- Non-packaged apps
- Packaged apps
- Graphics etc
- Academic necessities
- Developer stuff
- File syncing
- Password manager
- Launching applications
- Desktop could be nicer
- Encryption and identity
- Dual-booting with windows
- Fish shell
- Power management
- Offline documentation
- Virtual machines
- If only I could temporarily disable lock screen
- Mounting that Windows partition on login
- Mounting android devices
- Additional config
- Power management
- Misc useful infrastructure
- Accessing foreign file systems
- Installing and migrating
Ah, Ubuntu! The linux distro that realises that whilst we might tell ourselves we are lured to Linux by its promise of being lean, fast and secure, what really brings the crowds is something with shiny bells, whistles, flashing lights and a whiff of danger.
Ubuntu is a lowest-common-denominator system for Linux HOWTO guides to target because, AFAICT, there is a gigantic amount of crap already pre-installed so odds are your software of choice is already there, or at least the dependencies for it are, so the documentation author can spend the least possible time arsing about with getting all the necessities together. Also, I suspect, the kind of person who is pedantic enough to run Archlinux is intimidating to imagine trying to explain things to.
Using the rather busy Ubuntu default install to run some specialised app often feels like using a circular saw with integrated wiffle bat to crack a nut, though, and I have a vague inking that it’s probably not as secure as I hope because there such is an insane amount of nonsense there interacting in complicated ways that it can’t all be secure. I suppose this is intended welcoming to Windows users who pine for the default adware-and-weird-OEM-broadband-bundle home screen. Or something.
Because of my faint queasiness about all that I am interested in more minimalist approaches to Ubuntu than the mainline rolling mess, such as Elementary, Pop! or possibly even a super sleek hardened OS. But is that my top priority now? No.
So! Wifflebatsaw on!
apt, unless you have a
homebrew is the goods:
apt install linuxbrew-wrapper build-essential linuxbrew
Probably I want all the libraries which are too patent-encumbered to be bundled with my holier-than-me distribution. This means codecs and other content-related apps, e.g.
brew install libsamplerate libsndfile ffmpeg node pandoc
Linuxbrew is how you would install shiny things such as
which would otherwise be hopelessly outdated in a more elderly distro
e.g. Ubuntu 16.04.
It claims to support julia, but AFAICT that doesn’t work.
node.js does, though.
Since I use
fish shell as my default but ubuntu automatically executs the
bash startup script
.profile on login
I ran into the following errors on login, when it tried to run the
fish init in a
bash: set: -g: invalid option set: usage: set [-abefhkmnptuvxBCHP] [-o option-name] [--] [arg ...] bash: set: -g: invalid option ...
This may be related to an intermittently reported bug in homebrew.
The fix is to change the automatically-added line in
.profile to be
eval $(SHELL=bash /bin/brew shellenv)
and to add
eval (/bin/brew shellenv)
Note that this can cause surprising side effects; notably if I install homebrew python (and many homebrew apps need python and will install it for me) I will find my default user python is homebrew python, which breaks certain ubuntu apps that expect my default user python to be system python. I should probably file some bug reports for that for either homebrew or the affected packages; it undesirable. For now I recommend
brew unlink python
If there are problems with installing haskell packages with an error like
gcc-5: error: unrecognized command line option '-no-pie'
brew install gcc@6 HOMEBREW_CC=gcc-6 brew install pandoc
I mean, applications packaged in one of the special pre-rolled formats like
Running apps that don’t come through the intimate Debian packaging, but rather as sandboxed binary thingies, including all their own dependencies. Obviously there are several philosophically different approaches to this idea and they waste a bit of hard disk space and are clunky, but they do allow you access to otherwise painful apps. See packaged apps for details
add-apt-repository ppa:alexlarsson/flatpak # before 18.10 apt install flatpak apt install gnome-software-plugin-flatpak # Integrates into GNOME flatpak remote-add --if-not-exists flathub \ https://flathub.org/repo/flathub.flatpakrepo
sudo snap set system refresh.retain=2
Why would I not use at least a perfunctory firewall?
See DNS servers.
