Revisiting Ubuntu: new install + annoyances

I recently had to play a bit with a new installation of Ubuntu and again, old unnerving ghosts came back to haunt me. Since these ghosts have a habit of tormenting indiscriminately, I am sharing my solutions with you.

Welcome! We’ll be discussing:

• 1. Removing old kernels in Ubuntu
• 2. Adding USB boot up option
• 3. Changing Default Editor and aliases
• 4. Opera install, update and passwords (wand)
• 5. Solving GPG key update issues
• 6. Mounting network shares & adding network printer
• 7. SomaFM Internet Radio and Kernel Panics
• 8. Wine, Roboform and IE
• 9. Going virtual with VirtualBox
• 10. ReadyBoost for Linux and Swappiness

Having recently upgraded an older laptop from Ubuntu Lucid Lynx 10.04 to Ubuntu Maverick Meerkat 10.10. I don’t remember what I have done back then, but it is safe to assume that I’ve done the following:

• enabled additional repositories in Administration –> Software Sources (universe, restricted, multiverse)
• check daily for updates, install automatically, prompt on normal releases
• installed ubuntu-restricted-extras then removing useless and dangerous Java
• installed ntp support – System –> Administration –> Time and enabled time sync
• set a few locations by right clicking on the time docket, then enabled weather display
• detected and configured monitors and enabled the icon (I use multiple monitors) via System –> Preferences –> Monitors
• enabled nVidia proprietary drivers from System –> Administration –> Drivers (173)

The very first thing that bugged me was a long update (haven't used this install in a while) and among the updates, a kernel. As soon as I rebooted, I was given a new set of updates and with them, a new kernel. So I rebooted again and finally the kernel updates had stopped. Except, of course, now I had 2 kernel images I did not need. Which brings us to the first solution.

1. Removing old kernels in Ubuntu

My first reaction was to simply open Synaptic, search for 2.6.32, click on the "installed" filter, then remove all the the images / headers except for the latest one (linux-headers-2.6.XX-XX, linux-headers-2.6.XX-XX-generic, linux-image-2.6.XX-XX-generic). Then I thought that this is a problem that's been around for quite a while and surely there are alternative / simpler solutions, other than

sudo apt-get remove linux-image-2.6.XX-XX-generic

(or purge instead of remove).

One command recommended by arw (1) is

sudo aptitude purge ~ilinux-image-.*\(\!`uname -r`\)

There seems to be an extra "i" in front of linux, perhaps added to weed out copy & pasters..
Yet another quick fix is

sudo apt-get autoremove

This should supposedly remove all orphaned packages from previous installations as well (2).

It turns out that users have been demanding this change since 2008 (3), but the kernel team thinks that We cannot remove old kernels because we have no idea which kernels are the one(s) that the user needs or doesn't need (4). So they added an application in the System -> Administration menu, Computer janitor. In my testing, I found it quite annoying, as it offered to remove old apps about 5 times, after each removal finding something new to bitch about.

Computer Janitor

If you find that the Grub does not reflect the deletions, do sudo update-grub though I've never run into this problem as the system takes care of it.

2. Adding USB boot up option

Playing with GRUB may render your system unbootable, so make sure you do this either first or last, after securely having backed up everything and having checked how effective is your recovery strategy.

You may have certain OSs installed on USB drives. Your motherboard may not be able to boot from them, so a little help from GRUB is needed in such occasions. Here’s how to accomplish this (22):

To check if your BIOS is able to detect the USB drive and hand it over to grub, just run grub (from your hard drive if it already installed, or from a grub boot floppy or CD). At the grub menu, hit 'c' to enter command mode. Now search for your USB drive, using the root command to choose a drive/partition and the find command to see if you found the right one. You can go through your devices like in this example:

grub> root (hd0,0)   # first harddrive, first partition
grub> find /[tab]    # type the slash then press [tab], and it will try to list files on this partition
Error 17: Cannot mount selected partition   # Oops no file system here
grub> root (hd0,1)   # first harddrive, second partition
grub> find /[tab]
Possible files are: lost+found var etc media ...   # That was my hard drive with my linux install
grub> root (hd1,0)   # second hard drive usually is the USB drive if you have only one internal drive
grub> find /[tab]
Possible files are: ldlinux.sys mydoc myfile mystick syslinux.cfg  # Bingo, that's the USB stick

Or, if you know that there is a file called e.g. "MYDRIVE" on the drive, just run
grub> find /MYDRIVE

and grub will look through all drives and partitions that it can access. It will list the correct device to use for the root command.

