Comfy Ubuntu
Now with added Pop!_OS
October 15, 2014 — January 9, 2023
Ah, Ubuntu! The linux distro that realises that whilst we might tell ourselves we are lured to Linux by the promise of being lean, fast and secure, what really brings the crowds is something with bells, whistles, a V8 engine, flashing lights and a whiff of danger.
Ubuntu is a lowest-common-denominator system for Linux HOWTO guides to target because, AFAICT, there is a gigantic amount of crap pre-installed so odds are your software of choice is already there, or at least the dependencies for it are, so the documentation author can spend the least possible time arsing about with getting the necessities together. Also, I suspect, the kind of person who is exacting enough to run Archlinux or NixOS is intimidating to imagine trying to explain things to.
Using the rather busy Ubuntu default install to run some specialised app often feels like using a circular saw with integrated wiffle bat to crack a nut, though, and I have a vague inking that it’s probably not as secure as I hoped all this crap cannot be secure. I suppose this is intended welcoming to Windows users who pine for the default adware-and-weird-OEM-broadband-bundle home screen. Or something.
Because of my faint queasiness about all that I am interested in more minimalist approaches to Ubuntu than the mainline rolling mess, such as Elementary, Pop! ̲os or possibly even a super sleek hardened OS.
1 Pop!
Pop! ̲os is a pretty good alternative to Ubuntu that shares a lot of infrastructure. You can read two fannish histories of this distro:
It is not the same as Ubuntu, but shares many tools with Ubuntu so sometimes you can cross your fingers and pretend.
I am a fan of this OS. A hundred small Ubuntu annoyances are buffed away. Case study: You can tell what format an app will be installed in, for example, which is necessary since as much as they would like the app packaging to be something that we can ignore, in practice it is an unavoidably intrusive feature of Linux for now, and we need o be able to give informed consent to the various trade-offs in practice. In ubuntu you are left wondering “was that a snap, a flatpak, or a deb or some combination of the three?” and inevitably end up reverse engineering which when something breaks.
Pop!_OS, that is, tries to make things as simple as possible, but no simpler.
Notes:
- wayland is supported (but not yet for NVIDIA)
- Misc community support: Pop!_Planet
2 Basic
3 apt or apt-get?
apt, unless you have a compelling reason.
There was a gui for a while called synaptic, but it seems to have fallen into disrepair.
These days there is a friednlier command-line, Nala.
4 Non-packaged apps: homebrew
homebrew is the goods:
Probably I want all the libraries which are too patent-encumbered to be bundled with my holier-than-me distribution. This means codecs and other content-related apps, e.g.
Linuxbrew is how you would install shiny hipster things s which get their value from new features that came out yesterday and which you like before they are cool. It claims to support julia, but AFAICT that doesn’t work. node.js does, though.
I would typically do
5 Hardening
6 Fish shell
Since I use fish shell as my default but ubuntu automatically executes the bash startup script .profile on login I ran into the following errors on login, when it tried to run the fish init in a bash process
bash: set: -g: invalid option
set: usage: set [-abefhkmnptuvxBCHP] [-o option-name] [--] [arg ...]
bash: set: -g: invalid option
...This may be related to an intermittently reported bug in homebrew.
The fix is to change the automatically-added line in .profile to be
and to add
to ~/.config/fish/config.fish.
Note that this can cause surprising side effects; notably if I install homebrew python (and many homebrew apps need python and will install it for me) I will find my default user python is homebrew python, which breaks certain ubuntu apps that expect my default user python to be system python. I should probably file some bug reports for that for either homebrew or the affected packages; it undesirable. For now I recommend
If there are problems with installing haskell packages with an error like
Setting it as a default shell, now? If brew installed, add /home/linuxbrew/.linuxbrew/bin/fish to /etc/shells. Then run
Otherwise
From within fish, one should add a user script path
7 Packaged apps
I mean, applications packaged in one of the special pre-rolled formats like snap or flatpak or AppImage.
Flatpak is built in to Pop!OS but not stock Ubuntu. For that you need
add-apt-repository ppa:alexlarsson/flatpak # before 18.10
apt install flatpak
apt install gnome-software-plugin-flatpak # Integrates into GNOME
flatpak remote-add --if-not-exists flathub \
https://flathub.org/repo/flathub.flatpakrepoPossibly one also should limit snap’s disk usage which I usually do, although I don’t know if there are downsides.
sudo snap set system refresh.retain=2
``
## Networking
### Firewall
Why would I not use at least a perfunctory [firewall](./firewalls.qmd)?