I suppose one should have
May be worth installing a
fancy version from PPA
to ensure version 2.10 or greater which has necessities such as WebP support.
add-apt-repository ppa:otto-kesselgulasch/gimp apt install gimp
Krita is a better image editor in general, but missing some hardcore nerd features
snap install krita
For desktop publishing install Scribus
add-apt-repository ppa:scribus/ppa apt install scribus-ng
Of course I need LaTeX. This comes baked into Ubuntu if I want it, but that version is not flexible or current and wastes disk space. I recommend TinyTex, Yihui Xie’s excellent mini distro for modern workflows.
See also fonts.
There are many in the ubuntu repos these days
apt install fonts-ebgaramond \ fonts-cmu fonts-firacode \ fonts-lmodern fonts-stix fonts-powerline \ fonts-texgyre
apt install r-base r-base-dev apt install libatlas3-base libopenblas-base # optional
I give in, and just run anaconda. It is easy of science stuff. Also, running homebrew python caused me problems.
bash Miniconda3-latest-Linux-x86_64.sh # login/logout here conda config --set auto_activate_base false # don’t be so aggressive conda conda init fish # fish users
conda activate base
The minimal conda base setup for me is just a jupyter host with multikernel support and some basic utils
conda install ipykernel nbstripout
Bonus: then I get pytorch and and other such tricky-GPU-dependency packages without messing about.
conda install pytorch torchvision cudatoolkit=10.1 -c pytorch
See also file sync/backup.
One of these:
apt install rclone brew install rclone
There is a medium-fresh (
version of syncthing in the Ubuntu repository, so one can simply
sudo apt install syncthing
Or, a little fresher, as a snap:
snap install syncthing
If I want an even fresher version I can
choose, for example
linuxbrew.sh or bonus
apt PPAs, or the packaged snap.
All seem AFAICT equivalent.
# Add the release PGP keys: curl -s https://syncthing.net/release-key.txt | sudo apt-key add - # Add the "stable" channel to your APT sources: echo "deb https://apt.syncthing.net/ syncthing stable" | \ sudo tee /etc/apt/sources.list.d/syncthing.list # Update and install syncthing: sudo apt install syncthing
brew install syncthing
Now choose my autostart method. I probably want to do this as a user, not as a system service, because root access is from a different devops era. As such it makes sense to put (assming snap installed syncthing)
as a user startup application.
But wait! Does it report my disk is full when I try to use filesystem monitors? I need to allocate more resources to that.
$ cat /proc/sys/fs/inotify/max_user_watches 8192 $ sudo sh -c 'echo 204800 > /proc/sys/fs/inotify/max_user_watches' $ echo "fs.inotify.max_user_watches=204800" | sudo tee -a /etc/sysctl.conf $ cat /proc/sys/fs/inotify/max_user_watches 204800
A nice browser is necessary, no?
I just use firefox. Google Chromium is also OK. Chrome seems to be getting creepy these days.
If I nonetheless want profile sync or some other features not in plain chromium, askubuntu says:
sudo bash wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | \ apt-key add - echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> \ /etc/apt/sources.list.d/google.list apt install google-chrome-stable
Standard disclaimer: the other features that are not in plain chromium may include Google spyware.
Maybe you would like to sidestep that issue with the possibly-better crypto privacy dotcom buzzword browser Brave?
curl -s https://brave-browser-apt-release.s3.brave.com/brave-core.asc | sudo apt-key add - sudo sh -c 'echo "deb [arch=amd64] https://brave-browser-apt-release.s3.brave.com $(lsb_release -sc) main" >> /etc/apt/sources.list.d/brave.list' sudo apt update && sudo apt install brave-browser
Not all the good editors are packaged by the system. The fashionable ones are installed separately.
Also, a passable CLI editor, neovim:
brew install neovim
Once the right editor is there, set it as default either system wide
update-alternatives —config editor
xdg-mime default code.desktop text/plain
apt install pass
The usual clipboard stuff.
Recent ubuntu is missing the essential utility xclip:
apt install xclip
CopyQ (every desktop) seem most popular and works well.
apt install software-properties-common add-apt-repository ppa:hluk/copyq apt install copyq
It seems to be available as a packaged app too although it was being buggy for me; lots of errors in the notification log.
flatpak install --user --from https://flathub.org/repo/appstream/com.github.hluk.copyq.flatpakref flatpak run com.github.hluk.copyq
The app reveal shortcuts do not work for me in recent ubuntu, but
a workaround is to put the command
copyq toggle into a keyboard shortcut.