Boot the drive by entering:
chainloader +1
boot

For convenience, add these commands to your grub configuration (usually in /boot/grub/menu.lst):
# to boot from a USB device
title    Boot USB drive
root     (hd1,0)
chainloader +1
boot

Allowing boot from USB is a pretty serious security risk especially if running on a laptop so it makes sense to password-protect that entry. Also, access to your box can easily be gained by booting in single mode. This involves

1. highlighting your linux boot option
2. pressing e,
3. selecting the kernel line on the new screen,
4. pressing e again,
5. adding single at the end of the boot line and optionally init=/bin/bash if your system requires the root password;
6. hit Enter to save
7. press b to boot

You may secure GRUB straight from its prompt or after you logged in. For the latter, you can open a terminal and login as root.

• Type /sbin/grub-md5-crypt and press enter
• Enter the password you chose for GRUB when prompted. This will return an MD5 hash of your password
• Open /boot/grub/grub.conf in your favorite text editor
• Add password --md5 <password-hash> below the timeout in the main section (replace <password-hash> with the hash you got in the previous step)
• To password-protect individual entries add password --md5 <password-hash> after each initrd entry
• Save and exit

The next time you reboot, the GRUB menu will not let you access the editor or command interface without first pressing p followed by the GRUB password. You may find, however, that the above works only with GRUB legacy (23, 24, 25). In the newer version, you must enter

sudo nano /etc/default/grub
sudo grub-mkconfig --output=/boot/grub/grub.cfg

Furthermore,

• To enable basic password protection, the user/administrator must add a superuser (and other users if desired) and password(s) to the /etc/grub.d/00_header file and manually designate which menuentries require a password in the /etc/grub.d/ files.
• The Grub 2 menu can include both password-protected and non-protected entries.
• Once the password feature is enabled the Grub 2 menu will appear as it does normally. When a selection requiring a password is required, the user will be prompted to enter the correct username and password. If entered correctly, the selected menuentry will continue to boot. If incorrect, the user will be returned to the Grub 2 menu.
• If Grub 2 is set up to boot directly to a password-protected menuentry without displaying a menu, the username/password prompt will appear and booting will not occur until they are correctly entered.
• Before rebooting make sure you have added the "superuser" and password to etc/grub.d/00_header and inspect /boot/grub/grub.cfg to ensure you achieved the desired results.

Grub-md5-crypt has become grub-mkpasswd_pbkdf2. The encrypted password entry in /etc/grub.d/00_header will be:

set superusers="drs305"
password_pbkdf2 drs305 <password-hash>

Make sure you remember your passwords or else you’ll be SOL if you ever forget them.

3. Changing Default Editor and aliases

To change the default editor manually, one would have to change the EDITOR global variable and export it. There is however a command that makes it much easier:

$ sudo update-alternatives –-config editor

I prefer nano, but obviously, that’s not the only one. I also set it as “manual” since I don’t like to be prompted to choose it every time. When editing your crontab with crontab –e, you will be presented with the editor of choice.

Since using linux, I learned to also modify my ~/.profile (~/.bashrc works just as well or better) with the following:

EDITOR=nano
export EDITOR

This accomplishes about the same goal as the command above, but it still reduces the chances of having to deal with vi. In bash shell, the above could be replaced by export EDITOR=nano.

To display the defined variables, try printenv or even env. To display the value of a single variable, you might want to either grep the output env or issue printenv TERM or echo $TERM.