```bash
ufw enable7.1 DNS
See DNS servers.
8 Graphics etc
I suppose one should have gimp installed. May be worth installing a fancy version from PPA to ensure version 2.10 or greater which has necessities such as WebP support.
OTOH the flatpack distribution of GIMP has a lot more plugins.
flatpak install flathub org.gimp.GIMP
flatpak install flathub org.gimp.GIMP.Plugin.GMic
flatpak install flathub org.gimp.GIMP.Plugin.Fourier
flatpak install flathub org.gimp.GIMP.Plugin.Resynthesizer
flatpak install flathub org.gimp.GIMP.Plugin.LiquidRescale
flatpak install flathub org.gimp.GIMP.Plugin.LensFun
flatpak install flathub org.gimp.GIMP.Plugin.BIMPKrita is a better image editor in from a UX perspective, although missing some hardcore nerd features.
For desktop publishing, Scribus
9 Academic necessities
9.1 TeX
Of course I need LaTeX. This comes baked into Ubuntu if I want it, but that version is not flexible or current and wastes disk space. I recommend TinyTex, Yihui Xie’s excellent mini distro for modern workflows.
9.2 Fonts
See also fonts.
There are many in the ubuntu repos these days
apt install fonts-ebgaramond \
fonts-cmu fonts-firacode \
fonts-lmodern fonts-stix fonts-powerline \
fonts-texgyre \
fonts-notoI cannot see Source Code Pro this way, and resorted to old-skool manual install, based on Roger Pence’s tip:
pushd ~/Downloads
wget https://github.com/adobe-fonts/source-code-pro/releases/download/2.038R-ro%2F1.058R-it%2F1.018R-VAR/OTF-source-code-pro-2.038R-ro-1.058R-it.zip -O sc.zip
if [ ! -d "~/.fonts" ] ; then
mkdir ~/.fonts
fi
unzip sc.zip -d __sc
cp __sc/**.otf ~/.fonts/
rm -rf __sc
rm sc.zip
popd
fc-cache -f -vDepending on the stars and the gods, it might be helpful to tweak rednering settings.
9.3 Citations
10 Developer stuff
10.1 R
RStudio can be downloaded from its site. R is already in the repository.
# Basic essentials
apt install r-base r-base-dev
# Specific packages I use need these extras
apt install libatlas3-base libopenblas-base libv8-dev libfontconfig1-dev libcairo2-dev libprotobuf-dev protobuf-compiler libjq-devOne might want a fresher version.
# update indices
apt update -qq
# install two helper packages we need
apt install --no-install-recommends software-properties-common dirmngr
# import the signing key (by Michael Rutter) for these repo
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E298A3A825C0D65DFD57CBB651716619E084DAB9
# add the R 4.0 repo from CRAN -- adjust 'focal' to 'groovy' or 'bionic' as needed
add-apt-repository "deb https://cloud.r-project.org/bin/linux/ubuntu $(lsb_release -cs)-cran40/"
apt install --no-install-recommends r-base r-base-devAlso available: mega install of lotsa CRAN packages
10.2 Julia
My current favourite numerical software! I download julia as a plain installer package; It’s too rapidly evolving for anything else.
10.3 Python
I give in, and just run anaconda. It is easy of science stuff. Also, running homebrew python caused me problems.
Download e.g. x64 Miniconda, from the download page.
bash Miniconda3-latest-Linux-x86_64.sh
# simulate login/logout here
exec bash -
# don’t be so aggressive conda
conda config --set auto_activate_base false
conda init fish # fish usersThe minimal conda base setup for me is just a jupyter host with multikernel support and some basic utils
Bonus: then I get pytorch and other such tricky-GPU-dependency packages without messing about.
10.4 GPU config
10.5 Git gui
Sublime merge is a handy git GUI.
11 File syncing
See also file sync/backup.
11.1 rclone
One of these:
11.2 Syncthing
There is a medium-fresh version of syncthing in the Ubuntu repository, so one can simply
Or, a little fresher,
If I want an even fresher version choose bonus apt PPAs.
