The Living Thing / Notebooks :

Comfy Ubuntu

Various bits of setup for a research machine

Usefulness: 🔧 🔧 🔧
Novelty: đź’ˇ
Uncertainty: 🤪
Incompleteness: 🚧

Ah, Ubuntu! The linux distro that realises that whilst your might be lured to Linux by its promise of a fast light secure OS, if you really want to get grumpy developers to come to your platform and bring their users you had better deliver something as bloated and messy as Windows.

Ubuntu is a kind of lowest-common-denominator system for HOWTO guides to target for linux users because, AFAICT, there is a gigantic amount of crap already pre-installed so odds are your software of choice is already installed, or at least the dependencies, so the documentation author can spend the least possible time arsing about. Also the kind of person who is pedantic enouch to run archlinux is terrifying to imagine trying to explain things to.

Using the rather busy Ubuntu default install to run some specialised app often feels like using a circular saw with integrated wiffle bat to crack a nut, though, and I have a vague inking that it’s probably not as secure as I hope because there is just an insane amount of nonsense there so as to seem welcoming to windows users who pine for the default adware-and-weird-OEM-broadband-bundle home screen. Or something.

I am interested in more minimalist approaches to Ubuntu than the mainline rolling mess, such as Elementary, Pop! or possibly even a super sleek hardened OS. But is that my top priority now? No.

So! Wifflebatsaw on!

apt or apt-get?

apt, unless you have a compelling reason.

Non-packaged apps

homebrew is the goods:

apt install linuxbrew-wrapper build-essential
linuxbrew

Probably I want all the libraries which are too patent-encumbered to be bundled with my holier-than-me distribution. This means codecs and other content-related apps, e.g.

brew install libsamplerate libsndfile ffmpeg node pandoc

Linuxbrew is how you would install shiny things such as fish, which would otherwise be hopelessly outdated in a more elderly distro e.g. Ubuntu 16.04. It claims to support julia, but AFAICT that doesn’t work. node.js does, though.

Since I use fish shell as my default but ubuntu automatically executs the bash startup script .profile on login I ran into the following errors on login, when it tried to run the fish init in a bash process

bash: set: -g: invalid option
set: usage: set [-abefhkmnptuvxBCHP] [-o option-name] [--] [arg ...]
bash: set: -g: invalid option
...

This is maybe related to an intermittently reported bug in homebrew.

The fix is to change the automatically-added line in .profile to be

eval $(SHELL=bash /bin/brew shellenv)

and to add

eval (/bin/brew shellenv)

to ~/.config/fish/config.fish.

Packaged apps

I mean, applications packaged in one of the special pre-rolled formats like snap or flatpak or AppImage.

Running apps that don’t come through the intimate Debian packaging, but rather as sandboxed binary thingies, including all their own dependencies. Obviously there are several philosophically different approaches to this idea and they waste a bit of hard disk space and are clunky, but they do allow you access to otherwise painful apps. See packaged apps for details

sudo add-apt-repository ppa:alexlarsson/flatpak  # before 18.10
sudo apt install flatpak
sudo apt install gnome-software-plugin-flatpak  # Integrates into GNOME
flatpak remote-add --if-not-exists flathub \
   https://flathub.org/repo/flathub.flatpakrepo

Networking

Firewall

Why would I not use at least a perfunctory firewall?

sudo ufw enable

DNS

See DNS servers.

Graphics etc

I suppose one should have gimp installed. May be worth installing a fancy version from PPA to ensure version 2.10 or greater which has necessities such as WebP support.

sudo add-apt-repository ppa:otto-kesselgulasch/gimp
sudo apt install gimp

Krita is a better image editor in general, but missing some hardcore nerd features

snap install krita

For desktop publishing install Scribus

sudo add-apt-repository ppa:scribus/ppa
sudo apt install scribus-ng

Acamedic necessities

TeX

Of course I need LaTeX. This comes backed into Ubuntu if I want it, but it is notflexible ro current and wastes disk space. I recommend TinyTex.

Fonts

See also fonts{filename}fonts.md).