I also add the following aliases:

alias ll=’ls –al’
alias install=’sudo apt-get -y install’
alias search=’apt-cache search’
alias purge=’sudo apt-get purge’

4. Opera install, update and passwords (wand)

I need Opera because I keep most of my bookmarks in there. I could propagate the bookmarks to the other browsers using Transmute, but I don’t do that too often. The best way to install Opera is from the official repository. Add the following in System –> Administration –> Software Sources: deb http://deb.opera.com/opera/ stable non-free

Replace /opera/ with /opera-beta/ if you want to get the bleeding edge. Add Opera GPG key so that you get smooth updates with no error messages by typing the following at the prompt:

wget -O - http://deb.opera.com/archive.key | sudo apt-key add -
sudo apt-get update
sudo apt-get install debian-archive-keyring opera

or click Opera in your Linux browser.

Since I had a portable version of Opera on my Windows partition, I wanted to copy my password file to use under Linux. I protected it with a master password, so it was necessary to copy the certificates as well (5). I thus changed directory to the mounted XP partition (which I had to mount as –o ro as it was hibernated) then proceeded with the copy command:

sudo mkdir /mnt/xp
sudo mount –t ntfs-3g –o ro /dev/sda1 /mnt/xp
cd /mnt/xp/…/Opera/profile
cp opcacrt6.dat opcert6.dat opssl6.dat wand.dat urlfilter.ini ~/.opera

Note that your Windows install of Opera may have a different path. You can easily find it by going to Menu –> Help –> About Opera.

Keep in mind the you should never consider passwords saved in browsers as secure. Chrome and Chromium do not even bother protecting them at all. Firefox and Opera allow the user to protect such passwords with a master password, but that protection is not very strong. There are tools to “recover” unprotected passwords for both browsers (6, 7) and even the master password: FireMaster (8) for Firefox wandec (9) for Opera.

5. Solving GPG key update issues

You might find that whenever you run a simple sudo apt-get update you’re slapped with a number of GPG errors, such as:

Reading package lists... Done
W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.opera.com lenny Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F9A2F76A9D1A0061

W: GPG error: http://ppa.launchpad.net jaunty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4FEC45DD06899068

This means that the GPG key on your system has expired and you need to refresh it with a apt-key adv command, e.g.,

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 9D1A0061  06899068  4827A579

Though you could enter the entire string shown after NO_PUBKEY, only the last 8 characters are necessary (10).

If getting The following signatures were invalid: BADSIG ...

# sudo -s -H
# apt-get clean
# rm /var/lib/apt/lists/*
# rm /var/lib/apt/lists/partial/*
# apt-get clean
# apt-get update

(This last solution provided by VirtualBox – 17.)

6. Mounting network shares & adding network printer

Most of the following can be found in the Ubuntu wiki (26). Install smbfs (you need samba only if you plan to share stuff off your box):

sudo apt-get smbfs

The wiki recommends also udating the unmount order to prevent CIFS hanging at shutdown:

sudo update-rc.d -f umountnfs.sh remove
sudo update-rc.d umountnfs.sh stop 15 0 6 .

First, edit your /etc/hosts file and give the Windows machine a name:

192.168.1.2 pootie

Create a directory where the share will appear on your local filesystem.

$ sudo mkdir /mnt/music

Edit /etc/fstab and add a line for the mount. Here "pootie" is the name of the machine and "music" is the name of the share; you are probably using different names on your system, so substitute accordingly.

//pootie/music /mnt/music cifs exec,credentials=/home/user/.smbcredentials 0 0

Create a password file /etc/.cifspw with the login credentials for your Windows account. You can create a file with a different name though.

username=Lgn
password=ImNotGonnaTellYouThat

And secure the file:

$ sudo chown root ~/.smbcredentials
$ sudo chmod 600 /etc/.smbcredentials

Giddyup.

$ sudo mount –a

Since Windows does not always shut down on my laptop (I sometimes hibernate or suspend it to RAM) it’s best to also mount the partition as read-only, by editing fstab.

sudo nano /etc/fstab
/dev/sda1 /mnt/xp ro 0 0

An app that can easily switch between read-only and rw mounts is ntfs-config.

You may also additionally restrict use of the share using either the user GID, which you get with

grep $USERNAME /etc/passwd | cut -d: –f3

..or by creating a Group via "System" -> "Administration" -> "Users and Groups" -> "Manage Groups" -> "Add Group" and making a note of the Group ID.

