you can pick one with program xfontsel
--font 7x12
--font 6x10
--font 7x13
font = '8x12',
--font 7x12
--font *mintsmild.se*
--font -*-*-*-*-*-*-34-*-*-*-*-*-*-*
--font -artwiz-snap-normal-r-normal-*-*-100-*-*-p-*-iso8859-1
-- Use Xft?
use_xft = true,
-- Xft font when Xft is enabled
--xftfont gentium:size=12
--ftfont DejaVu Sans:size=10
font = 'DejaVu Sans:bold:size=9',
--xftfont DejaVu Sans:size=9
-- Create own window instead of using desktop (required in nautilus, pcmanfm and rox desktops)
own_window = true,
own_window_transparent = true,
own_window_hints = 'undecorated,sticky,skip_taskbar',
-- Text alpha when using Xft
xftalpha = 1.0,
--on_bottom no
-- mail spool
-- mail_spool $MAIL
-- Update interval in seconds
update_interval = 1,
-- Use double buffering (reduces flicker, may not work for everyone)
double_buffer = true,
-- Minimum size of text area
minimum_width = 5, minimum_height = 5,
maximum_width = 180,
-- Draw shades?
draw_shades = false,
-- Draw outlines?
draw_outline = false,
-- Draw borders around text
draw_borders = false,
-- Stippled borders?
stippled_borders = 0,
-- border margins
--border_margin 10
-- border width
border_width = 1,
-- Default colors and also border colors
default_color = 'white',
default_shade_color = 'white',
default_outline_color = 'white',
color1 = 'ffffff',
color2 = 'ffffff',
color3 = 'ffffff',
color4 = 'yellow',
color8 = '77ccff',
color9 = '5599cc',
-- Text alignment, other possible values are commented
-- alignment top_left
alignment = 'top_right',
--alignment bottom_left
--alignment bottom_right
-- Gap between borders of screen and text
gap_x = 30,
gap_y = 30,
-- Add spaces to keep things from moving about? This only affects certain objects.
use_spacer = 'right',
-- Subtract file system buffers from used memory?
no_buffers = true,
-- if_up_strictness link: up | link | address
if_up_strictness = 'address',
-- set to yes if you want all text to be in uppercase
uppercase = false,
-- boinc (seti) dir
-- seti_dir /opt/seti
--# antiX additives examples. Add below Text##
--#Battery examples##
--#${color}battery: ${color}$acpiacadapter, ${battery_percent BAT1}%
--#${color}battery:${color} ${battery}
--${color}ACPI Battery: ${color}$battery
--${battery_bar 11,0}
--#Wireless example##
--${color}Wireless:
--${color}essid: ${wireless_essid $template6}
--${color}IP:${color} ${addr $template6}
--${color}speed: ${color} ${wireless_bitrate $template6}
--${color}link strength: ${color} ${wireless_link_bar 7,50 $template6}
own_window_argb_value = 0,
own_window_argb_visual = true,
own_window_colour = '000000',
-- time template
template0 = [[${if_match "pmfix${time %p}" == "pmfix"}${time \1}${else}${time %I:%M}${endif}]],
-- battery templates
template1 = [[${if_existing /sys/class/power_supply/BAT\1}\n${color}bat\1:${color3}${alignr}${battery_percent BAT\1}%\n${color1}$alignr${battery_bar 4,170 BAT\1}${endif}]],
template2 = [[${template1 0}${template1 1}]],
-- network templates
-- template3 = [[${color}\1 \2: $alignr${color3} ${\2speed \1}\n${color2}$alignr${\2speedgraph \1 30,170 5599cc 5599cc}]],
-- template4 = [[${if_up \1}${template3 \1 up}\n${template3 \1 down}\n${endif}]],
-- template5 = [[${template4 $template4}${template4 $template5}${template4 $template6}${template4 $template7}]],
template4 = 'eth0',
template5 = 'eth1',
template6 = 'wlan0',
template7 = 'wlan1',
};
-- fluxbox adjustment
return_code = os.execute('pidof -q fluxbox')
if _VERSION == 'Lua 5.1' and math.floor(return_code/256) == 0 or
_VERSION ~= 'Lua 5.1' and return_code then
conky.config.own_window_transparent = true
conky.config.own_window_argb_visual = false
end
-- stuff after 'TEXT' will be formatted on screen
conky.text = [[
${color3}${alignc}MX Linux
${color8}$alignc${font DejaVu Sans:size=12}${template0 %H:%M}$font
${color}${alignc}${time %a %d %b}
${color}${alignc}Uptime: $uptime
${color}res:${alignr}${color3}${execi 600 xdpyinfo | awk '/dimensions/ { print $2}' }
${color}dpi:${alignr}${color3}${execi 600 xdpyinfo | awk '/resolution/ { sub(/x[0-9]*/,"",$2); print $2}' }
${color}cpu use:${alignr}${color3}${cpu}${color}%
${color}cpu freq:${color3}${alignr}${freq}
${color}$alignr${cpugraph cpu0 30,170 5599cc 5599cc}\
# battery
${template2}
${color}disk I/O:${alignr}${color3}${diskio}
${color}${alignr}${diskiograph 30,170 5599cc 5599cc}\
# network
${if_up $template4}
${color}$template4 up: $alignr${color3} ${upspeed $template4}
${color}$alignr${upspeedgraph $template4 30,170 5599cc 5599cc}
${color}$template4 down: $alignr${color3} ${downspeed $template4}
${color2}$alignr${downspeedgraph $template4 30,170 5599cc 5599cc}${endif}${if_up $template5}
${color}$template5 up: $alignr${color3} ${upspeed $template5}
${color}$alignr${upspeedgraph $template5 30,170 5599cc 5599cc}
${color}$template5 down: $alignr${color3} ${downspeed $template5}
${color2}$alignr${downspeedgraph $template5 30,170 5599cc 5599cc}${endif}${if_up $template6}
${color}$template6 up: $alignr${color3} ${upspeed $template6}
${color2}$alignr${upspeedgraph $template6 30,170 5599cc 5599cc}
${color}$template6 down: $alignr${color3} ${downspeed $template6}
${color2}$alignr${downspeedgraph $template6 30,170 5599cc 5599cc}${endif}${if_up $template7}
${color}$template7 up: $alignr${color3} ${upspeed $template7}
${color2}$alignr${upspeedgraph $template7 30,170 5599cc 5599cc}
${color}$template7 down: $alignr${color3} ${downspeed $template7}
${color2}$alignr${downspeedgraph $template7 30,170 5599cc 5599cc}${endif}
${color}${alignr}${color8}Used / Total
${color}mem:${alignr}$mem ${color3} /${color} $memmax
${color}swap:${alignr}$swap ${color3} /${color} $swapmax
${color}root:${alignr}${fs_used /} ${color3} /${color} ${fs_size /}
]]
Xubuntu 22.04: Not my top choice, but a serious contender
Although between MX-Linux 21 XFCE and Kubuntu 22.04, my OS-needs are fulfilled, I couldn't resist getting a copy of Xubuntu 22.04 and giving it a spin. What I found was basically a fun distribution with lot of good stuff, but also with some minor problems, and not a slick as Kubuntu 22.04 or Linux Mint 20.3. Still, I could easily live with it.
The main feature I wanted to try on Xubuntu was zooming the screen with a keyboard, which turned out to be easy, with the help of a couple of simple xdotool commands which someone posted to the internet:
running the following command from the terminal, zooms in:
xdotool keydown Alt click 4 keyup Alt
and this command zooms out:
xdotool keydown Alt click 5 keyup Alt
As he suggested, I turned them into shell scripts, but ultimately assigned each one to a function key. (First create the scripts, give them execute-permission, and then put them somewhere safe such as in a bash-scripts folder in your Home directory, and perhaps make them read-only so they can't be deleted inadvertently. To create a shortcut-key, select Settings in the main menu, then the Keyboard utility, and then the Application Shortcuts tab, and the rest should be obvious.) He suggested a key-combo, but each time the command is run, the display in or out by a discrete amount, and if you want to zoom more, you have to press the key-combo again, which isn't convenient. But by assigning it to a function key, I can hold the key down, and it continues to zoom, although still not smoothly.
My other main interest was whether it's particularly well suited for use as an offline installation which cannot be connected directly to the internet, which it isn't. However, it can be used as such using the technique I describe in this post for authenticating a package index obtained via APT-offline by installing it via APT-offline on an installation of the same type which has been updated via a direct internet connection.