There are many in the ubuntu repos these days

sudo apt install fonts-ebgaramond fonts-cmu fonts-firacode fonts-lmoders fonts-stix fonts-powerline

Citations

Zotero of course.

Developer stuff

R

RStudio can be downloaded from its site. R is already in the repository. One might want a fresher version but nothing has made that worth the bother for me yet.

sudo apt install r-base r-base-dev
sudo apt install libatlas3-base libopenblas-base  # optional

Julia

My current favourite numerical software! I download julia as a plain installer package; It’s too rapidly evolving for anything else.

Python

I give in, and just run anaconda. It is easy fo science stuff.

Download e.g. x64 Miniconda, from the download page.

bash Miniconda3-latest-Linux-x86_64.sh
# login/logout here
conda config --set auto_activate_base false # don't be so aggressive conda
conda init fish  # fish users
conda activate base

The minimal conda base setup for me is just a jupyter host with multikernel support and some basic utils

conda install ipykernel nbstripout

Bonus: then I get pytorch and and other such tricky-GPU-dependency packages without messing about.

conda install pytorch torchvision cuda91 -c pytorch

GPU config

See budget GPU configuration.

File syncing

See also file sync/backup.

rclone

One of these:

apt install rclone
brew install rclone

Syncthing

There is a medium-fresh (1.0) version of syncthing in the Ubuntu repository, so one can simply

sudo apt install syncthing

Or, a little fresher, as a snap:

snap install syncthing

If I want an even fresher version I can choose, for example linuxbrew.sh or bonus apt PPAs, or the packaged snap. All seem AFAICT equivalent.

# Add the release PGP keys:
curl -s https://syncthing.net/release-key.txt | sudo apt-key add -
# Add the "stable" channel to your APT sources:
echo "deb https://apt.syncthing.net/ syncthing stable" | \
    sudo tee /etc/apt/sources.list.d/syncthing.list
# Update and install syncthing:
sudo apt install syncthing

or

brew install syncthing

Now choose my autostart method. I probably want to do this as a user, not as a system service, because root access is from a different devops era. As such it makes sense to put (assming snap installed syncthing)

/snap/bin/syncthing

as a user startup application.

But wait! Does it report my disk is full when I try to use filesystem monitors? I need to allocate more resources to that.

$ cat /proc/sys/fs/inotify/max_user_watches
8192
$ sudo sh -c 'echo 204800 > /proc/sys/fs/inotify/max_user_watches'
$ echo "fs.inotify.max_user_watches=204800" | sudo tee -a /etc/sysctl.conf
$ cat /proc/sys/fs/inotify/max_user_watches
204800

Browser

A nice browser is necessary, no?

I just use firefox. Google Chromium is also OK. Chrome seems to be getting creepy these days.

If I nonetheless want profile sync or some other features not in plain chromium, askubuntu says:

sudo bash
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | \
    apt-key add -
echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> \
    /etc/apt/sources.list.d/google.list
apt install google-chrome-stable

Standard disclaimer: the other features that are not in plain chromium may include Google spyware.

Editors

Not all the good editors are packaged by the system. The fashionable ones are installed separately.

Also, a passable CLI editor, neovim:

brew install neovim

Password manager

Obviously password managers are essential. How painful is passwordstore? Because it looks like the best one in terms of supporting everything, albeit clunkily.

sudo apt install pass

Clipboard

The usual clipboard stuff.

Recent ubuntu is missing xclip

sudo apt install xclip

CopyQ (every desktop) seem most popular and works well.

sudo apt install software-properties-common
sudo add-apt-repository ppa:hluk/copyq
sudo apt install copyq

It seems to be available as a packaged app too although it was being buggy for me; lots of errors in the notification log.

flatpak install --user --from https://flathub.org/repo/appstream/com.github.hluk.copyq.flatpakref
flatpak run com.github.hluk.copyq

The app reveal shortcuts do not work for me in recent ubuntu, but a workaround is to put the command copyq toggle into a keyboard shortcut.

Useful: CopyQ Keyboard shortcuts.

Alternatively, Zazu offers a clipboard manager.

These raise security questions, i.e. in CopyQ there is no way of marking passwords on the clipboard as secret unless they come from certain password apps, and that is quite tedious, and presumes you aren’t using a command-line password manager, or a browser plugin.