NB: if servername or sharename has a literal space (i.e. ' '), substitute \040 instead, so that 'server name' becomes 'server\040name'

Add a line at the bottom of your /etc/fstab file that specifies:

//$SERVER/$SHARE $MOUNTPOINT $FS_TYPE credentials=$SMB_CREDENTIALS,uid=$UID,gid=$GID

# e.g.
SERVER=apollo
SHARE=install_files
MOUNTPOINT=/path/to/mnt
FS_TYPE=smbfs
SMB_CREDENTIALS=/path/to/.smbcredentials
UID=1000
GID=1000

cifs, group perms

• FS_TYPE=cifs
• GID=1234 # the newly created group's ID
• don't include uid=$UID

//apollo/install_files /path/to/mnt cifs iocharset=utf8,credentials=/path/to/.smbcredentials,gid=1234 0 0

Note: many directories are set so that only the user can write to the directory and that the group can only read (permissions 755), if this is the case then when it is mounted the group will still not be able to write to the directory regardless of their permission on the share. To give the group write permissions on the mount then use the following.

//apollo/install_files /path/to/mnt cifs iocharset=utf8,credentials=/path/to/.smbcredentials,dir_mode=0775,gid=1234 0 0

Add Network Printer

I have a Brother HL-1435 printer connected to a Print Server. I could add it as a queue (.5/lp3) or a as a SAMBA printer by going to System –> Administration –> Printing. I usually add it as a queue. I then load some used paper for the test, then proceed with the print test. Finally, I set the resolution at 300 dpi and Toner Save at HIGH.

7. SomaFM Internet Radio and Kernel Panics

I like to immerse myself in music when working on the computer. My fav commercial-free radio station is SomaFM (they rely on donations and I do donate though not as often as I should). Rhythmbox, the default audio player in Ubuntu does not have them by default, so they need to be added. Press Ctrl+I or go to Music –> New Internet Station and add the following (copy and paste):

• http://somafm.com/play/groovesalad64
• http://somafm.com/play/secretagent64
• http://somafm.com/play/covers
• http://somafm.com/play/u80s.asx
• http://somafm.com/sonicuniverse.pls
• http://radio3.cbc.ca/nmcradio/webradio.m3u

I’ve also listed CBC radio stations as I live in Toronto – Radio 3 is alternative, followed by Jazz, Classical and Radio One (Variety). If your player supports it, try adding .asx at the end of the Soma FM URLs for better quality for the same bit rate.

VLC has an option to search Internet radio stations and they might be listed there as well; for some reason, they do not appear in Rhythmbox by default.

For the past year or so – ever since Ubuntu switched to a new Audio System – my computer is rather unstable. The simple act of listening to radio while doing something else can result in numerous kernel panic attacks, then freeze, keyboard flashing and reboot. I have recently discovered a script that is supposed to alleviate these issues (27, 28).

8. Wine, Roboform and IE

To install Roboform (where I keep my password), I first installed IES4linux, then I use it to download Roboform and then run it. I could also install Firefox for Windows but I think that IE6 on Linux is way cooler

sudo apt-get update
sudo apt-get install wine cabextract
wget http://www.tatanka.com.br/ies4linux/downloads/ies4linux-latest.tar.gz
tar zxvf ies4linux-latest.tar.gz
cd ies4linux-*
./ies4linux

For Firefox, I could just download the .exe (Firefox for Windows) from mozilla.org and install it under wine, then use that browser to get Roboform and launch it. I pointed it straight to the windows directory under /mnt/xp, which is read-only.

You may also install IE7 or later on Wine from PlayOnLinux.

9. Going virtual with VirtualBox

Some of us feel that some Windows programs just cannot be run under linux, nor does an equivalent exist. Although there is Wine, PlayOnLinux makes installing Windows games a breeze and though WLW does not work there is Blogilo after all, there is a simple way to bring your Windows install to Linux, through virtualization.