A direct update installs missing keys and updates outdated keys, but without providing any indication that this is taking place. I learned this accidentally, by entering "echo 'Binary::apt::APT::Keep-Downloaded-Packages "1";' | sudo tee /etc/apt/apt.conf.d/10apt-keep-downloads" (which can be copied w/o the beginning and ending quotes, and pasted into the command-line via Ctl-Shift-V, and ensures that software-modules which are installed via a direct connection are retained in /var/cache/apt/archives after being installed - the archives-directory is the destination for software-modules downloaded as part of the normal installation-process). I entered this command before performing a direct update on Kubuntu 22.04, and later found the Debian-archive-keyring package in the archives-directory even though I hadn't installed it or anything which requires it. So, it was obviously installed during the direct update, without any indication that it was being done. As far as I've been able to determine, there is no other way to install or update keys, without a thorough familiarity with the APT security system, and as far as I can tell, there are no current, publicly-available descriptions of this system.
Although debian-archive-keyring apparently isn't installed during the initial direct update on Xubuntu 22.04, as it is on Kubuntu 22.04, some keys are apparently installed or updated on Xubuntu 22.04, because until a direct update is installed, some of the required keys are apparently missing or outdated, as indicated by the "cannot authenticate packages" (CAP)-warnings which appear when installing software, using a package index which has been installed via APT-offline. (The package manager, APT, is disabled until the package index is updated. The direct update required a 45MB download, and the update via APT-offline required about 48MB.) It appears that APT's developers designed its security system so that keys can be updated whenever necessary, without regard for a schedule, and distributed with updates, so that the updated package index can be authenticated.
Xubuntu 22.04 has a good selection of apps, although the text-editor doesn't have a functional spelling-checker (it has a plugin, but I couldn't get it to work). One of my posts describes a "custom action" for Thunar, XFCE's file manager, for opening text-files with the spelling-checker Aspell (included in Xubuntu) by right-clicking on them and selecting the spelling-check option. The image viewer is great except for its limited zoom-capability, so I usually install Eye of Mate. Although Xubuntu has some good widgets, it doesn't have a disk I/O widget, but you could use Conky with the MX-Linux standard configuration (described in one of my posts), nmon, or GKrellM. I decided against installing APT-offline's GUI, because it would have required many packages, totaling about 18MB. Installing Kdenlive would require a 200MB download, as opposed to 60MB for Kubuntu 22.04.
Xubuntu 22.04 doesn't have a package-installer GUI, which surprised and disappointed me until I realized that the command "sudo dpkg -i <deb-pkg>" accomplishes the same thing. So, I was wrong about not being able to install APT-offline on plain Ubuntu until the package index is updated.
The bottom line is that although Xubuntu 22.04 isn't the most highly-polished distro I've used, and it has some minor problems which are apparently left as an exercise for the user, it's fun to use, unlike some distros I've used, such as MX-Linux Fluxbox, which is too much work for too little reward, and not sufficiently polished for my tastes. But Fluxbox is fast, and compared to antiX, which looks as if it was designed by someone who is legally blind, and which for example can't copy/paste between apps or open encrypted drives without entering text-commands, even Fluxbox is very user-friendly.
Monday, July 25, 2022
Mint's HDHomerun problem
Everything was going fine with my new Linux Mint 20.3 XFCE installation, which I was considering for use on the desktop PC which I use as a PVR and for processing ISOs and large files in general, until the moment when I fired up the HDHomerun-GUI (hdhomerun-config-gui), tuned in a station, and hit View, to which VLC responded by opening and displaying a black screen.
After wracking my brains over the course of a couple of days, and searching for answers on the internet and finding nothing (which itself is a clue that something's rotten), I've concluded that this is a dirty trick which is implemented by sensing the hardware, and when certain hardware is detected, corrupting or disabling the HDHomerun's output stream so that VLC can't display it. It's the only thing that makes sense, partly because I booted my $200 Brix with an encrypted flash drive installation of Mint 20.3, and was able to watch TV through it, and even record it to the flash drive, although I wouldn't advise recording video to flash drives, especially if they're encrypted. Mint has a reputation for having hardware compatibility issues, but it makes no sense that it would have more than other types of Ubuntu. But when it works, it's great.
I ended up going with Kubuntu 22.04, which I preferred slightly over Mint even before the HDHR problem. Dolphin can't access system folders, but a version with system access and superuser privileges is coming soon. In the meantime, there's Krusader, which is amazing for a file manager that can be installed on Kubuntu with a single 3.5MB package, although it's more cumbersome than Dolphin, so I use it only when necessary.
Sunday, July 24, 2022
How to run an interactive shell script in a terminal with two clicks in Mint XFCE
Rev 7/24/22
Running non-interactive shell scripts is just a matter of giving them execute-permission (right-click on file, select Properties, then Permissions, etc.), and then double-clicking on them.
But if your shell script requires user input, you need to run it in a terminal, and one way to do that is to create a Thunar custom action named something like Run Shell Script that runs the following command, without the brackets: [xfce4-terminal -e "./%n"], with the appearance-condition of *.sh. This is all explained in my post entitled "Performing spell-check via right-click in XFCE." Then, to execute the shell script, just right-click on it, then select Run Shell Script in the menu which appears.
Mint 20.3 XFCE also has "screen zoom" (or "desktop zoom") capability. You just select Compiz as the window manager (go to Settings in the main menu, and select Desktop Settings, which is not the same as Desktop), and if you want to use the keyboard to control the zoom-level, go into Compiz-settings and disable the mouse zoom-settings (perhaps not necessary) and select some key-combination for zoom-in and zoom-out. I chose Alt-Super-(up-arrow) and Alt-Super-(down-arrow), respectively, and it works like a charm.
There are many other settings related to zoom, but I just left them alone. You could, for example, make it possible to use a mouse or touchpad to trace out a rectangular area on the screen and zoom it to full screen, or at least to maximum zoom-level if it's too small to zoom to full-screen. (The left mouse-button is Button 1.) In Xubuntu 22.04, the XFCE window-manager, xfwm4, apparently has a zoom function, so you wouldn't need to use Compiz for that.
Wednesday, June 15, 2022
Additional comments on MX-Linux 21 Fluxbox and Lubuntu 22.04
rev 6/23/22 (see Notes)
After trying Lubuntu 22.04 and finding that it's fantastic [1], I decided to take another look at MX-Linux 21 Fluxbox. I had tried it and gave up due to frustrations with making changes to the panel and dock, but I've since realized that docks are easy to change, create, delete, move, etc., once you learn a few tricks (mentioned below), and that you can tailor the panel or panels to your liking by selecting Settings, then Tint2 Settings in the main menu. I just selected one of the prefabbed panels and left it as it was, although the panel included Clipman, so I went into Clipman's settings, selected the History tab, and set Remember History to O, because clipboard-management apps are security risks and should be used only when necessary, such as if you're writing code and want to save code-clippings for reuse. In some cases, I ended up uninstalling the clipboard manager app because there was no way to prevent it from keeping a clipboard history.
As usual, APT-offline wasn't installed by default, but all that's necessary to install it is apt-offline.deb and python3-magic.deb, which are both minuscule, and which I installed by using a package-installer. Later, I installed APT-offline-gui via APT-offline, but the launcher added to the main menu during installation didn't work, so I tried to fix the launcher but couldn't because the problem was deeper in the system. So, I'll just launch it by entering "sudo apt-offline-gui."
I had a problem with updating the package index via APT-offline without first updating it with a direct connection, because I kept getting "cannot authenticate package" (CAP) messages while trying to install software until I performed a direct update. I gave up on trying to understand precisely what was wrong, because it requires a good grasp of the Debian security system, which is very convoluted and is supposedly undergoing changes (including to validate packages when they're being installed, apparently in addition to when they're being downloaded), but performing an update with a direct internet connection seems to have corrected the problem, and then it could apparently be updated via APT-offline from then on, without producing CAP-messages. After performing a direct update, then an update via APT-offline, I performed another direct update, and APT apparently found that the existing package index was the latest, and just left it alone.
A couple of days later, I realized that MXL-Fluxbox includes a "Fix GPG Keys" tool, and created an unencrypted installation to see whether this tool would take care of the CAP-problem, which it didn't, even when online. (When booting the installation, it stopped with an "(intramfs)" (initial RAM file system) prompt, and I entered "exit" and the boot-process resumed. When the login screen appeared, I clicked on the menu-symbol at the top-center and selected the Fluxbox option, although I'm not sure what it does. But I confirmed that performing a direct update does fix the problem, whatever it is, by using APT-offline to install some package-index files which I downloaded a few days earlier for my initial MXL-FB installations, finding that it had the CAP-problem, and performing a direct update (which required only about 1MB, probably because the package index was just a few days old and APT apparently decided not to replace it). After the direct update, the CAP problem was gone, and then I performed another update via APT-offline (reinstalled the same package index files), and found that the CAP problem was still gone.