# Add the release PGP keys:
sudo curl -s -o /usr/share/keyrings/syncthing-archive-keyring.gpg https://syncthing.net/release-key.gpg
# Add the "stable" channel to your APT sources:
echo "deb [signed-by=/usr/share/keyrings/syncthing-archive-keyring.gpg] https://apt.syncthing.net/ syncthing stable" | \
sudo tee /etc/apt/sources.list.d/syncthing.list
# Increase preference of Syncthing’s packages ("pinning")
printf "Package: *\nPin: origin apt.syncthing.net\nPin-Priority: 990\n" | sudo tee /etc/apt/preferences.d/syncthing
# Update and install syncthing:
sudo apt-get update
sudo apt install syncthingNow choose my autostart method. I probably want to do this as a user, not as a system service, because root access is from a different devops era. As such it makes sense to put (assuming deb-installed syncthing)
as a user startup application.
But wait! Does it report my disk is full when I try to use filesystem monitors? I need to allocate more resources to that.
12 Multimedia
Some time in 2021-12 the spotify flatpak stopped working for me (I get a blank window). The Spotify for Linux deb packages work fine though:
13 Mail client
For my use case, Thunderbird is the least worst
14 Browser
A nice browser is necessary, no?
I use Firefox. Google Chromium is also OK, or Brave. Chrome seems to be getting creepy these days. If I nonetheless want Chrome for profile sync or some other features not in plain chromium, askubuntu says:
sudo bash
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | \
apt-key add -
echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> \
/etc/apt/sources.list.d/google.list
apt install google-chrome-stableStandard disclaimer: the other features that are not in plain chromium may include Google spyware.
Maybe you would like to sidestep that issue with the possibly-better crypto privacy dotcom buzzword browser Brave?
sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg arch=amd64] https://brave-browser-apt-release.s3.brave.com/ stable main"|sudo tee /etc/apt/sources.list.d/brave-browser-release.list
sudo apt update
sudo apt install brave-browser15 Editors
Not all the good editors are packaged by the system. The fashionable ones are installed separately.
I like vs code
Once the right editor is there, set it as default either system wide
or per-user
16 Password manager
Obviously password managers are essential. passwordstore:
Bitwarden comes as a flatpak.
17 Clipboard
The usual clipboard stuff.
Recent ubuntu is missing the essential utility xclip:
CopyQ (every desktop) seem most popular and works well.
It seems to be available as a packaged app too although it was being buggy for me; lots of errors in the notification log.
flatpak install --user --from https://flathub.org/repo/appstream/com.github.hluk.copyq.flatpakref
flatpak run com.github.hluk.copyqThe app reveal shortcuts do not work for me in recent ubuntu, but a workaround is to put the command copyq toggle into a keyboard shortcut.
Useful: CopyQ Keyboard shortcuts.
Alternatively, Zazu offers a clipboard manager.
See also clipboard managers for some in-depth and cross-platform comparison nand some security warning about these.
18 Terminal
How best to emulate 1970s hardware on Ubuntu as modern practice dictates? Hmmm. I like hyper (deb download of unknown provenance). Terminator seems to be an acceptable default option for a pure native app without many bells or whistles.
19 Launching applications
One could use a custom launcher, e.g. Zazu or do. But the built-in launcher on Gnome at least is pretty good, so I do not bother.
20 Mouse
Also trackpad buttons. For my Razer Blade there were extra things to do. There are also some tips there about making settings persist.
Kai Koenig reveals that I can have the button assignments different between mouse and keyboard. This is useful for me, since I mouse left-handed and trackpad right-handed, for reasons of avoiding RSI.
This needs the xinput trick
to find the name of my mouse, then
Making it work generically for all peripherals and not each specific mouse requires fancier footwork.
If I just broke my right touchpad button but am too lazy/cheap/busy to fix it, I can enable simulated right clicks in the universal access menu, which works in most apps. Like most accessibility features, the right click simulation works frequently but some apps clearly have not thought about it and the clicks go weird.
21 Keyboard
is an ideak xkb mapping for my silly keyboard design. (see also).
22 Desktop could be nicer
22.1 Ubuntu 17.0 or later: GNOME
Oh wait Unity desktop is over now I need to convert all the classic tweaking to GNOME. See comfy GNOME shell.
22.2 Ubuntu before 17.10: Unity
Here are the keyboard shortcuts needed to have a civilised desktop experience.
The default OS switcher is configurable
I simply don’t like the default Unity alt-tab application switcher. It may work for a lot of people, but it just slows me down. For me it’s faster to have a single application switcher that cycles through all open windows, possibly within one desktop, but I’m not sure about that. I am really not compatible with the default unity switcher that groups windows, for example terminals, together so when hitting alt-tab you can’t (in an effective way) switch between terminals. Having a different key combo for that slows my brain down. […] Open compizconfig-settings-manager with alt-F2, type ccsm.
