I recently had to play a bit with a new installation of Ubuntu and again, old unnerving ghosts came back to haunt me. Since these ghosts have a habit of tormenting indiscriminately, I am sharing my solutions with you.
Welcome! We’ll be discussing:
- 1. Removing old kernels in Ubuntu
- 2. Adding USB boot up option
- 3. Changing Default Editor and aliases
- 4. Opera install, update and passwords (wand)
- 5. Solving GPG key update issues
- 6. Mounting network shares & adding network printer
- 7. SomaFM Internet Radio and Kernel Panics
- 8. Wine, Roboform and IE
- 9. Going virtual with VirtualBox
- 10. ReadyBoost for Linux and Swappiness
Having recently upgraded an older laptop from Ubuntu Lucid Lynx 10.04 to Ubuntu Maverick Meerkat 10.10. I don’t remember what I have done back then, but it is safe to assume that I’ve done the following:
- enabled additional repositories in Administration –> Software Sources (universe, restricted, multiverse)
- check daily for updates, install automatically, prompt on normal releases
- installed ubuntu-restricted-extras then removing useless and dangerous Java
- installed ntp support – System –> Administration –> Time and enabled time sync
- set a few locations by right clicking on the time docket, then enabled weather display
- detected and configured monitors and enabled the icon (I use multiple monitors) via System –> Preferences –> Monitors
- enabled nVidia proprietary drivers from System –> Administration –> Drivers (173)
The very first thing that bugged me was a long update (haven't used this install in a while) and among the updates, a kernel. As soon as I rebooted, I was given a new set of updates and with them, a new kernel. So I rebooted again and finally the kernel updates had stopped. Except, of course, now I had 2 kernel images I did not need. Which brings us to the first solution.
My first reaction was to simply open Synaptic, search for 2.6.32, click on the "installed" filter, then remove all the the images / headers except for the latest one (linux-headers-2.6.XX-XX, linux-headers-2.6.XX-XX-generic, linux-image-2.6.XX-XX-generic). Then I thought that this is a problem that's been around for quite a while and surely there are alternative / simpler solutions, other than
sudo apt-get remove linux-image-2.6.XX-XX-generic
(or purge instead of remove).
One command recommended by arw (1) is
sudo aptitude purge ~ilinux-image-.*\(\!`uname -r`\)
There seems to be an extra "i" in front of linux, perhaps added to weed out copy & pasters..
Yet another quick fix is
sudo apt-get autoremove
This should supposedly remove all orphaned packages from previous installations as well (2).
It turns out that users have been demanding this change since 2008 (3), but the kernel team thinks that We cannot remove old kernels because we have no idea which kernels are the one(s) that the user needs or doesn't need (4). So they added an application in the System -> Administration menu, Computer janitor. In my testing, I found it quite annoying, as it offered to remove old apps about 5 times, after each removal finding something new to bitch about.
If you find that the Grub does not reflect the deletions, do sudo update-grub though I've never run into this problem as the system takes care of it.
Playing with GRUB may render your system unbootable, so make sure you do this either first or last, after securely having backed up everything and having checked how effective is your recovery strategy.
You may have certain OSs installed on USB drives. Your motherboard may not be able to boot from them, so a little help from GRUB is needed in such occasions. Here’s how to accomplish this (22):
To check if your BIOS is able to detect the USB drive and hand it over to grub, just run grub (from your hard drive if it already installed, or from a grub boot floppy or CD). At the grub menu, hit 'c' to enter command mode. Now search for your USB drive, using the root command to choose a drive/partition and the find command to see if you found the right one. You can go through your devices like in this example:
grub> root (hd0,0) # first harddrive, first partition
grub> find /[tab] # type the slash then press [tab], and it will try to list files on this partition
Error 17: Cannot mount selected partition # Oops no file system here
grub> root (hd0,1) # first harddrive, second partition
grub> find /[tab]
Possible files are: lost+found var etc media ... # That was my hard drive with my linux install
grub> root (hd1,0) # second hard drive usually is the USB drive if you have only one internal drive
grub> find /[tab]
Possible files are: ldlinux.sys mydoc myfile mystick syslinux.cfg # Bingo, that's the USB stick
Or, if you know that there is a file called e.g. "MYDRIVE" on the drive, just run
grub> find /MYDRIVE
and grub will look through all drives and partitions that it can access. It will list the correct device to use for the root command.