Then I performed another update via APT-offline, using package-index files obtained about a week after the initial batch, and went through the motions of installing some software, and did not receive any CAP messages, apparently indicating that the direct update "permanently" fixed the CAP-problem. So, if you have a slow internet connection at home, you could probably create an installation and use it to obtain the packages required to install APT-offline from the Debian Packages site (MX-L21-FB is based on Debian 11/Bullseye), along with the reference checksums for the packages, calculate their checksums (right-click on each file, select Properties, then Digests, and then Hash), compare them to the references, and assuming that they match, install them by clicking on them and following the instructions. Then you could use APT-offline to perform an update (perform a set-op to generate a signature file, then a get-op, using some device which can readily obtain a 4G or better internet connection, to download and screen the package-index files, and then an install-op, which in the case of package-index files, installs them completely). Then you could perform a direct update, which based on my experience would require downloading only about 1MB due to the update via APT-offline (although I assume that you'd have to perform the two updates on the same day, or at least within a couple of days).
If you want to add any PPAs to your installation's sources-list, this would be the time to do it - there have apparently been improvements to the process of adding PPAs, because when I added the one for version 1.1 of the LXQT desktop to my Lubuntu 22.04 installation (https://launchpad.net/~severusseptimius/+archive/ubuntu/lxqt, which by the way didn't seem to do anything), the PPA's package-index files were added too, without having to perform an update (perhaps because I had just performed an update). After adding the PPA, I got an error message which indicated that there was no InRelease file (which was wrong), and that as a result the index or the PPA couldn't be used. Still, I had no problems generating a signature file for the upgraded desktop-components (a 100MB download, although Thunderbird is 57MB of that).
But if you don't even have a slow internet connection at home, you could power your PC with an inverter or an uninterruptible power supply so that you could take it to some place where you could establish a high-speed wireless internet connection, in which case you would perform an update and install APT-offline-gui (which would install APT-offline as well), and any software you might need in the foreseeable future. You might want a cardboard hood on your monitor to block sunlight, and something like a clipboard to use as a flat surface for your mouse. But once you've performed a direct update, it appears that you could use APT-offline from then to make any kind of change to the installation.
I also had a problem when trying to perform a get-op on a signature file for GIMP, because the gimp.deb and gimp-data.deb files weren't available from the server, at least by the name listed in the signature file. But when I installed GIMP via a direct connection, everything went well, even though it requested precisely the same files. Two different versions of gimp and gimp-data were available, so perhaps by using a direct connection APT was able to find the secondary (older) versions when it couldn't find the newer versions, and download them, although the newer versions were the ones that were installed. Perhaps the older versions were actually pointers to the newer versions.
After installing GIMP, I tried to find the downloaded packages in /var/cache/apt/archives (where APT places downloaded packages for installation), so that I could use them on another installation of the same type, but they had apparently been deleted automatically after installation. I had installed a tiny app (gpw, a nifty password-generator) to determine whether it would be retained after installation by default, and it was, so I assumed that this would apply in all cases. I also "installed" a lot of apps via APT-offline (referring to the APT-offline "install"-op, which just copies downloaded app-packages to the "archives" directory, after which they must be actually installed normally, such as by entering "sudo apt install <app>"), and they were retained after actual installation. So, to retain all downloaded packages after installing them, it's apparently necessary to enter "echo 'Binary::apt::APT::Keep-Downloaded-Packages "1";' | sudo tee /etc/apt/apt.conf.d/10apt-keep-downloads" (to execute the command, copy it, without the beginning and ending quotes, as you would normally copy text, and paste it into the command-line with Ctrl-Shift-V).
After using my MXL21-FB installation for about a week, I generated an ISO from it, using the Snapshot MX-Tool (which works only on MX-Linux installations). Instead of having Snapshot store the ISO on the original installation, which is on a Kingston USB3 DataTraveler (which has a slow write-speed but runs cool, indicating low power consumption), I had it store it on an SD card which I formatted with an EXT4 format, using the Disks program, since Linux writes to EXT4-formatted drives faster than it does to FAT-formatted drives. Snapshot couldn't find the SD card until I realized that I had the file manager set up to require me to click on the drive-name to mount it. Then I used the Snapshot-created ISO to create a nonpersistent live installation (which in the case of live installations made from ISOs made with Snapshot, boot very quickly, unlike regular live installations) on a cheap, cool-running USB2 drive.
Naturally, turning an installation into an ISO is done only when you are fairly certain that you won't be making any significant changes to the installation in the near future, but I mentioned it above in order to explain some of the following changes.
Xfce4-notes, an excellent desktop-notes program, can be installed on MXL21-FB with a download of about 200K, which is nothing compared to some note-programs. I use xfce4-notes as a nonpersistent scratchpad, since it stores data in the installation, which in the case of the aforementioned nonpersistent live installation doesn't retain data after shut-down. FeatherNotes is also excellent, and quite a small download. I use FeatherNotes as a persistent scratchpad, with the notes stored on an encrypted flash drive (since FN allows the user to select the storage location), and backed-up on additional encrypted drives (I use two levels of backup - one drive to keep a running backup, which is transferred to other back-ups each week). Another approach would be to just use a separate small unsaved text-editor window as a nonpersistent desktop-note, and a text file as a persistent note, in cases where installing notes-programs would require large downloads.
MXL-FB's Dockmaker app (which can be launched by right-clicking on the screen, then selecting Appearance, then Docks, then Dockmaker) is quite straightforward, although if you want to add an app to a dock using a command and an icon, and you want to use the icon from the main menu, go to the menu-entry, right-click on it, and select Edit. Then click on the icon, and wait for quite a while (30 seconds on my $200 Brix, which I use as an air-gap PC), and a window with a bunch of menu-icons, including the one of interest, will appear. (I learned this by accident, by clicking on the icon, getting no immediate response, and then moving onto something else without closing the launcher-edit window. After a while, the aforementioned window of icons appeared, and I realized that it was the response to clicking on the icon.) Then use the name on the icon of interest, and a search program such as Catfish (also included in MX-L21-FB by default) to search the /usr/share/icons directory to find the location of the icon's file, and then go to Dockmaker, and click on the icon-window, and navigate to the icon-file of interest (Dockmaker's default icon-size is apparently 48x48). A few icons are in usr/local/share/icons.
If as a result of using Dockmaker you end up with multiple listings for a single dock in the menu accessed by right-clicking on the screen, you can go to the home directory, press Ctrl-h to show hidden files, then go to .fluxbox, then submenus, then appearance, and remove the redundant entries (superuser privileges aren't required). It's probably a good idea to make a backup copy before you start editing, in case you make a mistake and need a reference to correct it.
The file manager (Thunar) wasn't set up to my liking, so I changed the settings by going to Settings in the main menu, then selecting File Manager. Settings which control Thunar's response to plugging in flash drives can be accessed by going to the main menu, selecting Settings, and then selecting Removable Drives and Media. I set it up so that I can plug in a bunch of flash drives without having windows popping up all over the screen. This caused some confusion later, when I couldn't find the SD card with Snapshot, until I realized that I hadn't clicked on the SD card's name in the file manager to mount it.
In conclusion, MX-Linux 21 Fluxbox is a gem, although it's not very slick and it doesn't have frills such as multiple workspaces, the ability to zoom the entire screen, or the ability to change window-manager settings. It's one of the fastest types of Linux I've used, and includes MX-Tools, including the aforementioned Snapshot tool (which is apparently unique to MX-Linux and antiX) and includes a good selection of generally-useful apps, including FeatherPad, an excellent text editor, and GKrellm (Gnu Krell Monitors system-monitor, which includes configurable disk I/O monitors), which I've never seen included by default on any other distro. It doesn't include Libre Office (which for me is like using a nuclear weapon to kill a fly), so I installed Abiword. I considered adding KDE Partition Manager until I realized how much data would be required, so I installed Disks (gnome-disk-utility) which combined with GParted (included on MX-F by default) can do anything you could want to do to a drive. I also installed Marble, which I like because it does a lot of what I need from a virtual globe without being connected to the internet. Google Earth does everything and has incredible resolution, but requires a fast, data-unlimited internet connection.
Notes
Rev 6/23/22 - Changed title and added Note 1.