Scroll down to
Ubuntu Unity Plugin. Choose the tabSwitcher. Disable the alt-tab and shift-alt-tab key bindings. (Key to start the switcherandKey to switch to the previous window in the Switcher. Click theBackbutton.Scroll down to the
Window managementsection. Here you can select another switcher. I enable theStatic Application Switcher, resolve any potential conflicts by setting the setting forStatic Application Switcher. Now you can tweak the switcher by clicking on it. I have changed alt-tab and shift-alt-tab toNext window (All windows)andPrev window (All windows).
Unity tweak tool does unity-specific tweaks of this kind of nonsense.
# Only if you want the very fresh version
add-apt-repository ppa:freyja-dev/unity-tweak-tool-daily
apt install unity-tweak-toolSee also the nifty run-or-raise hack.
23 Encryption and identity
Verify debian
apt install debian-keyring ## keys of extra-paranoid nerds
add-apt-repository ppa:tails-team/tails-installer
apt install tails-installer ## for installing the paranoid tails OS
apt install pius signing-party ## citizen identity verificationOne should always have the utilities Cryptomator and zulucrypt on hand.
One way of getting cryptomator:
zulucrypt is
Or one can download slightly fancier version from the package creator.
23.1 Encrypted home folders/disks
See linux fs hacks.
24 Dual-booting with windows
25 Offline documentation
Zeal is not bad.
26 Razer-specific
See comfy razer.
27 Virtual machines
I want to run virtual machines?? Be aware Ubuntu may have special needs wrt config.
virtualbox is passable. These days I prefer libvirt, unless there is some particular machine image that I need that only runs on virtualbox for some reason. ATM there are none.
27.1 libvirt
Easyish! Fastish! Open! Badly documented!
27.2 Virtualbox
Semi-open! Confusing! Circuitous! Opaque! Hard to remove! Well-documented! Has the best UI FWIW!
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | \
sudo apt-key add -
wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | \
sudo apt-key add -
sudo add-apt-repository 'https://download.virtualbox.org/virtualbox/debian contrib'
sudo apt install virtualbox virtualbox-ext-pack28 If only I could temporarily disable lock screen
29 Mounting that Windows partition on login
By default the various disks that I plug in to my machine are visible in the sidebar, but util I click on them they are not actually mounted so I can’t use the files. “Clicking on stuff” is not a satisfactory workflow, especially if you have other scripts which depend on data on my external drive. So fix that.
29.1 GUI automount
I believe we need to set the gnome config variable org.gnome.desktop.media-handling set automount to True.
Apparently this is equivalent to:
or
There is also a gui, which I think is the officially recommended option:
29.2 GUIless automount
e.g. for the server. Install usbmount. I didn’t try this.
29.3 Manually
Userspace mounting is not hard but the command is not at all obvious. The virtue of this method is that it works also without root privileges, in principle. However, it also requires logging out and in again to test and frequently fails for me and I don’t know where the error logs go.
Or perhaps it is the slightly easier
except that this one mounts it in the wrong place because otherwise it would be too useful.
But what is the UUID? Find it using blkid
or if you are not root
and apply some deduction.
NB: this could be slightly easier for external disks which have a label. Then it’s something like
This works on some of my Ubuntu machines but not others; can’t work out why.
30 Media
30.1 Playing music
Playing music: as not-quite-good as ever.
The built-in Rhythmbox is OK. I use Clementine or Strawberry, depending on what compiles this week.
Needed: unfashionable codecs:
30.2 transcoding
Perhaps Handbrake.
31 VPN
Fiddly on Linux. See VPN
32 Comms
32.1 Signal desktop
The default safe chat client is Signal.
Note, be careful about installing this; The more instances of Signal you have, the bigger your attack surface, and Signal Desktop is not secure to be run on a non-encrypted FS.
Their recommended way is this:
curl -s https://updates.signal.org/desktop/apt/keys.asc | sudo apt-key add -
echo "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main" \
| sudo tee -a /etc/apt/sources.list.d/signal-xenial.list
sudo apt install signal-desktopThis works only intermittently. If I am preapred to additionally trust Ubuntu I can get this more reliably via
32.2 Keybase
33 Mounting android devices
I found that some newer/rarer MTPFS devices aren’t supported by 18.04 as filesystems. Should I try another MTPFS entirely, such as go-mtpfs?