The standard remains VMware. However, VMware Server is being phased out with no free alternatives coming out starting January 2010 (13). This makes Virtual Box le roi du jour. If you still want to install VMware Server despite its lack / end of support, consider our previous article (14, 16).

Virtual Box has two free versions: OSE and commercial. OSE is available directly from repositories, whereas to install the commercial version one has to add the repositories first. For the latest version of ubuntu you have to add deb http://download.virtualbox.org/virtualbox/debian maverick non-free to /etc/apt/sources.list. If you add it through Synaptic, you will have to remove the src repo that is automatically added. Enter then the following commands (17):

echo "deb http://download.virtualbox.org/virtualbox/debian maverick non-free #VirtualBox" | sudo tee -a /etc/apt/sources.list
wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -
sudo apt-get update
sudo apt-get install virtualbox-3.2
sudo apt-get install dkms

VirtualBox supports a large number of guest OSs (18) and there are numerous pre-installed images available for download (19, 20).

10. ReadyBoost for Linux and Swappiness

I run linux on some rather old computers. Some don’t have enough RAM and I have no intention to upgrade the hardware. Others may benefit from playing with the swappiness setting. Keep in mind however that these hacks have the potential to decrease performance, so read the theoretical background and thread carefully. Here’s what needs to be done for ReadyBoost:

(Insert USB stick)
sudo umount /dev/sdXY #or whatever your stick is mounted as; I don't think you can shred and reformat a mounted stick
shred -v -n 1 -z /dev/sdXY
sudo mkswap /dev/sdXY
sudo swapon /dev/sdXY

Additionally, one should adjust swappiness according to the hard disk vs RAM mixture of their system (12). It makes a lot of sense to use a 2 GB flash drive for swap with the script below.

A long explanation can be found on ubuntuforums (11). I am not using this hack presently.

If, however, your RAM is plentiful, you might want to consider reducing the swappiness. This is a tricky proposition as there are no universal solutions. You should check to see whether the defaults actually work for you first.

sudo cat /proc/sys/vm/swappiness  #check current swappiness value
sudo sysctl -w vm.swappiness=5  #replace 5 with whatever value you think is good
sudo cat /proc/sys/vm/swappiness  #check again, it should be the new value

If the system performs better with a different swappiness value, make it permanent by appending vm.swappiness=5 to /etc/sysctl.conf. Read the Swap FAQ (15) for more info.

In our next episode, we’ll discuss, among other topics, eyecandy and installing proggies. Until then, be sure to check out the links 29-36 below.

Sources / More info:

1. http://goo.gl/NDria
2. http://goo.gl/hzuCM
3. http://goo.gl/jcwB6
4. http://goo.gl/8xo19
5. http://goo.gl/QnNWT 
6. http://goo.gl/raqpd (zip)
7. http://goo.gl/AFQ6J (zip)
8. http://goo.gl/de287 (zip)
9. http://goo.gl/EBrN9 (zip)
10. http://goo.gl/3kGU3
11. http://goo.gl/BWjxQ
12. http://goo.gl/cFV5j
13. http://goo.gl/3fFXQ
14. http://goo.gl/Q8ftI
15. http://goo.gl/nnLVh
16. http://goo.gl/4eJwQ
17. http://goo.gl/t6EmP
18. http://goo.gl/6hQYt
19. http://goo.gl/vocuf
20. http://goo.gl/cW5ji
21. http://goo.gl/h7nsZ
22. http://goo.gl/JgAwf
23. http://goo.gl/pgvCu
24. http://goo.gl/s8fQV
25. http://goo.gl/krqTk
26. http://goo.gl/3hiXa
27. http://goo.gl/N9Whc
28. http://goo.gl/YOACO 
29. http://goo.gl/0RhJ2
30. http://goo.gl/ou7LR
31. http://goo.gl/8EVbl
32. http://goo.gl/dvyQZ
33. http://goo.gl/PKw7O
34. http://goo.gl/7adq0
35. http://goo.gl/x3aiN

Scripts: [Ubuntu ReadyBoost] [200-lines kernel patch (sp) (en) (yt)]

Consumed Consumer, install, ubuntu, swappiness, boot, bootup, wine, sudo