[1] The only problem I found with Lubuntu 22.04 in my brief trial run was that plugging-in flash drives caused it to freeze, so that all I could do was to log off, etc., although I was able to eliminate this problem by conf iguring the file manager so that it didn't mount removable drives when they're plugged in. My previous complaint about using the file manager in administrative mode to move .deb-files into /var/cache/apt/archives was apparently due to some error on my part, because I had no difficulty with it in subsequent attempts. So, PCmanFM-QT,the LXQT file manager, is among the best I've used, although it lacks Thunar's ability to add custom actions.
I added a PPA run by "Serverus Septimius" to install LXQT 1.1.0 on Lubuntu 22.04 by entering "sudo add-apt-repository ppa:severusseptimius/lxqt," which in my case also added the PPA's package index to my installation's package index, although I had performed an update immediately before adding the PPA to see what effect it would have on the process of adding the PPA. Then I used APT-offline to install LXQT 1.1.0, which required a 100MB download (57MB of which was Thunderbird). I didn't notice any effects, unless the improvement in my experience with PCmanFM-QT was due to the upgrade. However, PCmanFM-QT was not included in the upgrade.
Both Lubuntu 22.04 and MXL21-FB have very functional software selections without a lot of niche apps, but only MX-Linux, and apparently antiX, have a tool known as Snapshot, which can turn installations of these types of Linux, with all of their settings and added software, into ISOs which can then be used for creating various types of copies of the original installations. I use a nonpersistent live MXL21-FB installation on a cheap, cool-running (energy-efficient) USB2 flash drive for my air-gap PC, and when it's shut down, it does't retain any session-data, so it's as secure as possible. So, hopefully, there will soon be an official MX-Linux LXQT which can be purchased in the form of DVDs.There already is an MX-Linux LXQT created by an MX-Linux/LXQT enthusiast and made available for download, but it's available only as a download.
Monday, June 6, 2022
Lubuntu 22.04: Almost perfect
Keywords: "Lubuntu 22.04 review"
Other than sluggish responses to password-inputs during booting, a bug (probably already fixed by some upgrade) which hinders the opening of encrypted flash-drives which are plugged in after the system is booted, and a slow first Firefox Snap launch during each session (although after loading, it's amazing), Lubuntu 22.04 quickly became one of my favorites, along with MX-Linux XFCE (and KDE), Ubuntu Mate, and Kubuntu (I'm partial to Debian/APT-based distros, due to APT-offline). (MX-Linux with the LXQT desktop would be a great combination.) Lubuntu 22.10, which will have a more mature version of the LXQT desktop environment, will undoubtedly be fantastic. You can install LXQT 1.1 (the latest as of this writing), but it's from a PPA, not the Ubuntu repository. I've read that it's excellent, however.
Lubuntu 22.04's selection of software is probably the most functional I've seen, without a lot of niche apps. For example, I almost always install Disks (gnome-disk-utility) when I create an installation, but Lubuntu includes the KDE Partition Manager, which does everything that Disks does. It also includes the Muon package manager, which is a lot like Synaptic, and a software-sources-management app like Software & Updates (i.e. software-properties-gtk) in addition to the Discover app-store.
The file manager, PCManFM-Qt is a sort of combination of Thunar and Dolphin, and is powerful and easy to use. It can be configured to open files and folders with one click, and has a button to open a tab as a root instance, although the administrative password is still required.
Lubuntu 22.04 includes Noble Notes, which is very functional although somewhat cumbersome compared to desktop-notes apps and widgets. I believe I read that an LXQT notes-widget is in the works - hopefully it will be like XFCE's notes-widget.
To add an app to a panel, you would just drag its icon from the main menu to a "Quick Launch" widget/area in the panel.
I had a "package cannot be authenticated" problem when trying to install software after performing an update via APT-offline, but I performed it again (60MB download each time using APT-offline, and 30MB when using a direct connection, which is small for a package-index update compared to most I've seen lately), and the problem went away. I'm not sure exactly what caused the problem, but I suspect that the first time, I didn't give the APT-offline get-op (a specialized download/screening process) sufficient time to write the package-index files from DRAM (apparently used as a transit point to maximize the download-rate) to the flash-drive installation which I had designated as the storage-location, because for one thing after installing those package index files, there was no InRelease file among the resulting packages lists, although there was an InRelease file among the package lists after installing the 2nd batch of package-index files. (It didn't occur to me to compare the two sets of package-index files themselves until after I had deleted the first set.)
The installer (Calamares) apparently couldn't create an installation on a flash drive which already contained an installation (perhaps as a safety measure), so I had to format the drives which I decided to use for Lubuntu installations before I could perform an installation on them with this installer. I prefer Kingston USB3 Datatravelers (a 32GB is probably optimal) because the installation-process isn't glacial, the resulting installation is sufficiently responsive, and the KDT-USB3 drives which I've used run cool compared to most USB3 drives I've tried.
Lubuntu 22.04 is definitely a worthy member of the Ubuntu family, although you might want to wait for the next point-release if you don't want to perform an upgrade to get rid of some bugs, or if you want a more mature version of the desktop without installing it from a PPA. However, you might have to get 22.10 for the upgraded desktop.
Saturday, May 7, 2022
My impressions of Ubuntu 22.04
Screenshot of my MX-Linux 21 XFCE installation
Based on the lavish praise heaped upon Ubuntu 22.04, I gave it a shot, and found that it's actually quite disappointing, starting with the 3.4GB displacement of the ISO. It doesn't even do a very good job of opening files in response to clicking on their icons, which is one of the most basic functions. I had to install quite a few apps to compensate for the poor functionality of of the ones included by default, and just installing APT-offline (not the GUI) required a download of something on the order of 10 MB, as I recall, whereas with MX-Linux XFCE, I just had to install a couple of small packages. The highly-touted workspace-overview struck me as a gimmick designed just to be different, rather than functional, because it's essentially as easy to use multiple workspaces in XFCE - there's a workspace-switcher widget which has an icon in the panel which provides a thumbnail of each workspace. It doesn't even have a desktop-notes app or widget, although Feather Notes is excellent and requires only a 750 kb download to install it. I previously used Ubuntu Mate, and I still use Kubuntu on my desktop-PC, and both of them are great, although I still prefer MX-Linux XFCE. The KDE version is also excellent, although each package-index update requires a download of approximately 120 MB, and the file manager, without add-ons, is a toy compared to Thunar.
So, I did a search for articles by others with a similar perspective on Gnome, the desktop used (with modifications) by Ubuntu, and eventually found one entitled GNOME Linux — A Complete Disaster?, based on versions up to 41, by someone who develops other Linux distributions. It supports the complaints of a former Ubuntu-developer, who claims that Canonical no longer cares about Ubuntu desktop.
My current favorite is MX-Linux 21 XFCE, partly because the file manager (Thunar) is powerful and easy to use, and MX-Linux includes MX Tools, including the apparently-unique Snapshot tool which allows installations to be turned into ISOs. This allowed me to turn my installation into a live installation, which I put on a cool-running 4GB USB2 drive and run on my air-gap PC (a $200 Gigabyte Brix, which consumes very little energy and has plenty of power for my purposes), and when I shut it down, the installation doesn't retain any session-data. Since I use the original installation for nothing but tweaking the installation and making new ISOs, I didn't have to worry about power consumption and put it on a Sandisk Ultra Luxe USB3 drive which has a fast write-speed but runs hot, indicating high power consumption. I can also connect it to the internet to make changes, with confidence that no hacker can access any data on it. With other Debian-types of Linux, I would have to use the original installation as my working-installation, and I would use APT-offline to make changes to it (including upgrading the OS itself) to avoid connecting it to the internet.
Tuesday, March 29, 2022
MX-Linux installer tries to put bootloader on live source-installation by default
When installing MX-Linux, pay close attention to the designation for the drive on which the installation is to be placed, so that when you get to the point in the installation-process where you're given a choice of drive on which to install the bootloader, you'll make the right choice. In my experience, the installer tries to put the bootloader on the live installation used for booting the PC, so if you don't change this setting, the installation process will fail, and near the end, after perhaps 70 minutes (on a slow but cool-running drive such as a Kingston USB3 Datatraveler).
I've experimented with the MX Snapshot (an MX Tool) in MX-Linux, by using it to create ISOs from encrypted "full" flash-drive installations, and live installations from the ISOs. Then I used one of the live installations to boot another PC, and to create another encrypted "full" flash drive installation. So, the MX Snapshot tool is extremely useful. Anyone who has spent a long time getting an installation tweaked to their liking can appreciate the ability to quickly and easily create back-up copies and re-create the original installation.