Research ongoing for this one.
34 Additional config
34.1 journald
Ubuntu journald can get very big because there is no limit per default /etc/systemd/journald.conf:
Manual cleanup right now:
34.2 Booting and kernels
grub customizer customizes the GRUB2 boot menus without typos, if ones trust this developer to manage the boot setup.
sudo add-apt-repository ppa:danielrichter2007/grub-customizer # Optional on 19.10
sudo apt install grub-customizerThere is a version manager specifically for linux kernels (HT Abishek Prakash.) It is called UKUU.
35 Power management
The arch guide explains the terminology. The TLP debugging guide and FAQ are also useful. Suspend is what I would normally call sleep where the computer just goes quiet and keeps the RAM powered up. Hibernate is when it suspends the whole state of the machine to RAM.
TLP and its GUI TLPUI can help tweaking power management for the non-power-management-obsessive. See also the system76 guide.
apt install tlp tlp-rdw --no-install-recommends
add-apt-repository ppa:linuxuprising/apps
apt install tlpuiYou can do it more manually if desired, but it gets kinda complicated.
One could put a hibernate button in the shutdown menu if that seemed exciting.
Temperature monitoring and fan maangermen is via lm-sensors.
Power monitoring happens by powertop
35.1 Script on wake
Running scripts on resume is an essential survival tool on my laptop.
gnome or some other bit of boring infrastructure flips the scrollwheel direction and remaps your keyboard every time the laptop sleeps? You are not alone. This is common, and has been annoying people since at least 2012.
Solution: work out a command that puts the system in the state you want, then run it upon resuming from suspend. This should be easy, but i find it annoyingly tricky because it changed at some point (2015 in ubuntu?) and so you get various scripts on the online forums which have aged badly.
Let’s say we want to fix the trackpad every time the laptop wakes. (**which is not needed since 19.04 AFAICT).
Answers about /usr/lib/pm-utils/sleep.d I believe are no longer current. Or I can supposedly turn it into system service, which seems like a lot of effort for a temporary hack.
What I believe I should be creating is a a resume hook in /lib/systemd/system-sleep/fixthings.
Immediately before entering system suspend and/or hibernation
systemd-suspend.service(and the other mentioned units, respectively) will run all executables in/usr/lib/systemd/system-sleep/and pass two arguments to them. The first argument will be"pre", the second either"suspend","hibernate","hybrid-sleep", or"suspend-then-hibernate"depending on the chosen action. Immediately after leaving system suspend and/or hibernation the same executables are run, but the first argument is now"post". All executables in this directory are executed in parallel, and execution of the action is not continued until all executables have finished.Note that scripts or binaries dropped in
/usr/lib/systemd/system-sleep/are intended for local use only and should be considered hacks. If applications want to react to system suspend/hibernation and resume, they should rather use the Inhibitor interface.
This resume hook looks simple enough.
Here is the /lib/systemd/system-sleep/fixthings hook script to set up my scrolling.
#!/bin/sh
case $1/$2 in
pre/*)
echo "Going to $2..."
# Place your pre suspend commands here, or `exit 0`
# if no pre suspend action required
exit 0
;;
post/*)
echo "Waking up from $2..."
# Place your post suspend (resume) commands here, or `exit 0`
# if no post suspend action required
sleep 15 # wait for my usb reset script to finish, hopefully
xinput set-prop `xinput list --id-only "Bluetooth Mouse M336/M337/M535 Mouse"` 314 1 # logitech natural scroll
setxkbmap -option compose:caps #Caps lock is for typing diacritics
;;
esacIt must be rendered executable:
Update: that script is no longer sufficient, since the property number changes.
Try this 76 line python script to keep the scrollwheel direction consistent.
35.2 Encrypt on sleep
It is unclear to me whether the default setup is safe for encryption. (i.e. can someone access your laboriously encrypted disk by making sure they steal your computer while it is in sleep mode?) It wasn’t, although various bugs have been closed now so maybe it is fine. Certainly encrypted hibernate is possible. But it does not seem fun and medium-paranoid people seem happy to do without it so maybe I am being too paranoid here.
36 Misc useful infrastructure
37 Accessing foreign file systems
See Linux FS hacks, but, in brief,
38 Installing and migrating
If I have encrypted and LVM layers on your disk, migration is a many-stage process. The official magical incantation is quite long, and include some surprising orderings. To reinstall grub there are some standard steps, but for encrypted drives there are some extras to get the boot partition in place. YMMV.