Boot the drive by entering:
For convenience, add these commands to your grub configuration (usually in /boot/grub/menu.lst):
# to boot from a USB device
title Boot USB drive
Allowing boot from USB is a pretty serious security risk especially if running on a laptop so it makes sense to password-protect that entry. Also, access to your box can easily be gained by booting in single mode. This involves
- highlighting your linux boot option
- pressing e,
- selecting the kernel line on the new screen,
- pressing e again,
- adding single at the end of the boot line and optionally init=/bin/bash if your system requires the root password;
- hit Enter to save
- press b to boot
You may secure GRUB straight from its prompt or after you logged in. For the latter, you can open a terminal and login as root.
- Type /sbin/grub-md5-crypt and press enter
- Enter the password you chose for GRUB when prompted. This will return an MD5 hash of your password
- Open /boot/grub/grub.conf in your favorite text editor
- Add password --md5 <password-hash> below the timeout in the main section (replace <password-hash> with the hash you got in the previous step)
- To password-protect individual entries add password --md5 <password-hash> after each initrd entry
- Save and exit
The next time you reboot, the GRUB menu will not let you access the editor or command interface without first pressing p followed by the GRUB password. You may find, however, that the above works only with GRUB legacy (23, 24, 25). In the newer version, you must enter
sudo nano /etc/default/grub
sudo grub-mkconfig --output=/boot/grub/grub.cfg
- To enable basic password protection, the user/administrator must add a superuser (and other users if desired) and password(s) to the /etc/grub.d/00_header file and manually designate which menuentries require a password in the /etc/grub.d/ files.
- The Grub 2 menu can include both password-protected and non-protected entries.
- Once the password feature is enabled the Grub 2 menu will appear as it does normally. When a selection requiring a password is required, the user will be prompted to enter the correct username and password. If entered correctly, the selected menuentry will continue to boot. If incorrect, the user will be returned to the Grub 2 menu.
- If Grub 2 is set up to boot directly to a password-protected menuentry without displaying a menu, the username/password prompt will appear and booting will not occur until they are correctly entered.
- Before rebooting make sure you have added the "superuser" and password to etc/grub.d/00_header and inspect /boot/grub/grub.cfg to ensure you achieved the desired results.
Grub-md5-crypt has become grub-mkpasswd_pbkdf2. The encrypted password entry in /etc/grub.d/00_header will be:
password_pbkdf2 drs305 <password-hash>
Make sure you remember your passwords or else you’ll be SOL if you ever forget them.
To change the default editor manually, one would have to change the EDITOR global variable and export it. There is however a command that makes it much easier:
$ sudo update-alternatives –-config editor
I prefer nano, but obviously, that’s not the only one. I also set it as “manual” since I don’t like to be prompted to choose it every time. When editing your crontab with crontab –e, you will be presented with the editor of choice.
Since using linux, I learned to also modify my ~/.profile (~/.bashrc works just as well or better) with the following:
This accomplishes about the same goal as the command above, but it still reduces the chances of having to deal with vi. In bash shell, the above could be replaced by export EDITOR=nano.
To display the defined variables, try printenv or even env. To display the value of a single variable, you might want to either grep the output env or issue printenv TERM or echo $TERM.
I also add the following aliases:
alias ll=’ls –al’
alias install=’sudo apt-get -y install’
alias search=’apt-cache search’
alias purge=’sudo apt-get purge’
I need Opera because I keep most of my bookmarks in there. I could propagate the bookmarks to the other browsers using Transmute, but I don’t do that too often. The best way to install Opera is from the official repository. Add the following in System –> Administration –> Software Sources: deb http://deb.opera.com/opera/ stable non-free
wget -O - http://deb.opera.com/archive.key | sudo apt-key add -
sudo apt-get update
sudo apt-get install debian-archive-keyring opera
or click Opera in your Linux browser.
Since I had a portable version of Opera on my Windows partition, I wanted to copy my password file to use under Linux. I protected it with a master password, so it was necessary to copy the certificates as well (5). I thus changed directory to the mounted XP partition (which I had to mount as –o ro as it was hibernated) then proceeded with the copy command:
sudo mkdir /mnt/xp
sudo mount –t ntfs-3g –o ro /dev/sda1 /mnt/xp
cp opcacrt6.dat opcert6.dat opssl6.dat wand.dat urlfilter.ini ~/.opera
Note that your Windows install of Opera may have a different path. You can easily find it by going to Menu –> Help –> About Opera.