Wednesday, March 16, 2022
There's a lot to like about MX-Linux XFCE
When I first started using MX-Linux, I was leaning toward the KDE version, until I got fed up with Dolphin, the KDE file manager, due to its lack of access to such things as system directories. I disliked some aspects of MX-Linux XFCE, until I realized that all I needed was to change some settings. For example, it has an optional panel which can be placed anywhere on the screen in a vertical or horizontal orientation (although it works better in horizontal mode), so that I was able to put all of the controls centered at the top of the screen, along with a "LCD" clock which is highly visible regardless of which wallpaper I select, whereas the default desktop-clock's minutes-digits blend in with dark backgrounds and can't be seen very well. There doesn't appear to be any way to change its color scheme.
MX-X is set up by default to mount flash drives and open a file-browser window for each partition, or to open a window for entering the password for encrypted partitions, which I don't like. Fortunately, it turns out that there are file-manager options which allow you to plug in a bunch of flash drives, and then open a file browser window and mount and view each partition at your convenience, without a lot of windows popping up all over the place at inconvenient times.
Another advantage is that it's easy to install APT-offline on MX-21 (all flavors) it without an internet connection, even though the package manager is locked on any new installation, including live installations, until the package index is updated. All it needs is APT-offline and python3-magic, based on the APT-offline page on the Debian Packages site, and on Distrowatch, which lists all packages installed by default on essentially every type of Linux. You would just go to the Debian Packages site, download APT-offline and python3-magic, calculate the checksums of your copies and compare them to the reference values on the Debian Packages site. (Besides checking the ISO's checksum before using it, these are the most important checksums to check, because if APT-offline is corrupted, it might allow malware to be installed on your system. So, I recommend using the SHA256 checksum, or the MD5 sum and the file size.) APT-offline can download the package-index files (75-80MB for the XFCE version, and 120MB for the KDE version) into a folder so that they can be installed on multiple installations (such as to start over from scratch while experimenting with it) without having to download them each time. To install the same software modules/packages on multiple systems over time, you need to install the package index which was originally used for installing the software. But I gather that at some point, the package index will become too outdated to install, so you'd need to download a fresh copy and perhaps some new software-module revisions specified by the new package index.
But the frosting on the cake is MX Snapshot, which allows you to make an ISO out of your full installation, with all of the added software and settings. I used Snapshot to make a few ISOs, and it works very well, and I used the MX Live USB Maker to create a nonpersistent live flash-drive installation which I run on my air-gap PC. It's secure because when it's shut down, it retains no session-data (I save everything on separate flash drives with EXT4 and LUKS partitions). If the full installation from which I made the ISO ever stops working, I can just create a new full installation from the ISO, so that I can tweak the installation and generate a new ISO if I like.
So anyone who's considering getting into Linux, or who's shopping around for a new type of Linux, should give MX-Linux a shot. It's one of the most popular types of Linux for good reason.
Monday, February 7, 2022
Sandisk Ultra Luxe USB-3 FD for Linux installations
Rev 2/26/22 (see Notes)
I finally got around to buying a small metal 64GB USB-3 flash drive from Sandisk (Ultra Luxe) to use for Linux installations, and found that it works very well. The installation-process went extremely quickly (I'd say less than 10 minutes, although I didn't time it), and the resulting installation runs without a hitch and has fast response. Although I can't guarantee that every one is as fast, I'll buy a Sandisk Ultra Luxe the next time I need a flash drive for this purpose.
The Sandisk Ultra-FIT (stubby) is good if you plan on leaving the drive plugged in, because it has a plastic connector-shroud, which I've worn out as a result of plugging and unplugging it frequently. (The bottom of the shroud came off.) However, it still worked even with part of the shroud missing, although caps required tape to keep them in place.
Notes
Rev 2/26/22 - Deleted reference to 64GB Verbatim Metal Executive because it died after using it for a couple of times. So, the disappointing performance which I obtained from it while it was working might not be typical.
Friday, January 28, 2022
A couple of decent desktop backgrounds
Although my sky-snapshots usually end up being disappointing, I couldn't resist taking these, and have found them to be excellent as desktop backgrounds. So, I decided to post the photos and my 16:9 cropped versions, in case anyone else wants to try them.
Click on the image of interest below for the high-res version.
Tuesday, January 25, 2022
Revised APT-Offline A-Z
I revised the introductory sections (up to "> Set-operation details") of APT-offline A-Z, to clarify and otherwise enhance them. I was frankly disgusted that there was still so much bad writing. Naturally it's better, but I've learned to avoid predicting whether it will need more revisions. At least the introductory section, which is the key to putting the rest into perspective, is fairly good at this point.
Wednesday, January 5, 2022
Using a cheap Gigabyte mini-PC as a secure PC
After concluding that there will probably never be an inexpensive Ryzen 3-based mini-PC, I got a Gigabyte Brix GB-BLCE-4105R for about $185 (including 8GB of memory) from Amazon. It has an Intel Celeron J4105 CPU, which has plenty of processing-power for my purposes, and is rated at 10W power consumption, compared to the Ryzen 3 5400U's 15W.
But good luck getting such a good deal now, if you can even get one of these mini-PCs at all, due to the supply-chain crisis and inflation. However, even if this model goes out of production, Gigabyte will probably replace it with something similar.
The Brix is made well, although it's tiny. Just use caution when opening it up, installing or removing whatever, and putting the cover back on. Before opening it, I place a light-colored towel underneath so that if I drop any of its tiny screws, they're easy to see, and they don't bounce and disappear forever.
Because I don't trust software (except validated AES-grade encryption software) to isolate data from the internet [1], I needed to put the OS on a flash drive and to use a wired keyboard/touchpad [2], as part of creating a "secure" PC (my definition, not the NSA's). So, I had to use both USB ports on back for these purposes, but I can connect hubs to the front ports (USB-3 and USB-C), to obtain as many ports as I need. The fact that the GB-BLCE-4105R's case is all metal reduces the likelihood that a bug planted inside the PC could get a signal out, although if you're really paranoid about the Thought Police planting a recording device in it, you could conceal the entire PC, or put it in a tamper-proof lockbox locked with a Master Lock Speed Dial lock when you can't keep an eye on it. I posted my enhanced instructions for the Speed Dial lock here (https://toggwu.blogspot.com/2022/01/enhanced-master-lock-speed-dial-lock.html). If you lock it in a tamper-proof lockbox with an SD lock, nobody would be able to tamper with it without leaving evidence, such as by cutting the lock off with a grinder, and replacing it with a look-alike, in which case the old combination would no longer work. Perhaps you could place a unique pattern on the back of the lock so that any replacement would be obvious, which would probably prevent anyone from substituting another lock. Of course you'd also unplug the presumably tiny OS-flash-drive and conceal it separately. BTW, I've found that Sandisk 64GB USB-3 drives work very well for this purpose, partly because they have a much faster write-speed than even a 32GB version, which makes the process of installing the OS go quickly (appx. 20 minutes).
Multiple PCs can use the same keyboard and monitor with a KVM switch. I messed around with a cheap KM switch (Iogear GCS24U 4-port VGA) for years before finally getting a CKLau-64H2ua, which is listed on Amazon as "CKLau 4Kx2K Ultra HD 4 Port HDMI Cables KVM Switch," and is excellent, although I've found that I have to boot my Zbox BI320 PC up to the point where the password must be entered, before selecting it with the CKLau KM switch, or it won't boot. The CKLau KM switch has ports which allow flash drives to be switched between PCs, which eliminates the need to physically transfer the drives between PCs to use them for transferring data. Naturally, any KM switch used with a secure PC cannot have any wireless capability.
Preferred operating systems for "secure" PCs
I've been running Ubuntu (oo-boon-too) Mate on both of my mini-PCs. UM is a popular no-nonsense, efficient type of Ubuntu Debian Linux (Ubuntu is a type of Debian, which is a type of Linux). I wasn't a big fan of plain Ubunutu's "desktop" (OS-GUI) the last time I tried it, but it might have been changed since then.
I also like Xubuntu (zoo-boon-too), which is very compact and innovative. I had problems using it with my Iogear KM switch (it wouldn't wake up when I switched back to it after using another PC, which prevented me from using Xubuntu), but it works well with the CKLau KM switch. My only other complaint about it was its file manager didn't remember the selected file-arrangement-order (by name, type, etc.) for each directory, but this drawback has been addressed, or soon will be. Its default selection of apps is different than UM's default selection, but I would have to install apps in either case to get everything I want. The software which I install on UM is mentioned later, but on Xubuntu, I install Synaptic Package Manager (a highly functional software manager which isn't dumbed-down, appx. 1.5MB), VLC "video player" (appx. 20MB), Disks a.k.a. Gnome Disk Utility (very handy, especially since its circa-2020 overhaul, for creating encrypted partitions on storage devices, which GParted doesn't do - appx 0.5MB), Eye of Mate a.k.a. EOM image viewer (appx. 2.5MB), which I prefer over Ristretto, Xubuntu's default viewer), Plank (a nifty app-launcher dock, which doesn't require much data to install), and Vnstat (for on-line installations) to keep track of internet data consumption (less than 200kB to install). Xubuntu's Network Monitor widget looks like it would be good for monitoring download-speeds, to avoid inadvertently downloading vast amounts of data which you don't need or want. Xubuntu's text editor lacked built-in spelling-check, but I found a way to add a custom action to the file manager to make it easy to use the Aspell spelling-checker (which Xubuntu includes by default) on text files and posted it here (https://toggwu.blogspot.com/2018/11/performing-spell-check-via-right-click.html).