See also clipboard managers for some in-depth and cross-platform comparison.

Terminal

How bes to emulate 1970s hardware on Ubuntu? Hmmm. They are all a bit shit.

If you are worried that your current terminal doesn’t use enough RAM, you can use hyper which is a javascript app version of terminal. It’s not too bad for one of these web technology desktop apps It has lots of sexy features and graphics, and UX detailwork, to compensate for the hefty RAM usage.

Terminator seems to be an acceptable default option for a pure native app without many frills, or much resource usage, although one would really like a couple of wind chimes and a duck call after all it’s the 21st century!

There are many more half-arsed options available.

Launching applications

One could use a custom [launcher]{filename}launchers.md), e.g. Zazu or do. But the built-in launcher on Gnome is pretty good, so I do not bother.

Mouse

Also trackpad buttons. For my Razer Blade there were extra things to do. There are also some tips there about making settings persist.

Kai Koenig reveals that I can have the button assignments different between mouse and keyboard. This is useful for me, since I mouse left-handed and trackpad right-handed, for reasons of avoiding RSI.

This needs the xinput trick

xinput -list

to find the name of my mouse, then

xinput set-button-map "2.4G Mouse" 3 2 1 &&

Making it work generically for all peripherals requires fancier footwork.

Desktop could be nicer

Ubuntu 17.0 or later: GNOME

Oh wait Unity desktop is over now I need to convert all the classic tweaking to GNOME. See comfy GNOME shell.

Ubuntu before 17.10: Unity

Here are the keyboard shortcuts needed to have a civilised desktop experience.

The default OS switcher is configurable

sudo apt install compizconfig-settings-manager compiz-plugins

I simply don’t like the default Unity alt-tab application switcher. It may work for a lot of people, but it just slows me down. For me it’s faster to have a single application switcher that cycles through all open windows, possibly within one desktop, but I’m not sure about that. I am really not compatible with the default unity switcher that groups windows, for example terminals, together so when hitting alt-tab you can’t (in an effective way) switch between terminals. Having a different key combo for that slows my brain down. […] Open compizconfig-settings-manager with alt-F2, type ccsm.

Scroll down to “Ubuntu Unity Plugin”. Choose the tab “Switcher”. Disable the alt-tab and shift-alt-tab key bindings. (“Key to start the switcher” and “Key to switch to the previous window in the Switcher”. Click the “Back” button.

Scroll down to the “Window management” section. Here you can select another switcher. I enable the “Static Application Switcher”, resolve any potential conflicts by setting the setting for “Static Application Switcher”. Now you can tweak the switcher by clicking on it. I have changed alt-tab and shift-alt-tab to “Next window (All windows)” and “Prev window (All windows)”.

Unity tweak tool does unity-specific tweaks of this kind of nonsense.

# Only if you want the very fresh version
sudo add-apt-repository ppa:freyja-dev/unity-tweak-tool-daily
sudo apt install unity-tweak-tool

See also the nifty run-or-raise hack.

Encryption and identity

Encrypting, signing, certifying, swapping keys etc. For when one is worried about some state apparatus or corporate snooping or just gangsters stealing your credit card.

Configure git:

git config --global user.email "[email protected]"
git config --global user.name "Dan MacKinlay"

Related: get a good ssh setup.

ssh-keygen -t ed25519 -o -a 100
ssh-keygen -t rsa -b 4096 -o -a 100

Verify debian

sudo apt install debian-keyring  ## keys of extra-paranoid nerds
sudo add-apt-repository ppa:tails-team/tails-installer
sudo apt install tails-installer  ## for installing the paranois tails OS
sudo apt install pius signing-party  ## citizen identity verification

Encrypted misc

One should always have the utilities Cryptomator and zulucrypt on hand.

Onw way of getting cryptomator:

sudo add-apt-repository ppa:sebastian-stenzel/cryptomator
sudo apt-get update
sudo apt-get install cryptomator

zulucrypt is

apt install zulucrypt

OR one can download slightly fancier version from the backage creator.