Useful: CopyQ Keyboard shortcuts.
Alternatively, Zazu offers a clipboard manager.
These raise security questions, i.e. in CopyQ there is no way of marking passwords on the clipboard as secret unless they come from certain password apps, and that is quite tedious, and presumes you aren’t using a command-line password manager, or a browser plugin.
See also clipboard managers for some in-depth and cross-platform comparison.
How best to emulate 1970s hardware on Ubuntu as modern practice dictates? Hmmm.
Terminator seems to be an acceptable default option for a pure native app without many bells or whistles, or much resource usage either. That said, one really would like a couple of wind chimes and a duck call; after all it is the 21st century.
There are many more options available, but these seemed the smoothest.
Also trackpad buttons. For my Razer Blade there were extra things to do. There are also some tips there about making settings persist.
Kai Koenig reveals that I can have the button assignments different between mouse and keyboard. This is useful for me, since I mouse left-handed and trackpad right-handed, for reasons of avoiding RSI.
This needs the xinput trick
to find the name of my mouse, then
xinput set-button-map "2.4G Mouse" 3 2 1 &&
Making it work generically for all peripherals and not each specific mouse requires fancier footwork.
If I just broke my right touchpad button but am too lazy/cheap/busy to fix it, I can enable simulated right clicks in the universal access menu, which works in most apps. Like most accessibility features, the right click simulation works a lot of the time but some apps clearly have not thought about it and the clicks go weird.
Desktop could be nicer
Ubuntu 17.0 or later: GNOME
Oh wait Unity desktop is over now I need to convert all the classic tweaking to GNOME. See comfy GNOME shell.
Ubuntu before 17.10: Unity
The default OS switcher is configurable
apt install compizconfig-settings-manager compiz-plugins
I simply don’t like the default Unity alt-tab application switcher. It may work for a lot of people, but it just slows me down. For me it’s faster to have a single application switcher that cycles through all open windows, possibly within one desktop, but I’m not sure about that. I am really not compatible with the default unity switcher that groups windows, for example terminals, together so when hitting alt-tab you can’t (in an effective way) switch between terminals. Having a different key combo for that slows my brain down. […] Open compizconfig-settings-manager with alt-F2, type ccsm.
Scroll down to
Ubuntu Unity Plugin. Choose the tab
Switcher. Disable the alt-tab and shift-alt-tab key bindings. (
Key to start the switcherand
Key to switch to the previous window in the Switcher. Click the
Scroll down to the
Window managementsection. Here you can select another switcher. I enable the
Static Application Switcher, resolve any potential conflicts by setting the setting for
Static Application Switcher. Now you can tweak the switcher by clicking on it. I have changed alt-tab and shift-alt-tab to
Next window (All windows)and
Prev window (All windows).
# Only if you want the very fresh version add-apt-repository ppa:freyja-dev/unity-tweak-tool-daily apt install unity-tweak-tool
See also the nifty run-or-raise hack.
Encryption and identity
Encrypting, signing, certifying, swapping keys etc. For when one is worried about some state apparatus or corporate snooping or just gangsters stealing your credit card.
git config --global user.email "email@example.com" git config --global user.name "Dan MacKinlay"
Related: get a good ssh setup.
ssh-keygen -t ed25519 -o -a 100 ssh-keygen -t rsa -b 4096 -o -a 100
apt install debian-keyring ## keys of extra-paranoid nerds add-apt-repository ppa:tails-team/tails-installer apt install tails-installer ## for installing the paranoid tails OS apt install pius signing-party ## citizen identity verification
Onw way of getting cryptomator:
add-apt-repository ppa:sebastian-stenzel/cryptomator apt-get update apt-get install cryptomator
apt install zulucrypt
Or one can download slightly fancier version from the package creator.
Encrypted home folders/disks
See linux fs hacks.
Dual-booting with windows
If Ubuntu 16.04, I either use linuxbrew for an updated shell or use an updated PPA. In 18.04 such is no longer needed.