One advantage of Xubuntu is that, by default, it retains downloaded software modules, which are downloaded into File_System/var/cache/apt/archives as part of the complex, automatic software-installation process, as a precursor to actually installing them. Ubuntu Mate, by default, deletes these modules from the archives directory after installing them, although there is a command which can be found in another entry in this blog (toggwu.blogspot.com), which causes these modules to be retained in the archives directory after they are installed. Retaining these modules allows them to be copied and saved for use in creating copies of the installation, without having to download the modules again. (To copy modules into the archives directory, you have to launch the file manager in superuser mode, such as by entering "sudo caja" in UM or "sudo thunar" in Xubuntu, but if you make a mistake with the file manager in this mode, you could destroy the installation, so be careful and exit it ASAP, by closing the file manager and the terminal.) If you wait too long to reuse them, some of the modules will probably be superseded by newer versions, and the software manager (which would be basing its decisions on a later version of the package/software index) will download the newer revisions if the installation is connected to the internet when the software is being installed.
Kubuntu (koo-boon-tu) is also excellent, and allows you to zoom the entire screen. I use Kubuntu on my "heavy duty" desktop PC which I use for audio and video purposes.
Each of these Ubuntu-derivatives includes a large collection of widgets, which are small programs such as desktop notes, CPU-load monitors (useful for determining when the PC is fully booted, which in the case of of the Brix booting any version of Ubuntu from a typical USB-3 flash drive is very quick), search programs which can search for files by name or text-content, timers, etc.
How to get Ubuntu etc. and install them
(Some of the following is also included in an earlier post.)
All types of Linux come in the form of "ISOs" (.iso-files) which are downloaded from the corresponding official site, and in the form of "live" (bootable) DVDs which are sold online by many sources. An ISO is an essentially tamper-proof archive-file (about 1.5GB in UM's case) which contains the OS, the desktop, and a selection of apps (a particularly useful selection in UM's case). A "live"/bootable DVD is essentially an ISO in the form of a DVD, and various Linux and Windows "burner" apps can create ISOs from live DVDs. PCs in general can be booted directly from a live DVD by simply placing it in the DVD drive and booting the PC. But booting from a DVD is very slow, so bootable/live flash drives are preferred. Live flash drives are created from ISOs by using USB-installer apps (more details below).
Never trust an ISO or live DVD until you've validated it. Live DVDs have to be converted to ISOs (which again is done with various "burner" apps) to validate them. Validating an ISO is a matter of calculating its checksum (preferably its SHA256 checksum, because if the SHA256 checksum is good, the ISO is definitely good), and comparing the result to the reference value on the official website or on Distrowatch (which retains checksums for a few older revisions, in case you can't get the latest release). So, before using an ISO to create an installation, copy it to an ssd/hdd on a powerful PC with an ssd/hdd installation, because calculating Linux-ISO checksums takes a long time on low-powered PCs, and because other required processing must be done on a PC with a full installation on an ssd/hdd. Then use the relevant command to calculate the ISO's check-sum, and compare the result to the corresponding reference value.
Commands to calculate checksums are very simple. For the Windows commands, I recommend an article entitled "How to Check an MD5 (or SHA) Checksum on Windows 10." The Linux command to generate an SHA256 checksum is sha256sum path/filename.iso. With a few simple tricks, you can avoid the aggravation of having to precisely type the file's name or path (its location in the directory-tree, relative to the directory named "file system" in UM) into the command. By right-clicking in the directory where the ISO is stored, and selecting "open terminal here," or "open in terminal," you can avoid having to enter the ISO's path into the command at all. But entering the path is simple - just right-click on the file, select Properties in the menu which appears, copy the "location" from the window which appears, paste it into the command-line with Ctrl-Shift-V, and then add a "/" at the end unless there already is one. To enter the file's name into the command, you can copy it by right-clicking on the file, selecting Rename, then pressing Ctrl-A, then Ctrl-C. If there are any spaces in the path or filename, put quotation marks around the term which contains spaces, or just enclose both the path and filename in a single pair of quotation marks. If you get a bad checksum from an ISO made from a DVD, it might help to clean the DVD, but be careful to avoid damaging it. There are no doubt instructions online.
An ISO can be made into a bootable DVD (such as to mail a copy of the ISO to someone in a secure, bootable form) by using a "burner" program to copy the ISO to a blank DVD "as image" (which copies the contents of the ISO to the DVD), not "as file," because you wouldn't be able to boot directly from the resulting DVD, although it would be doubly secure, like putting an ISO in an ISO. As mentioned previously, ISOs can also be made into bootable flash-drive installations by using a "USB installer" app, which copies the ISO's image to the flash drive in a format which the PC will recognize as a bootable drive. I prefer Rufus for Windows and Etcher for Linux. Neither requires installation, but Etcher can be installed. I've tried to run Etcher on a PC booted from a live flash-drive installation, but it didn't work, so it apparently has to be run on a PC with a full installation, i.e. an unencrypted installation on an ssd/hdd. I don't know why this is, but since you'll probably want a heavy-duty PC for big jobs, you might as well build yourself a custom desktop PC (which is easy these days) to get just what you want and save a boatload of money. Then install UM or Kubuntu on it, and use it for creating ISOs from live DVDs, calculating ISO-checksums, and creating flash drive installations from ISOs. (I use Kubuntu for its screen-zoom capability, and because installing the heavy-duty video-editor known as KDEnlive requires much less data than installing it on UM. However, my installation of KDEnlive developed problems, so I switched to OpenShot, which is relatively simple and comes as an AppImage, meaning that it can be run on any type of Linux without installing it, although I still prefer Kubuntu because it has screen-zoom capability. Openshot apparently can't simply extract clips from videos (which KDEnlive does very quickly and conveniently), but you can use VLC's record-function to copy sections of videos, which is fast enough for short clips. [3]
Booting PCs from flash drives
Modern PCs in general can boot from live flash drives, but you might have to change some "BIOS" settings so that the PC will boot from a flash drive instead of the regular installation. The BIOS menu is typically accessed by pressing and holding the Delete key down, shortly after starting the PC, until the BIOS menu appears. However, some PCs use other keys or combinations, which you can find on the internet. Once you're in the menu, just don't change any settings that you don't understand, and if you mistakenly change a setting and don't remember the original setting, just exit the menu without saving any changes, and then start over. There's typically a boot-order sub-menu, and assuming that you've plugged the live flash drive into the PC, it will appear on the menu. After making the changes, select "save changes and exit," and the PC should boot from the flash drive. Then, to boot from the regular installation, just shut the PC down, unplug the flash drive installation, and reboot.
Encrypted installations
I use an encrypted installation on a 64GB Sandisk Ultra-FIT USB-3 flash drive for my "air-gap" PC. (FIT refers to the fact that drive is stubby and can be left in a USB port without worrying about something hitting the drive and damaging the port.) Although the capacity is overkill, 64GB Ultra-FITS have a much higher write-speed than even 32GB UFs, making the installation-process go much faster. (I would not use an encrypted installation for such things as video processing, due to the amount of CPU-power required for encrypting video.) I suppose that Sandisk USB-3 drives in general have the same performance as FITs. I previously recommended a Kingston Datatraveler 3.0 because the Sandisks runs a bit on the hot side at times, but the installation on the Kingston provided sluggish response, although it's tolerable if nothing better is available. But flash-drive technology continues to evolve, so you might want to experiment.
To create an encrypted flash-drive installation for a particular PC, boot the PC from a live flash drive, then plug the "target" drive (the USB-3 or higher drive to receive the installation) into a USB-3 (or higher) port and launch the installation program. Or, if the target drive doesn't contain a functional operating system, you could plug both drives in at the same time, then start the PC, and then go directly into the installation-process from the boot-menu. (In Xubuntu, watch out for NumLk, which sometimes ends up being turned on at the beginning of installation, because if it's on when you enter the passwords during installation, you might end up entering something besides the intended password.) I recommend selecting the option to install 3rd-party software, in case you'll want to use a USB wifi modem to connect to a hotspot to set up the installation. When you are asked to specify the installation type, select "Erase disk and install Ubuntu Mate," then click the Advanced Features button, and in the window which appears select "Use LVM ..." and "Encrypt ..." and then click on OK.