Encrypted home folders/disks

My latest roadbump. 🚧 definitive fix. NB: all of these are a world of pain and stupid edge-cases.

Before 18.04 ecryptfs did home folder encryption. From 18.04 along the system totally changed. The previous one, ecryptfs turned out to be a bag of trouble. It’s not clear to me which of fscrypt, encfs, gocryptfs, luks or veracrypt are better. See encrypting file systems for a run-down. From 19.04 LUKS whole disk encryption is the default option. fscrypt seems not too much trouble. It works OK on the desktop.

Downside: you need to type 2 passwords to log in, the hard drive decrypt key, plus the user key. fscrypt doesn’t have this problem; I can log in and use my keychain to decrypt specific user data.

Encrypting the whole disk is probably better in the sense that it makes it harder to tamper with my computer, but then, if you are tampering with my computer unattended you can probably still mess with me by going for hardware or firmware without substantially greater effort, so this trade-off is not clear-cut. Also, it is not compatible easily with multi-user computers (everyone needs, more or less, to know the same decryption password AFAICT and can see each others files.)

I probably want to go with LUKS because there is less for me to mess up in that the automatic installer configures it for me, and just live with the horrible double-password situation.

NB the ubuntu encrypted FS docs are outdated on this issue at time of writing.

Don’t confuse Windows time/date when dual booting

Windows updates the time not the time zone to stay compatible with MS-DOS. Who knew.

Linux has to bear the compatibility burden on this bit of arse-backwardsery, but the command in that link seems to work more or less. I also needed to kick the hardware clock for consistency.

timedatectl set-local-rtc 1 --adjust-system-clock
hwclock -w --localtime

To revert to sanity:

timedatectl set-local-rtc 0 --adjust-system-clock
hwclock -w --utc

Or, life hack: tell Windows OS that the timezone is in UTC and deal with Windows thinking it is 4am when I am at work. Since I only use Windows for an hour here and there each month it’s much easier. (Not recommended: tell Windows to use UTC via advanced registry settings but still set a non-trivial time-zone.)

Fish shell

If Ubuntu 16.04, I either use linuxbrew for an updated shell or use an updated PPA. In 18.04 such is no longer needed.

The former: Add /home/linuxbrew/.linuxbrew/bin/fish to /etc/shells. Then run

chsh -s /home/linuxbrew/.linuxbrew/bin/fish

The latter:

sudo apt-add-repository ppa:fish-shell/release-2
sudo apt install fish
chsh -s /usr/bin/fish

From within fish, one should add a user script path

set -gx PATH ~/bin $PATH

Power management

TLP and its GUI TLPUI can help tweaking power management for the non-power-management-obsessive.

sudo apt install tlp
sudo add-apt-repository ppa:linuxuprising/apps
sudo apt install tlpui

You can do it more manually if desired, but it gets kinda complicated.

Offline documentation

Zeal is not bad.

sudo add-apt-repository ppa:zeal-developers/ppa
sudo apt install zeal

Razer-specific

See comfy razer.

Typography

Typing non-ASCII characters from a US keyboard how does that work again?

See applied typography.

tl;dr

sudo apt install gnome-tweaks

Then launch Tweaks

  1. Go to Keyboard & Mouse.
  2. Choose something other than disabled for the Compose Key option.

Virtual machines

I want to run virtual machines?? Be aware Ubuntu may have special needs wrt config.

virtualbox is passable. These days I prefer libvirt, unless there is some particular machine image that I need that only runs on virtualbox for some reason. ATM there are none.

libvirt

Easyish! Fastish! Open! BAdly documented!

sudo apt install virt-manager qemu-kvm

Virtualbox

Semi-open! Confusing! Circuitous! Opaque! Hard to remove! Well-documented!

wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -
sudo add-apt-repository 'https://download.virtualbox.org/virtualbox/debian contrib'
sudo apt install virtualbox virtualbox-ext-pack

macOS-style quicklook previews

Gnome Sushi does that very well.

sudo apt install gnome-sushi

If only I could temporarily disable lock screen

Caffeine.

sudo apt install caffeine

Mounting that Windows partition on login

By default the various disks that I plug in to my machine are visible in the sidebar, but util I click on them they are not actually mounted so I can’t use the files. “Clicking on stuff” is not a satisfactory workflow, especially if you have other scripts which depend on data on my external drive. So fix that.