The former: Add
chsh -s /home/linuxbrew/.linuxbrew/bin/fish
apt-add-repository ppa:fish-shell/release-2 apt install fish chsh -s /usr/bin/fish
From within fish, one should add a user script path
set -gx PATH ~/bin $PATH
apt install tlp add-apt-repository ppa:linuxuprising/apps apt install tlpui
One could put a hibernate button in the shutdown menu if that seemed exciting.
Temperature monitoring and fan maangermen is via lm-sensors.
Zeal is not bad.
add-apt-repository ppa:zeal-developers/ppa apt install zeal
See comfy razer.
virtualbox is passable. These days
libvirt, unless there is some particular machine image that
I need that only runs on virtualbox for some reason. ATM there are none.
Easyish! Fastish! Open! Badly documented!
apt install virt-manager qemu-kvm
Semi-open! Confusing! Circuitous! Opaque! Hard to remove! Well-documented!
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | \ sudo apt-key add - wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | \ sudo apt-key add - sudo add-apt-repository 'https://download.virtualbox.org/virtualbox/debian contrib' sudo apt install virtualbox virtualbox-ext-pack
If only I could temporarily disable lock screen
apt install caffeine
Mounting that Windows partition on login
By default the various disks that I plug in to my machine are visible in the sidebar, but util I click on them they are not actually mounted so I can’t use the files. “Clicking on stuff” is not a satisfactory workflow, especially if you have other scripts which depend on data on my external drive. So fix that.
I believe we need to set the gnome config variable
automount to True.
Apparently this is equivalent to:
gsettings set org.gnome.desktop.media-handling automount true
dconf write /org/gnome/desktop/media-handling/automount true
There is also a gui, which I think is the officially recommended option:
apt install dconf-editor dconf-editor # make changes by clicking on things
e.g. for the server. Install
usbmount. I didn’t try this.
Userspace mounting is not hard but the command is not at all obvious. The virtue of this method is that it works also without root privileges, in principle. However, it also requires logging out and in again to test and frequently fails for me and I don’t know where the error logs go.
udisksctl mount --block-device /dev/disk/by-uuid/[uuid]
Or perhaps it is the slightly easier
/usr/bin/udisks --mount /dev/[sdc1 or something]
except that this one mounts it in the wrong place because otherwise it would be too useful.
But what is the UUID? Find it using blkid
or if you are not root
and apply some deduction.
NB: this could be slightly easier for external disks which have a label. Then it’s something like
udisksctl mount --block-device /dev/disk/by-label/[label]
This works on some of my Ubuntu machines but not others; can’t work out why.
Playing music: as not-quite-good as ever.
Rhythmbox is OK.
For those who wish to do fancy metadata management, perhaps
add-apt-repository ppa:lazka/dumpingplace apt install quodlibet
Also available through flatpak.
add-apt-repository ppa:stebbins/handbrake-releases apt-get install handbrake-gtk handbrake-cli
Fiddly on Linux. See VPN
The default safe chat client is Signal.
Note, be careful about installing this; The more instances of Signal you have, the bigger your attack surface, and Signal Desktop is not secure to be run on a non-encrypted FS.
Their recommended way is this:
curl -s https://updates.signal.org/desktop/apt/keys.asc | sudo apt-key add - echo "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main" \ | sudo tee -a /etc/apt/sources.list.d/signal-xenial.list sudo apt install signal-desktop
This works only intermittently. If I am preapred to additionally trust Ubuntu I can get this more reliably via
snap install signal-desktop
curl --remote-name https://prerelease.keybase.io/keybase_amd64.deb sudo apt install ./keybase_amd64.deb run_keybase
Mounting android devices
I found that some newer/rarer MTPFS devices aren’t supported by 18.04 as filesystems. Should I try another MTPFS entirely, such as go-mtpfs?