The installation program also provides an option for erasing the unused portion of the drive (overwriting it with zeroes) when the installation is finished, which eliminates any potential malware and is probably a good idea when performing the first installation on a drive. It takes quite a while, but you wouldn't have to erase the drive again, assuming that you don't give anyone an opportunity to infect it. However, I typically erase the drive before performing the installation, by formatting it and selecting the overwrite-option, because I can do it while working on other stuff. After creating the installation, unplug it and conceal it whenever you're unable to keep an eye on the PC. If you'd rather use an internal SSD, you could disconnect the PC and conceal it when you're out.
Protecting PCs from hackers
To eliminate the possibility of a surreptitious connection to the internet (such as wifi burst-mode), my type of secure PC has no wired or wireless internet connection. I completely remove the wireless module, and avoid using any peripherals with wireless capability. In some PCs, the wireless module is built into the motherboard, which makes these PCs unsuitable to use as secure PCs. To remove the module, first disconnect the tiny RF connectors by using something like long-nose pliers to pull them straight up from the module. Then remove the screw which holds the module in place, unplug the module, replace the screw, and store the module safely. I wrapped it in aluminum foil to protect it from static. After disconnecting the RF connectors, I cover each of them with a piece of tape to prevent it from shorting to anything. To reconnect them, you'll probably need to use a bright light and a magnifying glass.
To prevent the PC from being able to surreptitiously retain data for Big Brother (assuming that he could access it physically), a "secure" PC (by my definition) cannot have any internal storage devices. All data is stored on separate flash drives with EXT4 partitions (including encrypted ones), which compared to FAT partitions have much faster write-speeds on Linux. My storage scheme is described in my earlier post on creating an air-gap PC, so I won't repeat it here. To avoid major hassles when EXT4-formatted flash drives on multiple PCs, I set the permissions on each EXT4 partition so that any PC running Linux can create and delete files. (Right-click on the partition of interest, select Properties, then Permissions, and then set folder-access on owner, group, and others to "create and delete files.") The permission-system on Linux is complex and is the main reason why Linux doesn't need anti-viral software.
One use for "air gap" PCs is to compose and encrypt secure messages, which would then be transferred via flash drive to an online PC, and emailed. When an encrypted message is received, it would be transferred to the secure PC, decrypted and read. That way, the unencrypted versions are never exposed to an unsecure environment. The weak link then becomes the correspondent.
Israeli intelligence, according to some sources, claims to have found ways to spy on air-gap PCs, but these techniques would be used only by intelligence agencies spying on high-value targets, and require physical access to the target-PC. If you follow the precautions mentioned previously, the Thought Police probably won't be able to access your air-gap PC.
Setting up the installation
The installation should be set up before using it, so that you don't need to connect it to the internet after using it and potentially leaving traces of your activity. Installing software on Debian-type Linux PCs is fairly easy if the installation has a fast, direct internet connection, in which case installing apps consists of updating the "local package index" (which is a matter of replacing the installation's internal software index with a new copy of the on-line software index - more details below), and then installing software. I don't usually bother to update the OS itself, which typically requires hundreds of MB of data, although once in a blue moon some vulnerability is found and I update my online PC's package index and perform a security update, which can still require a lot of data. If you can wait for the next release, you could avoid having to perform a security update, because the new release would incorporate all updates up to that point.
The local package index is the installation's internal copy of the user's choice of pre-defined sections of the massive on-line package index. (Most people just need the "main" and "universe"/"community-maintained" sections.) The online package index is updated daily to reflect revisions to the gigabytes of software in the corresponding online software repository, the latest version of which is copied to servers around the world nightly. So, the local package index is technically outdated the next day, and doesn't reflect the state of the repository. (You can't use the online index directly, mainly due to security concerns.) However, I was able to use a local package index from April of 2020 to download some modules in November of 2021, and when I installed them, they worked. But this approach requires the downloaded modules to be manually validated, and to be installed one at a time in the right order (since some depend on others, and can't be installed until the ones they depend on have been installed - but at least the installer would indicate what needs to be installed first, and it would be one of the modules in the group which you had downloaded). But when only about five modules are required, this isn't very difficult, and in some cases this approach is necessary.
One way to update the package index is to get online, use the Software & Updates app to select the desired sections (I use just the Main and Universe sections), and to select various update options. Then hit Close, and in the window which appears, hit Reload, and the update should proceed. The update requires about 10 MB of compressed data, depending on which sections you need, so hopefully your connection is fast.
After performing the update, you would install any software which you might want. UM comes with almost everything I need, but I always install Synaptic Package Manager (a no-nonsense software manager), GIMP (a powerful image editor), dclock (a large on-screen digital clock, timer, and alarm, although the dclock module by itself is sufficient for just a clock, and I keep a copy and install it by simply clicking on it, etc.), and perhaps Catfish file search, which can search for files by name or by text-content, although I've discovered a widget that does the same thing, and use it instead. (Xubuntu 20.04 includes GIMP and Catfish by default, and its clock has an LCD mode which eliminates the need for dclock.) If you enter the command "sudo apt install synaptic" (without the quotation marks), and then your password, Synaptic Package Manager will be installed and you can use it to install everything else. Or you could use the terminal to install everything, using "sudo apt install synaptic gimp catfish dclock" (without the quotation marks). If you need to get online to install more after using the installation, and you want to ensure that Big Brother won't see any of your data, you would have to delete it all, including all data in the .cache/thumbnails folder (go to Home, press Ctrl-H to show hidden files, and .cache will appear), update the package index, and install the extra software. Or, if you're paranoid, you could create a new installation from scratch, which is no big deal.
Xubuntu's default screensaver settings are too short for my tastes, so I use the Screensaver settings-app to adjust it to something reasonable.
It is possible to make changes to Debian-type installations (which include Ubuntu and its derivatives) without an internet connection, using a unique piece of software known as APT-Offline (for details, see AnAptOfflineBlog.blogspot.com). However, some people would rather do what it takes to get a direct internet connection, such as by taking their PC to a wifi hotspot [4], to avoid having to deal with APT-Offline, although this could be impractical for large, power-hungry PCs, and using APT-Offline is the only truly secure way to make changes to an "air gap" installation which has been used for accessing confidential data. Perhaps the easiest way to become familiar with APT-Offline is to read the introductory sections in the tutorial on AnAptOfflineBlog.blogspot.com, and then to use APT-Offline to perform an update or to install something on an online PC, and refer to the tutorial for details when you need them. I just used it to install Gparted on my online installation, and it was easy even though it had been a long time since I previously used it, and I had to look up a detail which I had forgotten.
The new "containerized" software system known as Snappy can be used without a direct internet connection, as explained in another post on this blog (toggwu.blogspot.com), although some popular software isn't available as Snaps, and Snap versions of apps are typically far larger than Debian versions, although there were obviously compelling reasons for developing the Snappy system.
Notes
Rev 1/10/21 - Rewrote the main text's last two paragraphs, which were previously a single paragraph. In the previous revision, I claimed that APT-Offline's "install"-operation didn't work, but I might have been mistaken because I installed it on my online Ubuntu Mate installation just before making this revision, and used it to install Gparted on that installation, and APT-Offline indicated that an error had occurred. This might have been what previously led me to conclude that it was malfunctioning, although many error messages can be ignored, and APT-Offline proceeded to perform the install-op, and then indicated success (meaning that it had placed the app-packages in File_System/var/cache/apt/archives, where the regular installation-process places files after downloading and validating them, before actually installing them). So, I then performed a regular installation-process to actually install Gparted, and it worked.
[1] "During the interview, Snowden discussed his motivations for releasing the documents to journalists, explaining, 'The intelligence capabilities themselves are unregulated, uncontrolled, and dangerous. People at NSA can actually watch internet communications and see our thoughts form as we type. What's more shocking is the dirtiness of the targeting. It's the lack of respect for the public and for the intrusiveness of surveillance.'"
from "Snowden says NSA watches our digital thoughts develop" by Arstechnica
Snowden's in exile, and Congress apparently never investigated his claims, which speaks volumes. There was a time when we could get cheap little netbooks which could be booted with Linux and which didn't have built-in wireless (it could be added with a USB "dongle"), but they're no longer available.
A recent arstechnica.com article entitled "Google warns that NSO (an Israeli company) hacking is on par with elite nation-state spies" is further evidence that software can't be trusted to isolate data from the internet.