Keep in mind the you should never consider passwords saved in browsers as secure. Chrome and Chromium do not even bother protecting them at all. Firefox and Opera allow the user to protect such passwords with a master password, but that protection is not very strong. There are tools to “recover” unprotected passwords for both browsers (6, 7) and even the master password: FireMaster (8) for Firefox wandec (9) for Opera.
You might find that whenever you run a simple sudo apt-get update you’re slapped with a number of GPG errors, such as:
This means that the GPG key on your system has expired and you need to refresh it with a apt-key adv command, e.g.,
sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 9D1A0061 06899068 4827A579
Though you could enter the entire string shown after NO_PUBKEY, only the last 8 characters are necessary (10).
If getting The following signatures were invalid: BADSIG ...
# sudo -s -H
# apt-get clean
# rm /var/lib/apt/lists/*
# rm /var/lib/apt/lists/partial/*
# apt-get clean
# apt-get update
(This last solution provided by VirtualBox – 17.)
Most of the following can be found in the Ubuntu wiki (26). Install smbfs (you need samba only if you plan to share stuff off your box):
sudo apt-get smbfs
The wiki recommends also udating the unmount order to prevent CIFS hanging at shutdown:
sudo update-rc.d -f umountnfs.sh remove
sudo update-rc.d umountnfs.sh stop 15 0 6 .
First, edit your /etc/hosts file and give the Windows machine a name:
Create a directory where the share will appear on your local filesystem.
$ sudo mkdir /mnt/music
Edit /etc/fstab and add a line for the mount. Here "pootie" is the name of the machine and "music" is the name of the share; you are probably using different names on your system, so substitute accordingly.
//pootie/music /mnt/music cifs exec,credentials=/home/user/.smbcredentials 0 0
Create a password file /etc/.cifspw with the login credentials for your Windows account. You can create a file with a different name though.
And secure the file:
$ sudo chown root ~/.smbcredentials
$ sudo chmod 600 /etc/.smbcredentials
$ sudo mount –a
Since Windows does not always shut down on my laptop (I sometimes hibernate or suspend it to RAM) it’s best to also mount the partition as read-only, by editing fstab.
sudo nano /etc/fstab
/dev/sda1 /mnt/xp ro 0 0
An app that can easily switch between read-only and rw mounts is ntfs-config.
You may also additionally restrict use of the share using either the user GID, which you get with
grep $USERNAME /etc/passwd | cut -d: –f3
..or by creating a Group via "System" -> "Administration" -> "Users and Groups" -> "Manage Groups" -> "Add Group" and making a note of the Group ID.
NB: if servername or sharename has a literal space (i.e. ' '), substitute \040 instead, so that 'server name' becomes 'server\040name'
Add a line at the bottom of your /etc/fstab file that specifies:
//$SERVER/$SHARE $MOUNTPOINT $FS_TYPE credentials=$SMB_CREDENTIALS,uid=$UID,gid=$GID
# e.g. SERVER=apollo SHARE=install_files MOUNTPOINT=/path/to/mnt FS_TYPE=smbfs SMB_CREDENTIALS=/path/to/.smbcredentials UID=1000 GID=1000
cifs, group perms
- GID=1234 # the newly created group's ID
- don't include uid=$UID
//apollo/install_files /path/to/mnt cifs iocharset=utf8,credentials=/path/to/.smbcredentials,gid=1234 0 0
Note: many directories are set so that only the user can write to the directory and that the group can only read (permissions 755), if this is the case then when it is mounted the group will still not be able to write to the directory regardless of their permission on the share. To give the group write permissions on the mount then use the following.
//apollo/install_files /path/to/mnt cifs iocharset=utf8,credentials=/path/to/.smbcredentials,dir_mode=0775,gid=1234 0 0
Add Network Printer
I have a Brother HL-1435 printer connected to a Print Server. I could add it as a queue (.5/lp3) or a as a SAMBA printer by going to System –> Administration –> Printing. I usually add it as a queue. I then load some used paper for the test, then proceed with the print test. Finally, I set the resolution at 300 dpi and Toner Save at HIGH.