Research ongoing for this one.
sudo apt install golang-go sudo apt install libusb1-devel mkdir /tmp/go export GOPATH=/tmp/go go get github.com/hanwen/go-mtpfs mkdir xoom go-mtpfs xoom & cp -a ~/Music/Some-Album xoom/Music/ fusermount -u xoom
Ubuntu journald can get very big
because there is no limit per default
Manual cleanup right now:
sudo journalctl --rotate sudo journalctl --vacuum-time=2d
Booting and kernels
grub customizer customizes the GRUB2 boot menus without typos, if ones trust this developer to manage the boot setup.
sudo add-apt-repository ppa:danielrichter2007/grub-customizer # Optional on 19.10 sudo apt install grub-customizer
sudo add-apt-repository ppa:teejee2008/ppa sudo apt install ukuu
The arch guide explains the terminology. The TLP debugging guide and FAQ are also useful. Suspend is what I would normally call sleep where the computer just goes quiet and keeps the RAM powered up. Hibernate is when it suspends the whole state of the machine to RAM.
Script on wake
Running scripts on resume is an essential survival tool on my laptop.
gnome or some other bit of boring infrastructure flips the scrollwheel direction and remaps your keyboard every time the laptop sleeps? You are not alone. This is common, and has been annoying people since at least 2012.
Solution: work out a command that puts the system in the state you want, then run it upon resuming from suspend. This should be easy, but i find it annoyingly tricky because it changed at some point (2015 in ubuntu?) and so you get various scripts on the online forums which have aged badly.
Let’s say we want to fix the trackpad every time the laptop wakes. (**which is not needed since 19.04 AFAICT).
/usr/lib/pm-utils/sleep.d I believe are no longer current.
Or I can supposedly
create a system service, which seems like a lot of effort for a temporary hack.
What I believe I shoudl be creating is a a resume hook
Immediately before entering system suspend and/or hibernation
systemd-suspend.service(and the other mentioned units, respectively) will run all executables in
/usr/lib/systemd/system-sleep/and pass two arguments to them. The first argument will be
"pre", the second either
"suspend-then-hibernate"depending on the chosen action. Immediately after leaving system suspend and/or hibernation the same executables are run, but the first argument is now
"post". All executables in this directory are executed in parallel, and execution of the action is not continued until all executables have finished.
Note that scripts or binaries dropped in
/usr/lib/systemd/system-sleep/are intended for local use only and should be considered hacks. If applications want to react to system suspend/hibernation and resume, they should rather use the Inhibitor interface.
This resume hook looks simple enough.
Here is the
/lib/systemd/system-sleep/fixthings hook script to set up my scrolling.
#!/bin/sh case $1/$2 in pre/*) echo "Going to $2..." # Place your pre suspend commands here, or `exit 0` # if no pre suspend action required exit 0 ;; post/*) echo "Waking up from $2..." # Place your post suspend (resume) commands here, or `exit 0` # if no post suspend action required sleep 15 # wait for my usb reset script to finish, hopefully xinput set-prop `xinput list --id-only "Bluetooth Mouse M336/M337/M535 Mouse"` 314 1 # logitech natural scroll setxkbmap -option compose:caps #Caps lock is for typing diacritics ;; esac
It must be rendered executable:
sudo chmod +x /lib/systemd/system-sleep/fixthings
Update: that script is no longer sufficient, since the property number changes.
Encrypt on sleep
It is unclear to me whether the default setup is safe for encryption. (i.e. can someone access your laboriously encrypted disk by making sure they steal your computer while it is in sleep mode?) It wasn’t, although various bugs have been closed now so maybe it is fine. Certainly encrypted hibernate is possible. Is it enabled per default on the modern config?
Misc useful infrastructure
sudo apt install synaptic # sometime I want old school debian style package manager sudo apt install curl # so many things depends on this why is it not there?
Accessing foreign file systems
See Linux FS hacks, but, in brief,
sudo apt install exfat-fuse exfat-utils ntfs-3g # interoperability for external drives
Installing and migrating
If you have encrypted and LVM layers on your disk there are a lot of steps to migrate disks. The official magical incantation is quite long, and include some surprising orderings. To reinstall grub there are some standard steps, but for encrypted drives there are some extras to get the boot partition in place.
mount /dev/sdXY /mnt mount --bind /dev /mnt/dev && mount --bind /dev/pts /mnt/dev/pts && mount --bind /proc /mnt/proc && mount --bind /sys /mnt/sys mount /dev/sdX2 /mnt/boot mount /dev/sdX1 /mnt/boot/efi chroot /mnt grub-install /dev/sdX grub-install --recheck /dev/sdX update-grub