[2] I first tried an Adesso AKB-410UB, which has a good layout, but the elastomeric "springs" under the space-key wore out in about a year. So, I got an "E-SDS Waterproof Industrial Machine Keyboard 88 Keys with USB Interface and Touchpad" sold on Amazon for about $65, which has made it past the 1-year mark as of this writing, although it was difficult getting accustomed to the locations for the Delete and Insert keys.
[3] To use VLC to extract a clip from a video, I pause the source-video where I want the clip to start, then click on Record and un-pause the video. When it gets to the end-point, I pause it again and click on Record again to stop the recording-process. There is no risk of accidentally overwriting the source file, since each clip initially has a unique name generated by VLC. For greater precision, I suppose that you could make the clip a little long and trim it with an editor.
In Kubuntu 20.04, the recordings were stored in the Home/<username>/Downloads directory until I changed the destination-directory, as follows (which might vary depending on VLC-version):
Click on Tools, then Preferences, then find Show Settings in the bottom left-hand corner of the Preferences window and select Simple. In the resulting window, select Input/Codecs, and in the resulting window, go to the Files section, click on Browse, and select the destination for the recordings/clips.
[4] For powering a PC at a wifi hotspot, if all else fails, you could use a DC-to-AC inverter plugged into a car's cigarette lighter, or an uninterruptible power supply with sufficient capacity to power the PC long enough to set it up. To shield a monitor from sunlight, you could use a cardboard hood.
Sunday, January 2, 2022
Enhanced Master Lock Speed Dial Lock instructions
This page contains my enhanced instructions for selecting and changing combinations for Master Lock Speed Dial locks, which are the only locks I trust, although they're not perfect and it's a good idea to have spares on hand in case your primary develops a problem. Fortunately, they're not expensive. I recommend becoming familiar with these procedures and using them whenever you think that a lock's combination has been compromised, such as after having been sent over the internet.
=============================
WARNING
If the Speed Dial lock is just "clicked" closed, it might not actually be locked, and it could be opened by just pulling on the shackle with moderate force. So, to lock it, close it firmly, and then try to pull it open to ensure that it is actually locked.
=============================
I. Selecting new combinations
Because the combinations for the Speed Dial lock can supposedly be any length, and they have to be entered in their entirety each time, nobody in their right mind would try to crack the combination, other than perhaps to try all 1,2, and 3-digit combinations. So, if you make your combinations at least 4 digits long, chances are that nobody will crack them. However, I use longer combinations. It helps to think of the lock as a toy, and changing combinations as a game. But when you lose, the lock is useless as a lock, so it's a good idea to make a video recording of the new combination being programmed into the lock (details below) and to have extra locks on hand.
A) Using phone numbers as combinations
One approach to coming up with combinations and remembering them is to use a phone number or a combination of phone numbers (such as the first three digits of one, and the last four of another) which you will remember or be able to find when you want to open the lock. But if you use this system, don't let anyone know that you're using it. The correspondence between the phone-number digits and lock-"digits" would be as follows:
0-1: Up (12:00)
2-3: Right (3:00)
4-6: Down (6:00)
7-9: Left (9:00)
Note that the phone-number digits are grouped in two groups of two, followed by two groups of three, and that the last number in each of the groups corresponds to the clock-position of the lock-"digit" (well, not exactly - 1 corresponds only to the first digit in 12). This system should be easy to remember. It will skew combinations toward D's and L's because there are more numbers associated with them than U and R in the above table, but it's not as if it's going to make it easy to crack them.
> Using a whiteboard as an aid for entering combinations
You can't be too careful when entering a combination, and writing the combination in its most direct form helps to avoid mistakes. It also helps me to avoid mistakes by saying "up" for U, "down" for D, "left" for L, or "right" for R when entering a combination.
When changing a lock's combination to one based on a phone number, or opening a lock with such a combination, I suggest writing the phone number on a whiteboard, converting it in your head to the corresponding combination, writing it below the phone number, and then double-checking the conversion.
When done changing the combination or opening the lock, erase the whiteboard.
> Make a video recording of the new combination being programmed into the lock
When entering a combination into a Speed Dial lock, my thumb sometimes seems to have a mind of its own. For example, when I intend to enter a "D" (i.e. move the lock's "knob" downward from its center/rest-position), even if I'm looking at a "D" and saying "down" to myself, my thumb sometimes moves up, left, or right. This isn't much of a problem unless I happen to be programming a new combination into the lock at the time. So, it's a good idea to make a video recording (using a camera which has no wireless capability) of the new combination being programmed into the lock, so that if you make a mistake, you can watch the recording to get the combination which was actually entered. To do this, I place the camera on the edge of a counter and hold the lock in front of it. Make a test recording and watch it to be sure you'll have a clear recording if you need it. Once the recording has served its purpose, it should be completely deleted (not just sent to the trash) to prevent anyone else from using it to obtain the combination.
B) Another system for selecting combinations
I use the GRC Ultra High Security Password Generator (an on-line random number generator) as a source of long strings of random hexadecimal numbers, and a hexadecimal-to-base-4 converter found at translatorscafe.com/cafe/EN/units-converter/numbers/4-7/hexadecimal-base-4/ to convert them to base-4 numbers. Then convert the base-4 string to U's, D's, L's, and R's using a text-editor's search/replace function (just don't use the same letter for more than one number), and then select sections from the resulting long string to use as combinations.
Never store a combination on a non-secure PC, unless it is disguised as something else. I suggest keeping a copies on several encrypted flash drives.
II. Procedure for changing Master Lock Speed Dial lock combination
The reason I use the Master Lock Speed Dial lock is that it's the only one I trust because it can't be cracked or picked. Some of them are flaky, and don't always open on the first try even if you enter the right combination. I've had a couple which failed the first time I entered a new combination, so that they couldn't be opened even with the right combination (and I was certain that I was using the combinations which I had programmed into them). SO, AFTER ENTERING A NEW COMBINATION, ALWAYS TRY TO OPEN THE LOCK BEFORE USING IT TO LOCK ANYTHING. It seems that some combinations, at least in the case of 9-"digit" combinations, don't work very well, so when I find a combination that doesn't work well, I change it. In some cases, it might help to hold it in a vertical orientation when opening it, although that's not based on a scientific experiment and could just have been a coincidence. So, when using these locks, the top priority is to be certain that you'll be able to open them after using them to lock something, and the next priority is to be certain that nobody else will be able to open them.
The procedure for changing the combination is as follows:
A) Open the lock as usual.
B) Push the lever on the back of the lock to its upper position. (I use a large nail for this. Be careful to avoid jabbing yourself if you slip. It might be a good idea to wear a leather glove in case you do slip.)
C) Close the lock and press down firmly on the shackle twice to clear the existing combination.
D) Pull the lock open
E) (Before performing this step, read "> Record new combination being programmed into lock" above.) Very carefully enter the new combination. (It might be a good idea to start out with a one-digit combination, and then a two-digit combination, in case you make a mistake and need to open the lock without knowing the combination.) I find that saying "down" for D, "up" for U, "left" for L, and "right" for R as I enter the corresponding digit helps me to avoid making mistakes. If you think you make a mistake, return to step C.
You can correct a mistake until you push the lever on the back of the lock down and close the lock. If you make a mistake, and then push the lever down and close the lock, the lock is useless as a lock, unless you made a video recording of the new combination being programmed into the lock, as recommended above. At least they're not expensive to replace, but if you lock yourself out, you need an SD lock right away, and you don't have a spare, you're out of luck.
F) If you are reasonably certain that you entered the new combination correctly, push the lever on back to its lower position (again, be careful to avoid jabbing yourself), and close the lock firmly.
G) Try to pull the lock open to see if it's really locked. If it opens, close it more firmly and repeat this step.
H) TEST THE NEW COMBINATION BEFORE USING THE LOCK TO LOCK ANYTHING.
I) Don't leave the lock unlocked when unattended, because someone might change the combination.
J) To ensure that two people must be present when the lock is unlocked, each person would program a portion of the combination into the lock without the other person being able to watch. (So, each person would have to enter at least 4 "digits" so that the other person couldn't guess their portion of the combination.) The aforementioned video-recording system could be used in case someone makes a mistake while programming their portion into the lock. If a mistake is made, the recording could be viewed by either person so that the lock could be opened and the process could be repeated. If both people correctly program their portion into the lock, as proven by their combined ability to unlock the lock, the video would not be viewed, and it would be completely deleted (i.e. shift-deleted or sent to the trash, and the trash emptied, or overwritten by a secure-erase program) while both people observe.