I like to immerse myself in music when working on the computer. My fav commercial-free radio station is SomaFM (they rely on donations and I do donate though not as often as I should). Rhythmbox, the default audio player in Ubuntu does not have them by default, so they need to be added. Press Ctrl+I or go to Music –> New Internet Station and add the following (copy and paste):
I’ve also listed CBC radio stations as I live in Toronto – Radio 3 is alternative, followed by Jazz, Classical and Radio One (Variety). If your player supports it, try adding .asx at the end of the Soma FM URLs for better quality for the same bit rate.
VLC has an option to search Internet radio stations and they might be listed there as well; for some reason, they do not appear in Rhythmbox by default.
For the past year or so – ever since Ubuntu switched to a new Audio System – my computer is rather unstable. The simple act of listening to radio while doing something else can result in numerous kernel panic attacks, then freeze, keyboard flashing and reboot. I have recently discovered a script that is supposed to alleviate these issues (27, 28).
To install Roboform (where I keep my password), I first installed IES4linux, then I use it to download Roboform and then run it. I could also install Firefox for Windows but I think that IE6 on Linux is way cooler
sudo apt-get update
sudo apt-get install wine cabextract
tar zxvf ies4linux-latest.tar.gz
For Firefox, I could just download the .exe (Firefox for Windows) from mozilla.org and install it under wine, then use that browser to get Roboform and launch it. I pointed it straight to the windows directory under /mnt/xp, which is read-only.
You may also install IE7 or later on Wine from PlayOnLinux.
Some of us feel that some Windows programs just cannot be run under linux, nor does an equivalent exist. Although there is Wine, PlayOnLinux makes installing Windows games a breeze and though WLW does not work there is Blogilo after all, there is a simple way to bring your Windows install to Linux, through virtualization.
The standard remains VMware. However, VMware Server is being phased out with no free alternatives coming out starting January 2010 (13). This makes Virtual Box le roi du jour. If you still want to install VMware Server despite its lack / end of support, consider our previous article (14, 16).
Virtual Box has two free versions: OSE and commercial. OSE is available directly from repositories, whereas to install the commercial version one has to add the repositories first. For the latest version of ubuntu you have to add deb http://download.virtualbox.org/virtualbox/debian maverick non-free to /etc/apt/sources.list. If you add it through Synaptic, you will have to remove the src repo that is automatically added. Enter then the following commands (17):
echo "deb http://download.virtualbox.org/virtualbox/debian maverick non-free #VirtualBox" | sudo tee -a /etc/apt/sources.list
wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -
sudo apt-get update
sudo apt-get install virtualbox-3.2
sudo apt-get install dkms
I run linux on some rather old computers. Some don’t have enough RAM and I have no intention to upgrade the hardware. Others may benefit from playing with the swappiness setting. Keep in mind however that these hacks have the potential to decrease performance, so read the theoretical background and thread carefully. Here’s what needs to be done for ReadyBoost:
(Insert USB stick)
sudo umount /dev/sdXY #or whatever your stick is mounted as; I don't think you can shred and reformat a mounted stick
shred -v -n 1 -z /dev/sdXY
sudo mkswap /dev/sdXY
sudo swapon /dev/sdXY
Additionally, one should adjust swappiness according to the hard disk vs RAM mixture of their system (12). It makes a lot of sense to use a 2 GB flash drive for swap with the script below.
A long explanation can be found on ubuntuforums (11). I am not using this hack presently.
If, however, your RAM is plentiful, you might want to consider reducing the swappiness. This is a tricky proposition as there are no universal solutions. You should check to see whether the defaults actually work for you first.
sudo cat /proc/sys/vm/swappiness #check current swappiness value
sudo sysctl -w vm.swappiness=5 #replace 5 with whatever value you think is good
sudo cat /proc/sys/vm/swappiness #check again, it should be the new value
If the system performs better with a different swappiness value, make it permanent by appending vm.swappiness=5 to /etc/sysctl.conf. Read the Swap FAQ (15) for more info.
In our next episode, we’ll discuss, among other topics, eyecandy and installing proggies. Until then, be sure to check out the links 29-36 below.
Sources / More info:
- http://goo.gl/raqpd (zip)
- http://goo.gl/AFQ6J (zip)
- http://goo.gl/de287 (zip)
- http://goo.gl/EBrN9 (zip)