GUI automount

The official option:

sudo apt install dconf-editor
dconf-editor

Now in org.gnome.desktop.media-handling set automount to True.

Apparently this is equivalent to:

gsettings set org.gnome.desktop.media-handling automount true

or

dconf write /org/gnome/desktop/media-handling/automount true

GUIless automount

e.g. for the server. Install usbmount. I didn’t try this.

Manually

Userspace mounting is not hard but the command is not at all obvious. The virtue of this method is that it works also without root privileges, in principle. However, it also requires logging out and in again to test and frequently fails for me and I don’t know where the error logs go.

udisksctl mount --block-device /dev/disk/by-uuid/[uuid]

Or perhaps it is the slightly easier

/usr/bin/udisks --mount /dev/[sdc1 or something]

except that this one mounts it in the wrong place because otherwise it would be too useful.

But what is the UUID? Find it using blkid

sudo blkid

or if you are not root

ls /dev/disk/by-uuid

and apply some deduction.

NB: this could be slightly easier for external disks which have a label. Then it’s something like

udisksctl mount --block-device /dev/disk/by-label/[label]

This works on some of my Ubuntu machines but not others; can’t work out why.

Media

Oh, media.

Playing music

Playing music: as not-quite-good as ever.

The built-in Rhythmbox is OK. For those who wish to do fancy metadata management, perhaps quod libet?

sudo add-apt-repository ppa:lazka/dumpingplace
sudo apt isninstalltall quodlibet

Also available through flatpak.

transcoding

Perhaps Handbrake.

sudo add-apt-repository ppa:stebbins/handbrake-releases
apt-get install handbrake-gtk  handbrake-cli

VPN

Fiddly on Linux. See VPN

Comms

Signal desktop

The default safe chat client is Signal.

Note, be careful about installing this; The more instances of Signal you have, the bigger your attack surface, and Signal Desktop is not secure to be run on a non-encrypted FS.

Their recommended way is this:

curl -s https://updates.signal.org/desktop/apt/keys.asc | sudo apt-key add -
echo "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main" \
 | sudo tee -a /etc/apt/sources.list.d/signal-xenial.list
sudo apt install signal-desktop

This works only intermittently. If I am preapred to additionally trust Ubuntu I can get this more reliably via

snap install signal-desktop

Keybase

as per instructions.

curl --remote-name https://prerelease.keybase.io/keybase_amd64.deb
sudo apt install ./keybase_amd64.deb
run_keybase

Mounting android devices

I found that some newer/rarer MTPFS devices aren’t supported by 18.04 as filesystems. Should I try another MTPFS entirely, such as go-mtpfs?

Research ongoing for this one.

sudo apt install golang-go
sudo apt install libusb1-devel
mkdir /tmp/go
export GOPATH=/tmp/go
go get github.com/hanwen/go-mtpfs
mkdir xoom
go-mtpfs xoom &
cp -a ~/Music/Some-Album xoom/Music/
fusermount -u xoom

Additional config

journald

Ubuntu journald can get very big because there is no limit per default /etc/systemd/journald.conf:

SystemMaxUse=100M

Manual cleanup right now:

sudo journalctl --rotate
sudo journalctl --vacuum-time=2d

Booting and kernels

grub customizer customizes the GRUB2 boot menus without typos, if ones trust this developer to manage the boot setup.

sudo add-apt-repository ppa:danielrichter2007/grub-customizer # Optional on 19.10
sudo apt install grub-customizer

There is a version manager specifically for linux kernels (HT Abishek Prakash.) It is called UKUU.

sudo add-apt-repository ppa:teejee2008/ppa
sudo apt install ukuu

Misc useful infrastructure

We want various things such as ExFAT support.

sudo apt install synaptic  # sometime I want old school debian style
sudo apt install curl  # everything depends on this why is it not there?
sudo apt install imagemagick
sudo apt install exfat-fuse exfat-utils # interoperability for external drives